Similar to all the other posts, AVG was not able to eradicate them.

Thanks in advance for your help!
Josh

DDS output below, Attach.zip.. attached:
-------------------------------------------------------------------
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 10.3.0
Run by Belle at 17:57:37 on 2012-04-09
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1336 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lenovo\Healthcare\HealthCare.exe
C:\Program Files\Lenovo\VeriFaceIII\PManage.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wuauclt.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111363&babsrc=HP_ss&mntrId=e432673600000000000000219743274e
mDefault_Page_URL = hxxp://www.lenovo.com
mURLSearchHooks: H - No File
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - c:\program files\ant.com\ie add-on\download.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - c:\program files\ant.com\ie add-on\anttoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\belle\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA}] c:\windows\test.bat
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Healthcare] c:\program files\lenovo\healthcare\HealthCare.exe /hide
mRun: [VeriFaceManager] c:\program files\lenovo\verifaceiii\PManage.exe
mRun: [SetDefaultSCR] c:\program files\lenovo\lenovo screensaver\SetDefaultSCR.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tisspwiz.lnk - c:\program files\trend micro\internet security\tisspwiz.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\ant.com\ie add-on\download.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\windows\system32\wpclsp.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A783B15E-6FC6-407F-A9B9-EA185603CF5E} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\belle\appdata\roaming\mozilla\firefox\profiles\1af5k6uw.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\belle\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\belle\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\belle\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-9-17 64512]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\ddcdrv.sys [2008-12-24 13680]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R2 AntUpdaterService;Ant Toolbar updater service;c:\program files\ant.com\ie add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\trend micro\okavagent\OKAVAgent.exe [2008-6-4 66824]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DivisCTS;Netdevio;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-3-16 91936]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-2-9 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2012-04-09 21:57:01 -------- d-----w- C:\ERDNT
2012-04-09 20:55:40 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-09 20:15:32 -------- d-----w- c:\program files\STOPzilla!
2012-04-09 20:15:30 -------- d-----w- c:\programdata\STOPzilla!
2012-04-09 20:15:30 -------- d-----w- c:\program files\common files\iS3
2012-04-09 16:41:58 -------- d-----w- c:\users\belle\appdata\roaming\IDM
2012-04-09 16:41:58 -------- d-----w- c:\users\belle\appdata\roaming\DMCache
2012-04-09 16:41:54 -------- d-----w- c:\program files\Internet Download Manager
2012-04-09 15:17:56 -------- d-----w- c:\program files\BabylonToolbar
2012-04-09 15:17:42 -------- d-----w- c:\programdata\Premium
2012-04-09 15:17:27 -------- d-----w- c:\users\belle\appdata\local\Babylon
2012-04-09 15:17:24 -------- d-----w- c:\users\belle\appdata\roaming\Babylon
2012-04-09 15:17:24 -------- d-----w- c:\programdata\Babylon
2012-04-09 15:07:03 -------- d-----w- C:\codec-info
2012-04-09 15:06:58 -------- d-----w- c:\programdata\InstallMate
2012-04-04 17:13:38 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 17:13:26 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 17:13:22 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-02 21:22:19 -------- d-----w- c:\users\belle\.m2
2012-04-02 21:20:55 -------- d-----w- c:\users\belle\.netbeans
2012-04-02 21:11:36 -------- d-----w- c:\program files\NetBeans 7.1.1
2012-04-02 21:05:57 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-02 20:44:13 -------- d-----w- c:\users\belle\.nbi
2012-04-01 08:18:59 -------- d-----w- c:\program files\RealNetworks
2012-03-30 02:20:13 -------- d-----w- c:\users\belle\appdata\roaming\Malwarebytes
2012-03-30 02:20:00 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 02:20:00 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 02:20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-29 20:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-27 20:05:34 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-19 13:12:38 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-19 13:12:38 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-16 11:08:36 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
.
==================== Find3M ====================
.
2012-04-02 21:05:11 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 18:51:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 03:04:54 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-07 03:04:54 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-24 19:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 19:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 18:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 18:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 18:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 18:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 18:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 18:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 18:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 18:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 18:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-01-19 14:22:20 42864 ----a-r- c:\windows\system32\SBBD.EXE
.
============= FINISH: 18:00:17.80 ===============

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.

Double click the aswMBR icon to run it.
Click the Scan button to start scan.
When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan-1.png (http://i1190.photobucket.com/albums/z454/Blottedisk/aswMBRscan.png)
Click the image to enlarge it
----------


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
In Custom Scan/Fixes put the following:

netsvcs
/md5start
consrv.dll
/md5stop
createrestorepoint

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


----------

In your next reply, if you have chosen to attempt cleaning, please post the logs made by aswMBR and OTL. :)

Jeff,
Thank you very much.
I am willing to attempt to fix it first.

First scan log
-----------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 10:35:51
-----------------------------
10:35:51.349 OS Version: Windows 6.0.6001 Service Pack 1
10:35:51.349 Number of processors: 2 586 0xF0D
10:35:51.350 ComputerName: MAEIR_NEW UserName: Belle
10:36:02.500 Initialize success
10:39:44.888 AVAST engine defs: 12041001
11:17:45.593 The log file has been saved successfully to "C:\Users\Belle\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-10 15:48:43
-----------------------------
15:48:43.106 OS Version: Windows 6.0.6001 Service Pack 1
15:48:43.106 Number of processors: 2 586 0xF0D
15:48:43.108 ComputerName: MAEIR_NEW UserName: Belle
15:48:45.012 Initialize success
15:48:57.479 AVAST engine defs: 12041001
15:49:49.413 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:49:49.415 Disk 0 Vendor: ST3320813AS LV11 Size: 305245MB BusType: 3
15:49:49.427 Disk 0 MBR read successfully
15:49:49.430 Disk 0 MBR scan
15:49:49.435 Disk 0 Windows VISTA default MBR code
15:49:49.442 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 286776 MB offset 2048
15:49:49.477 Disk 0 Partition 2 00 12 Compaq diag MSWIN4.1 18465 MB offset 587320335
15:49:49.501 Disk 0 scanning sectors +625137345
15:49:49.644 Disk 0 scanning C:\Windows\system32\drivers
15:50:02.167 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-RT [Trj]
15:50:09.184 Disk 0 trace - called modules:
15:50:09.205 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868acfd0]<<
15:50:09.209 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a29ac8]
15:50:09.214 3 CLASSPNP.SYS[8a5a3745] -> nt!IofCallDriver -> [0x868746e8]
15:50:09.220 \Driver\00001756[0x86873f38] -> IRP_MJ_CREATE -> 0x868acfd0
15:50:11.105 AVAST engine scan C:\Windows
15:50:21.207 AVAST engine scan C:\Windows\system32
15:53:36.952 File: C:\Windows\system32\se44mdfl.dll **INFECTED** Win32:Sirefef-SM [Trj]
15:58:33.420 AVAST engine scan C:\Windows\system32\drivers
15:58:54.476 File: C:\Windows\system32\drivers\netbt.sys **INFECTED** Win32:Sirefef-RT [Trj]
15:59:23.234 AVAST engine scan C:\Users\Belle
16:03:34.704 Disk 0 MBR has been saved successfully to "C:\Users\Belle\Documents\MBR.dat"
16:03:34.713 The log file has been saved successfully to "C:\Users\Belle\Documents\aswMBR.txt"

OTL logfile created on: 4/10/2012 3:28:30 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Belle\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 44.80% Memory free
6.21 Gb Paging File | 3.30 Gb Available in Paging File | 53.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 194.81 Gb Free Space | 69.56% Space Free | Partition Type: NTFS

Computer Name: MAEIR_NEW | User Name: Belle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Belle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Belle\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
PRC - \\.\globalroot\SystemRoot\system32\svchost.exe ()
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
MOD - C:\Windows\System32\SimpleExt.dll ()
MOD - C:\Windows\System32\IcnOvrly.dll ()
MOD - C:\Program Files\Lenovo\VeriFaceIII\Time.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.dll ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Program Files\Lenovo\Healthcare\Health.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ZTEusbser6k) -- %systemroot%\system32\RioS30.dll File not found
SRV - (z525mgmt) -- %systemroot%\system32\sdhelper.dll File not found
SRV - (Xponaut_WBD) -- %systemroot%\system32\lvusbsta.dll File not found
SRV - (wdelmgr20) -- %systemroot%\system32\cccredmgr.dll File not found
SRV - (wceusbsh) -- %systemroot%\system32\PNDIS5.dll File not found
SRV - (w800obex) -- %systemroot%\system32\eamon.dll File not found
SRV - (VX1000) -- %systemroot%\system32\dphost.dll File not found
SRV - (vrservice) -- %systemroot%\system32\PGPdisk.dll File not found
SRV - (vetfddnt) -- %systemroot%\system32\ICAM3NT5.dll File not found
SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- %systemroot%\system32\fsaua.dll File not found
SRV - (UxSms) -- %SystemRoot%\System32\uxsms.dlles\UxSms\Parameters File not found
SRV - (USRpdA) -- %systemroot%\system32\qhwscsvc.dll File not found
SRV - (ups) -- %systemroot%\system32\cccredmgr.dll File not found
SRV - (unlockerdriver5) -- %systemroot%\system32\Mtlstrm.dll File not found
SRV - (UMAXPCLS) -- %systemroot%\system32\npkcusb.dll File not found
SRV - (UBHelper) -- %systemroot%\system32\p3.dll File not found
SRV - (THREADORDER) -- %SystemRoot%\system32\mmcss.dlll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe File not found
SRV - (symmpi) -- %systemroot%\system32\sansaservice.dll File not found
SRV - (SrvcSSIOMngr) -- %systemroot%\system32\btwaudio.dll File not found
SRV - (srescan) -- %systemroot%\system32\tabletservice.dll File not found
SRV - (SndTDriverV32) -- %systemroot%\system32\gagp30kx.dll File not found
SRV - (SiS7018) -- %systemroot%\system32\i8042prt.dll File not found
SRV - (ShellHWDetection) -- %SystemRoot%\System32\shsvcs.dlls\ShellHWDetection\Parameters File not found
SRV - (sfhlp02) -- %systemroot%\system32\idechndr.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\USBCamera.dll File not found
SRV - (ser2plms) -- %systemroot%\system32\s116mdfl.dll File not found
SRV - (SE2Emdfl) -- %systemroot%\system32\avsvcmonitor.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (retrolauncher) -- %systemroot%\system32\AYDrvNT_ALYAC.dll File not found
SRV - (regmanserv) -- %systemroot%\system32\NuidFltr.dll File not found
SRV - (PTDCMdm) -- %systemroot%\system32\ctxcpusched.dll File not found
SRV - (phc600) -- %systemroot%\system32\SaiH040B.dll File not found
SRV - (pelusblf) -- %systemroot%\system32\Wpsnuio.dll File not found
SRV - (patrol_scheduler) -- %systemroot%\system32\mscsptisrv.dll File not found
SRV - (NxSysMon) -- %systemroot%\system32\atkkeyboardservice.dll File not found
SRV - (NWADI) -- %systemroot%\system32\SE2Dmgmt.dll File not found
SRV - (ntrtscan) -- %systemroot%\system32\client32.dll File not found
SRV - (MRESP50a64) -- %systemroot%\system32\RVIEG01.dll File not found
SRV - (MRESP50) -- %systemroot%\system32\savscan.dll File not found
SRV - (mcdbus) -- %systemroot%\system32\pop3d32.dll File not found
SRV - (LVRS) -- %systemroot%\system32\se58mdm.dll File not found
SRV - (lvhidsvc) -- %systemroot%\system32\WinVd32.dll File not found
SRV - (iwebcal) -- %systemroot%\system32\MSMQ.dll File not found
SRV - (ICAM5USB) -- %systemroot%\system32\commserver.dll File not found
SRV - (gtndis5) -- %systemroot%\system32\aspi32.dll File not found
SRV - (GTF32BUS) -- %systemroot%\system32\lvmvdrv.dll File not found
SRV - (GT890x) -- %systemroot%\system32\Intels51.dll File not found
SRV - (FVNETusb) -- %systemroot%\system32\LC7981.dll File not found
SRV - (fsma) -- %systemroot%\system32\T6963C.dll File not found
SRV - (Evian) -- %systemroot%\system32\nim32.dll File not found
SRV - (emu10k1) -- %systemroot%\system32\se59unic.dll File not found
SRV - (EACSys) -- %systemroot%\system32\se58nd5.dll File not found
SRV - (DynDNS_Updater_Service) -- %systemroot%\system32\MSFWHLPR.dll File not found
SRV - (dmusic) -- %systemroot%\system32\PGPwded.dll File not found
SRV - (dladresm) -- %systemroot%\system32\qfcoresvc.dll File not found
SRV - (DivisCTS) -- %systemroot%\system32\mqdmmdfl.dll File not found
SRV - (dashsvc) -- %systemroot%\system32\avg7alrt.dll File not found
SRV - (cypresslink) -- %systemroot%\system32\pdiddcci.dll File not found
SRV - (ctljystk) -- %systemroot%\system32\fips.dll File not found
SRV - (cqmgserv) -- %systemroot%\system32\PdiPorts.dll File not found
SRV - (cqcpu) -- %systemroot%\system32\btserial.dll File not found
SRV - (cdrbsdrv) -- %systemroot%\system32\slave.dll File not found
SRV - (cachemgr) -- %systemroot%\system32\BCM43XV.dll File not found
SRV - (ATIVXSTW) -- %systemroot%\system32\omsad.dll File not found
SRV - (arcltsrv) -- %systemroot%\system32\EACSvrMngr.dll File not found
SRV - (agnwifi) -- %systemroot%\system32\contentfilter.dll File not found
SRV - (a016mdm) -- %systemroot%\system32\ikfilesec.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
SRV - (qserver) -- C:\Windows\System32\se44mdfl.dll (Oak Technology Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (aswMBR) -- C:\Users\Belle\AppData\Local\Temp\aswMBR.sys File not found
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (WinI2C-DDC) -- C:\Windows\System32\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys ()
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111363&babsrc=HP_ss&mntrId=e432673600000000000000219743274e
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{20CB2A00-D282-4C69-B6AF-07FE9F69B835}: "URL" = http://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\{5D395B13-5CD2-4BF8-A77B-D8A043EE7C35}: "URL" = http://search.avg.com/route/?d=4cdf1a31&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{F210D498-6131-45D7-91C7-F82B692C7552}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Belle\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/06 23:05:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 09:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Belle\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]

[2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shuki\AppData\Roaming\Mozilla\Extensions
[2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/04/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions
[2012/03/06 23:45:23 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions\anttoolbar@ant.com
[2012/04/01 11:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/01 11:33:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/06 23:05:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/04/09 12:42:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BELLE\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
() (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
[2012/03/19 09:12:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A783B15E-6FC6-407F-A9B9-EA185603CF5E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\Shell - "" = AutoRun
O33 - MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\Shell\AutoRun\command - "" = D:\SuperLink.exe
O33 - MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\Shell - "" = AutoRun
O33 - MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\Shell\AutoRun\command - "" = D:\SuperLink.exe
O33 - MountPoints2\{96b200c9-8873-11de-ab76-00219743274e}\Shell\AutoRun\command - "" = D:\Installer.exe
O33 - MountPoints2\{96b20386-8873-11de-ab76-00219743274e}\Shell\AutoRun\command - "" = D:\Installer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: wdelmgr20 - %systemroot%\system32\cccredmgr.dll File not found
NetSvcs: cypresslink - %systemroot%\system32\pdiddcci.dll File not found
NetSvcs: serialkeys - %systemroot%\system32\USBCamera.dll File not found
NetSvcs: vetfddnt - %systemroot%\system32\ICAM3NT5.dll File not found
NetSvcs: EACSys - %systemroot%\system32\se58nd5.dll File not found
NetSvcs: fsma - %systemroot%\system32\T6963C.dll File not found
NetSvcs: SiS7018 - %systemroot%\system32\i8042prt.dll File not found
NetSvcs: USRpdA - %systemroot%\system32\qhwscsvc.dll File not found
NetSvcs: GTF32BUS - %systemroot%\system32\lvmvdrv.dll File not found
NetSvcs: a016mdm - %systemroot%\system32\ikfilesec.dll File not found
NetSvcs: VAIOMediaPlatform-MusicServer-HTTP - %systemroot%\system32\fsaua.dll File not found
NetSvcs: iwebcal - %systemroot%\system32\MSMQ.dll File not found
NetSvcs: cqmgserv - %systemroot%\system32\PdiPorts.dll File not found
NetSvcs: retrolauncher - %systemroot%\system32\AYDrvNT_ALYAC.dll File not found
NetSvcs: z525mgmt - %systemroot%\system32\sdhelper.dll File not found
NetSvcs: lvhidsvc - %systemroot%\system32\WinVd32.dll File not found
NetSvcs: pelusblf - %systemroot%\system32\Wpsnuio.dll File not found
NetSvcs: MRESP50 - %systemroot%\system32\savscan.dll File not found
NetSvcs: unlockerdriver5 - %systemroot%\system32\Mtlstrm.dll File not found
NetSvcs: ups - %systemroot%\system32\cccredmgr.dll File not found
NetSvcs: symmpi - %systemroot%\system32\sansaservice.dll File not found
NetSvcs: GT890x - %systemroot%\system32\Intels51.dll File not found
NetSvcs: wceusbsh - %systemroot%\system32\PNDIS5.dll File not found
NetSvcs: agnwifi - %systemroot%\system32\contentfilter.dll File not found
NetSvcs: PTDCMdm - %systemroot%\system32\ctxcpusched.dll File not found
NetSvcs: SrvcSSIOMngr - %systemroot%\system32\btwaudio.dll File not found
NetSvcs: cdrbsdrv - %systemroot%\system32\slave.dll File not found
NetSvcs: w800obex - %systemroot%\system32\eamon.dll File not found
NetSvcs: Xponaut_WBD - %systemroot%\system32\lvusbsta.dll File not found
NetSvcs: sfhlp02 - %systemroot%\system32\idechndr.dll File not found
NetSvcs: ICAM5USB - %systemroot%\system32\commserver.dll File not found
NetSvcs: phc600 - %systemroot%\system32\SaiH040B.dll File not found
NetSvcs: qserver - C:\Windows\System32\se44mdfl.dll (Oak Technology Inc.)
NetSvcs: ntrtscan - %systemroot%\system32\client32.dll File not found
NetSvcs: ATIVXSTW - %systemroot%\system32\omsad.dll File not found
NetSvcs: cqcpu - %systemroot%\system32\btserial.dll File not found
NetSvcs: VX1000 - %systemroot%\system32\dphost.dll File not found
NetSvcs: regmanserv - %systemroot%\system32\NuidFltr.dll File not found
NetSvcs: SE2Emdfl - %systemroot%\system32\avsvcmonitor.dll File not found
NetSvcs: ZTEusbser6k - %systemroot%\system32\RioS30.dll File not found
NetSvcs: UBHelper - %systemroot%\system32\p3.dll File not found
NetSvcs: cachemgr - %systemroot%\system32\BCM43XV.dll File not found
NetSvcs: gtndis5 - %systemroot%\system32\aspi32.dll File not found
NetSvcs: DivisCTS - %systemroot%\system32\mqdmmdfl.dll File not found
NetSvcs: MRESP50a64 - %systemroot%\system32\RVIEG01.dll File not found
NetSvcs: NWADI - %systemroot%\system32\SE2Dmgmt.dll File not found
NetSvcs: dmusic - %systemroot%\system32\PGPwded.dll File not found
NetSvcs: ser2plms - %systemroot%\system32\s116mdfl.dll File not found
NetSvcs: emu10k1 - %systemroot%\system32\se59unic.dll File not found
NetSvcs: dladresm - %systemroot%\system32\qfcoresvc.dll File not found
NetSvcs: patrol_scheduler - %systemroot%\system32\mscsptisrv.dll File not found
NetSvcs: LVRS - %systemroot%\system32\se58mdm.dll File not found
NetSvcs: FVNETusb - %systemroot%\system32\LC7981.dll File not found
NetSvcs: DynDNS_Updater_Service - %systemroot%\system32\MSFWHLPR.dll File not found
NetSvcs: Evian - %systemroot%\system32\nim32.dll File not found
NetSvcs: UMAXPCLS - %systemroot%\system32\npkcusb.dll File not found
NetSvcs: framework - File not found
NetSvcs: srescan - %systemroot%\system32\tabletservice.dll File not found
NetSvcs: mcdbus - %systemroot%\system32\pop3d32.dll File not found
NetSvcs: NxSysMon - %systemroot%\system32\atkkeyboardservice.dll File not found
NetSvcs: vrservice - %systemroot%\system32\PGPdisk.dll File not found
NetSvcs: ctljystk - %systemroot%\system32\fips.dll File not found
NetSvcs: arcltsrv - %systemroot%\system32\EACSvrMngr.dll File not found
NetSvcs: dashsvc - %systemroot%\system32\avg7alrt.dll File not found
NetSvcs: SndTDriverV32 - %systemroot%\system32\gagp30kx.dll File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 15:24:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
[2012/04/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/09 17:55:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
[2012/04/09 16:55:40 | 000,101,112 | R--- | C] (GFI Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/04/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\IDM
[2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\DMCache
[2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 12:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/04/09 12:40:46 | 004,489,152 | ---- | C] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
[2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/04/09 11:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/09 11:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/04/09 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Babylon
[2012/04/09 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Babylon
[2012/04/09 11:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/09 11:07:03 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/09 11:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/04 13:13:38 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/04/04 13:13:26 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/04/04 13:13:22 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/04/02 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\Belle\Documents\NetBeansProjects
[2012/04/02 17:22:19 | 000,000,000 | ---D | C] -- C:\Users\Belle\.m2
[2012/04/02 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Belle\.netbeans
[2012/04/02 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2012/04/02 17:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.1.1
[2012/04/02 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/02 17:05:57 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/04/02 17:05:57 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/02 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\.nbi
[2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/01 04:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/03/29 22:20:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Malwarebytes
[2012/03/29 22:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 22:20:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/29 16:36:48 | 000,072,080 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
[2012/03/16 07:08:36 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/03/15 08:17:39 | 000,000,000 | ---D | C] -- C:\Users\Belle\Desktop\Agile

========== Files - Modified Within 30 Days ==========

[2012/04/10 15:35:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
[2012/04/10 15:33:25 | 000,749,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/10 15:33:25 | 000,159,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/10 15:33:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
[2012/04/10 15:24:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
[2012/04/10 15:20:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 15:20:19 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 15:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/10 14:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
[2012/04/10 14:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/10 14:27:58 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 12:04:19 | 000,054,272 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/10 11:53:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
[2012/04/10 10:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/10 09:39:23 | 094,379,315 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/09 21:20:20 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/09 21:20:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/09 21:05:20 | 000,000,680 | ---- | M] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
[2012/04/09 17:56:31 | 000,000,714 | ---- | M] () -- C:\Users\Belle\Desktop\ERUNT.lnk
[2012/04/09 17:55:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
[2012/04/09 17:29:10 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012/04/09 12:40:58 | 004,489,152 | ---- | M] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
[2012/04/09 11:17:57 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/04/09 11:17:40 | 000,000,859 | ---- | M] () -- C:\Users\Belle\Desktop\Optimizer Pro.lnk
[2012/04/08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/04/05 13:32:52 | 007,131,152 | ---- | M] () -- C:\Users\Belle\Desktop\w_infk15.pdf
[2012/04/04 17:02:34 | 000,355,551 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/04 13:13:38 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/04/04 13:13:26 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/04/04 13:13:22 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/04/03 23:50:35 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/03 23:50:35 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/02 17:13:38 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
[2012/04/02 17:05:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/04/02 17:05:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/04/02 17:05:11 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/01 11:32:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/29 22:20:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/29 16:36:48 | 000,072,080 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
[2012/03/27 14:51:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/22 22:23:52 | 000,027,436 | ---- | M] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
[2012/03/22 22:23:45 | 000,037,754 | ---- | M] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf
[2012/03/11 19:21:53 | 001,214,189 | ---- | M] () -- C:\Users\Belle\Desktop\threading.pdf

========== Files Created - No Company Name ==========

[2012/04/09 17:56:31 | 000,000,714 | ---- | C] () -- C:\Users\Belle\Desktop\ERUNT.lnk
[2012/04/09 17:26:31 | 000,000,408 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012/04/09 11:17:56 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/04/09 11:17:40 | 000,000,859 | ---- | C] () -- C:\Users\Belle\Desktop\Optimizer Pro.lnk
[2012/04/05 13:32:15 | 007,131,152 | ---- | C] () -- C:\Users\Belle\Desktop\w_infk15.pdf
[2012/04/02 17:13:38 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
[2012/03/29 22:20:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/27 16:05:34 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/03/22 22:23:52 | 000,027,436 | ---- | C] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
[2012/03/22 22:23:45 | 000,037,754 | ---- | C] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf
[2012/03/11 19:21:53 | 001,214,189 | ---- | C] () -- C:\Users\Belle\Desktop\threading.pdf
[2012/02/02 11:06:21 | 000,000,680 | ---- | C] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
[2011/09/18 11:28:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/04/23 20:20:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 20:20:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/09/22 07:51:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== Custom Scans ==========

< End of report >

lastly, the extras file.

OTL Extras logfile created on: 4/10/2012 3:28:30 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Belle\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 44.80% Memory free
6.21 Gb Paging File | 3.30 Gb Available in Paging File | 53.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 194.81 Gb Free Space | 69.56% Space Free | Partition Type: NTFS

Computer Name: MAEIR_NEW | User Name: Belle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C68E6D0-25CF-46A7-9FB0-9D77B9713D87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1530280C-88A5-4AEB-8E13-3D9B1C2B0494}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B920B3B-D285-442A-83B5-42C0CC5DF51C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{454EBE59-1923-4867-954A-5A35CF3A48A1}" = rport=139 | protocol=6 | dir=out | app=system |
"{4E6598CF-ECF0-437E-BBE1-F3D700ADAFA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{53187026-3944-4ACC-8F0A-2AC4034916F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5920C582-46C1-441B-A214-D0A8D558EB9C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5DD13BF4-C3B5-4364-86DC-E70377233D39}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63AB13BE-100B-4559-A665-1211D378B841}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7BAA2C7A-7ACB-45AC-BACA-637170BC5999}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9C7B48F2-DD41-49E2-B0FC-D17708D0FDF4}" = lport=138 | protocol=17 | dir=in | app=system |
"{9FB83C61-C71C-42E4-8AAE-A3E51710CFF1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A1412006-E626-438B-9758-E38C58B55706}" = rport=445 | protocol=6 | dir=out | app=system |
"{AFD90155-E051-405E-ABBD-FFC78707B16C}" = rport=137 | protocol=17 | dir=out | app=system |
"{B32D23A4-C40E-4D4F-AD6B-F6BB13FE4931}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C90B228F-A842-4D1F-AC91-069E108665F6}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC71FF1E-66F8-409B-8214-C25769367968}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E46F52B4-0769-4A22-94F7-F6B9873774A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{FFB05AB3-28CD-4639-BD1D-CB8E32065C7F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01382D53-DC14-44C5-BAE3-E5E3581E738B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B3463BB-BDF2-4A8A-88FA-BC977CEDCC9E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F543DF9-AF9D-435C-9199-4986E813766D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{175DFC90-1F1A-4B33-99C7-5ACC3197842C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1FA791DB-F4FA-4D4B-AF82-9803D12CE3C1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{254C64E7-586A-4A35-A90B-711CDEACA6DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F26C029-0863-4917-9862-36C469FB8033}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{30749ACC-CDD2-437C-A657-FEE3DAC0A287}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3E557D2E-6415-4E65-B647-E91CDA003051}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{4DD0F406-FDCC-47B4-B2C6-814155BA2F08}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4FD6697F-6DEB-4404-816B-F32410381455}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{52E38A04-2CFF-4C60-845E-8D7DFD38A9BF}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{5C10E504-E80D-451A-840B-E5E7125F02E8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{69EBC990-EB07-40FD-8571-2886FD70A347}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |
"{7EF19F69-D877-4632-ADDD-143E537184C9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7F153961-E5DA-4317-BAAB-F4D85BE953CF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{828F0847-D443-40E1-A59D-5203EF047E59}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{88724E10-03B2-40EB-BC70-FF1824001DD0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8F91B219-6ECE-45D2-B531-49048CC1A958}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{93EAE94C-3D23-4DCE-96B5-E184C6810F19}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9BEEC982-9349-499A-8B95-76795B14AC9F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{BFDCE1F0-9421-4624-BFEF-67DAB8F4E923}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C1911E6D-1301-4B20-9AE0-19F6A07E03E5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C8D9DDB5-F6FD-4583-93A4-D87AA8C83A99}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{C97DBD21-9A3A-46E1-9BD8-9ACE3377C993}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CA558164-9663-4CE1-8626-347490F7086E}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{CA9B5338-F54B-4916-81E2-CDC2EE21DCF0}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D0E637DE-912D-4A2D-B0F1-4ECBA480E74E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D165FFAD-0C6B-4483-9F43-25CAE6D51067}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D1821A1E-9021-43F6-A469-8D2544FB8F6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D92D334E-B4C5-44EC-844F-C9523A17C41C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{E19041F8-E0AD-4774-B46A-4296240AE808}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{E9E260F7-1D8B-4A54-9B9D-5D342BA4C3B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{FBEC6E3F-E5F5-4898-AA43-14B320760E13}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"TCP Query User{3C4825F5-7999-4D0F-969B-6736F003AE40}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C423464F-0F05-49D5-ACD3-067263F07036}F:\setup.exe" = protocol=6 | dir=in | app=f:\setup.exe |
"TCP Query User{F264D0F4-F522-40C8-A8BD-1D3001861853}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{271D4CBE-632C-4222-A7F9-0ADCAF828426}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8A99B352-A039-48C7-A3D2-703D6021DF40}F:\setup.exe" = protocol=17 | dir=in | app=f:\setup.exe |
"UDP Query User{8B6DA7E4-4421-436E-AE56-84E76C1C3AC0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192257C2-CBBD-4013-BD7B-9504611AF721}" = AVG 2011
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{31B27B28-5E06-4483-A363-8D1F2A97D38D}" = HP Officejet J3600 Series
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{364AD023-F22D-4380-88D0-F9C6A778E194}" = Driver & Application Installation
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB1501C-1670-4b53-8B67-B1C368BC7227}" = Lenovo PC Type Configuration
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4D04C9A1-F28C-4F6F-9D66-81BB000693D9}" = BPDSoftware_Ini
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5C4D532E-4EC9-11E1-9544-B8AC6F97B88E}" = Google Earth Plug-in
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{605EC7D2-90AF-4B3C-9940-FAA9A0F87BF8}" = DavkaViewer Platinum
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6907A047-7F0D-440A-B6E8-06D35F62354D}" = Atlantica Online
"{6F60CD17-EE34-4f77-83B7-F8ADBDC31D46}" = ProductContext
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{88FBDCF4-8ACF-46e6-9C33-231FBA6378D8}" = J3600
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE4CB34-8187-42A1-B597-517760BEE8EC}" = BPD_Scan
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9610EC3A-C7A0-4C31-9F3B-F9020C582B47}" = Lenovo Healthcare Software
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo UWF
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.3
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D27F8BF7-61A4-4F0D-A190-9E2CE8C0773B}" = 3600_Help
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCC91145-ABD1-48F9-AC66-8DF0B2C68F31}" = Microsoft 70-515 TS Web Applications Development with .NET Framework 4 (C#) SE
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ant.com IE add-on" = Ant.com IE add-on
"Atlantica" = Atlantica
"AVG" = AVG 2011
"Boardmaker Plus!" = Boardmaker Plus!
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Cyberchase Carnival Chaos" = Cyberchase Carnival Chaos
"DavkaWriter" = DavkaWriter
"DirectPrintUserGuide" = Canon Direct Print User Guide
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDFab 8_is1" = DVDFab 8.0.7.2 (26/01/2011)
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.4.1
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"Green Eggs and Ham" = Green Eggs and Ham
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{BCB8D603-985E-4765-B4AB-B4B991A535B7}" = Finding Nemo: Nemo's Underwater World of Fun
"InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft 70-515 TS Web Applications Development with .NET Framework 4 (C#) SE" = Microsoft 70-515 TS Web Applications Development with .NET Framework 4 (C#) SE
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"nbi-nb-base-7.1.1.0.0" = NetBeans IDE 7.1.1
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 15.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.93
"Scratch" = Scratch
"Smart Defrag_is1" = Smart Defrag
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"Super Collapse! 3" = Super Collapse! 3
"SystemRequirementsLab" = System Requirements Lab
"The Cat in the Hat" = The Cat in the Hat
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UnityWebPlayer" = Unity Web Player
"VeriFace III" = VeriFace III
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Yahtzeev1" = Yahtzee
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pidgin" = Pidgin

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2012 5:27:41 PM | Computer Name = Maeir_NEW | Source = VSS | ID = 8194
Description =

Error - 4/9/2012 6:18:08 PM | Computer Name = Maeir_NEW | Source = VSS | ID = 8194
Description =

Error - 4/9/2012 9:20:59 PM | Computer Name = Maeir_NEW | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.


Error - 4/9/2012 9:26:05 PM | Computer Name = Maeir_NEW | Source = Perflib | ID = 1010
Description =

Error - 4/9/2012 9:26:06 PM | Computer Name = Maeir_NEW | Source = Perflib | ID = 1008
Description =

Error - 4/9/2012 10:14:45 PM | Computer Name = Maeir_NEW | Source = Windows Search Service | ID = 3013
Description =

Error - 4/9/2012 10:14:45 PM | Computer Name = Maeir_NEW | Source = Windows Search Service | ID = 3013
Description =

Error - 4/9/2012 10:14:45 PM | Computer Name = Maeir_NEW | Source = Windows Search Service | ID = 3013
Description =

Error - 4/9/2012 10:14:45 PM | Computer Name = Maeir_NEW | Source = Windows Search Service | ID = 3013
Description =

Error - 4/10/2012 3:27:54 PM | Computer Name = Maeir_NEW | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.39.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1cc8 Start Time: 01cd174fa7200c26 Termination Time: 278

[ Media Center Events ]
Error - 5/6/2010 7:03:07 PM | Computer Name = Maeir_NEW | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/9/2012 11:35:41 AM | Computer Name = Maeir_NEW | Source = HTTP | ID = 15016
Description =

Error - 4/9/2012 2:19:21 PM | Computer Name = Maeir_NEW | Source = HTTP | ID = 15016
Description =

Error - 4/9/2012 3:48:30 PM | Computer Name = Maeir_NEW | Source = HTTP | ID = 15016
Description =

Error - 4/9/2012 4:47:28 PM | Computer Name = Maeir_NEW | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:15:07 PM on 4/9/2012 was unexpected.

Error - 4/9/2012 4:46:48 PM | Computer Name = Maeir_NEW | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 4/9/2012 4:47:38 PM | Computer Name = Maeir_NEW | Source = HTTP | ID = 15016
Description =

Error - 4/9/2012 5:22:34 PM | Computer Name = Maeir_NEW | Source = HTTP | ID = 15016
Description =

Error - 4/9/2012 9:20:18 PM | Computer Name = Maeir_NEW | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:18:14 PM on 4/9/2012 was unexpected.

Error - 4/9/2012 9:20:22 PM | Computer Name = Maeir_NEW | Source = HTTP | ID = 15016
Description =

Error - 4/9/2012 9:23:41 PM | Computer Name = Maeir_NEW | Source = DCOM | ID = 10005
Description =


< End of report >

Hi,


thanks in advance for your help.
two questions.

1) I'm using AVG now. I've noticed you guys tend to recommend avast or the MS security essentials.
Should I switch?

2) what's your gut feeling about fix vs reformat?I always recommend either avast or Microsoft Security Essentials. They are both quality antivirus programs and are free. AVG (in my experience) is a resource hog and I have seen it slow systems down a lot. If you would like to try one of the ones I mentioned let me know and I can provide the AVG removal tool and the link to the new antivirus you would like. :)

The infection you have is the real deal; however, it can be fixed. I have had pretty good luck so far cleaning it so we can always go for it and if it gets too crazy for you we can just format if that is what you would like to do.

For the time being let's try to clean your system...

Download Combofix from either of the links below, and save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.
----------

Hi,

Reporting back.

Disabled AVG and Ad-Aware
Ran ComboFix
It reported that AVG and AdAware were still active, I validated that they were turned off and their processes were deactivated.

ComboFix ran the scan, completed steps 1-10(?), continued to delete files and got stuck deleting an NTinstall directory.
After it sat there for 30 min, I logged out of the account, rebooted

Of course, there is not a log file to report.

What now?
Thanks,

Josh

Hi,

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Services

:OTL
SRV - (qserver) -- C:\Windows\System32\se44mdfl.dll (Oak Technology Inc.)
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111...0000219743274e
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q={searchTerms}&src=IE-SearchBox
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object)
O33 - MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\Shell - "" = AutoRun
O33 - MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\Shell\AutoRun\command - "" = D:\SuperLink.exe
O33 - MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\Shell - "" = AutoRun
O33 - MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\Shell\AutoRun\command - "" = D:\SuperLink.exe
O33 - MountPoints2\{96b200c9-8873-11de-ab76-00219743274e}\Shell\AutoRun\command - "" = D:\Installer.exe
O33 - MountPoints2\{96b20386-8873-11de-ab76-00219743274e}\Shell\AutoRun\command - "" = D:\Installer.exe
NetSvcs: qserver - C:\Windows\System32\se44mdfl.dll (Oak Technology Inc.)
[2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/04/09 11:17:27 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Babylon
[2012/04/09 11:17:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Babylon
[2012/04/09 11:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/10 12:04:19 | 000,054,272 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/09 21:20:20 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd

:Files
C:\Windows\System32\se44mdfl.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Yeeeeeehaw!


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service qserver stopped successfully!
Service qserver deleted successfully!
File C:\Windows\System32\se44mdfl.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
C:\Windows\Downloaded Program Files\popcaploader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{165822f3-c3f4-11df-a467-00219743274e}\ not found.
File D:\SuperLink.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16582345-c3f4-11df-a467-00219743274e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16582345-c3f4-11df-a467-00219743274e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16582345-c3f4-11df-a467-00219743274e}\ not found.
File D:\SuperLink.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96b200c9-8873-11de-ab76-00219743274e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96b200c9-8873-11de-ab76-00219743274e}\ not found.
File D:\Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96b20386-8873-11de-ab76-00219743274e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96b20386-8873-11de-ab76-00219743274e}\ not found.
File D:\Installer.exe not found.
qserver removed from NetSvcs value successfully!
File C:\Windows\System32\se44mdfl.dll not found.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Users\Belle\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Belle\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Belle\AppData\Local\Babylon folder moved successfully.
C:\Users\Belle\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\Shuki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File C:\Windows\System32\dds_trash_log.cmd not found.
========== FILES ==========
File\Folder C:\Windows\System32\se44mdfl.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Belle
->Temp folder emptied: 4298298 bytes
->Temporary Internet Files folder emptied: 320842053 bytes
->Java cache emptied: 30584303 bytes
->FireFox cache emptied: 61059511 bytes
->Flash cache emptied: 50008 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shuki
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2711074652 bytes
->Java cache emptied: 27963535 bytes
->FireFox cache emptied: 7845689 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 183124 bytes

User: Tuvya
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 84116292 bytes
->Java cache emptied: 1022503 bytes
->Flash cache emptied: 41811 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1941 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,099.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04102012_223725

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hi,

Looks like we got a good bit. :)


Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Sure did!

What now?

Hi,

:) Run a new scan with OTL and post that so we can see how the fix went.

Here you go.

OTL logfile created on: 4/11/2012 4:07:44 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Belle\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 69.21% Memory free
6.22 Gb Paging File | 4.97 Gb Available in Paging File | 79.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 280.06 Gb Total Space | 188.57 Gb Free Space | 67.33% Space Free | Partition Type: NTFS

Computer Name: MAEIR_NEW | User Name: Belle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Belle\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
MOD - C:\Windows\System32\IcnOvrly.dll ()
MOD - C:\Program Files\Lenovo\VeriFaceIII\Time.dll ()
MOD - C:\Program Files\Lenovo\Healthcare\Health.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ZTEusbser6k) -- %systemroot%\system32\RioS30.dll File not found
SRV - (z525mgmt) -- %systemroot%\system32\sdhelper.dll File not found
SRV - (Xponaut_WBD) -- %systemroot%\system32\lvusbsta.dll File not found
SRV - (Winmgmt) -- %SystemRoot%\system32\wbem\WMIsvc.dllHttpAutoProxySvc\Parameters File not found
SRV - (wdelmgr20) -- %systemroot%\system32\cccredmgr.dll File not found
SRV - (wceusbsh) -- %systemroot%\system32\PNDIS5.dll File not found
SRV - (w800obex) -- %systemroot%\system32\eamon.dll File not found
SRV - (VX1000) -- %systemroot%\system32\dphost.dll File not found
SRV - (vrservice) -- %systemroot%\system32\PGPdisk.dll File not found
SRV - (vetfddnt) -- %systemroot%\system32\ICAM3NT5.dll File not found
SRV - (VAIOMediaPlatform-MusicServer-HTTP) -- %systemroot%\system32\fsaua.dll File not found
SRV - (USRpdA) -- %systemroot%\system32\qhwscsvc.dll File not found
SRV - (ups) -- %systemroot%\system32\cccredmgr.dll File not found
SRV - (UMAXPCLS) -- %systemroot%\system32\npkcusb.dll File not found
SRV - (UBHelper) -- %systemroot%\system32\p3.dll File not found
SRV - (THREADORDER) -- %SystemRoot%\system32\mmcss.dlll File not found
SRV - (szserver) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe File not found
SRV - (symmpi) -- %systemroot%\system32\sansaservice.dll File not found
SRV - (SrvcSSIOMngr) -- %systemroot%\system32\btwaudio.dll File not found
SRV - (srescan) -- %systemroot%\system32\tabletservice.dll File not found
SRV - (SndTDriverV32) -- %systemroot%\system32\gagp30kx.dll File not found
SRV - (SiS7018) -- %systemroot%\system32\i8042prt.dll File not found
SRV - (ShellHWDetection) -- %SystemRoot%\System32\shsvcs.dlls\ShellHWDetection\Parameters File not found
SRV - (sfhlp02) -- %systemroot%\system32\idechndr.dll File not found
SRV - (serialkeys) -- %systemroot%\system32\USBCamera.dll File not found
SRV - (ser2plms) -- %systemroot%\system32\s116mdfl.dll File not found
SRV - (SE2Emdfl) -- %systemroot%\system32\avsvcmonitor.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (retrolauncher) -- %systemroot%\system32\AYDrvNT_ALYAC.dll File not found
SRV - (regmanserv) -- %systemroot%\system32\NuidFltr.dll File not found
SRV - (QWAVE) -- %windir%\system32\qwave.dlldc.exe File not found
SRV - (PTDCMdm) -- %systemroot%\system32\ctxcpusched.dll File not found
SRV - (phc600) -- %systemroot%\system32\SaiH040B.dll File not found
SRV - (pelusblf) -- %systemroot%\system32\Wpsnuio.dll File not found
SRV - (patrol_scheduler) -- %systemroot%\system32\mscsptisrv.dll File not found
SRV - (NxSysMon) -- %systemroot%\system32\atkkeyboardservice.dll File not found
SRV - (NWADI) -- %systemroot%\system32\SE2Dmgmt.dll File not found
SRV - (ntrtscan) -- %systemroot%\system32\client32.dll File not found
SRV - (MRESP50a64) -- %systemroot%\system32\RVIEG01.dll File not found
SRV - (MRESP50) -- %systemroot%\system32\savscan.dll File not found
SRV - (mcdbus) -- %systemroot%\system32\pop3d32.dll File not found
SRV - (LVRS) -- %systemroot%\system32\se58mdm.dll File not found
SRV - (lvhidsvc) -- %systemroot%\system32\WinVd32.dll File not found
SRV - (iwebcal) -- %systemroot%\system32\MSMQ.dll File not found
SRV - (ICAM5USB) -- %systemroot%\system32\commserver.dll File not found
SRV - (gtndis5) -- %systemroot%\system32\aspi32.dll File not found
SRV - (GTF32BUS) -- %systemroot%\system32\lvmvdrv.dll File not found
SRV - (GT890x) -- %systemroot%\system32\Intels51.dll File not found
SRV - (FVNETusb) -- %systemroot%\system32\LC7981.dll File not found
SRV - (fsma) -- %systemroot%\system32\T6963C.dll File not found
SRV - (Evian) -- %systemroot%\system32\nim32.dll File not found
SRV - (emu10k1) -- %systemroot%\system32\se59unic.dll File not found
SRV - (EACSys) -- %systemroot%\system32\se58nd5.dll File not found
SRV - (DynDNS_Updater_Service) -- %systemroot%\system32\MSFWHLPR.dll File not found
SRV - (dladresm) -- %systemroot%\system32\qfcoresvc.dll File not found
SRV - (DivisCTS) -- %systemroot%\system32\mqdmmdfl.dll File not found
SRV - (dashsvc) -- %systemroot%\system32\avg7alrt.dll File not found
SRV - (cypresslink) -- %systemroot%\system32\pdiddcci.dll File not found
SRV - (ctljystk) -- %systemroot%\system32\fips.dll File not found
SRV - (cqmgserv) -- %systemroot%\system32\PdiPorts.dll File not found
SRV - (cqcpu) -- %systemroot%\system32\btserial.dll File not found
SRV - (cdrbsdrv) -- %systemroot%\system32\slave.dll File not found
SRV - (cachemgr) -- %systemroot%\system32\BCM43XV.dll File not found
SRV - (ATIVXSTW) -- %systemroot%\system32\omsad.dll File not found
SRV - (arcltsrv) -- %systemroot%\system32\EACSvrMngr.dll File not found
SRV - (agnwifi) -- %systemroot%\system32\contentfilter.dll File not found
SRV - (a016mdm) -- %systemroot%\system32\ikfilesec.dll File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (OKAV Agent Service) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe (Trend Micro Inc.)
SRV - (WINDEFEND) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Belle\AppData\Local\Temp\catchme.sys File not found
DRV - (BVRPMPR5) -- C:\Windows\system32\drivers\BVRPMPR5.SYS File not found
DRV - (IDMWFP) -- C:\Windows\System32\drivers\idmwfp.sys (Tonec Inc.)
DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (WinI2C-DDC) -- C:\Windows\System32\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys ()
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (QCDonner) Logitech QuickCam Express(PID_0840) -- C:\Windows\System32\drivers\lvcd.sys (Logitech Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{20CB2A00-D282-4C69-B6AF-07FE9F69B835}: "URL" = http://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\{5D395B13-5CD2-4BF8-A77B-D8A043EE7C35}: "URL" = http://search.avg.com/route/?d=4cdf1a31&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=b&ychte=us
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{F210D498-6131-45D7-91C7-F82B692C7552}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Belle\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Belle\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Belle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/03 09:54:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/06 23:05:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 09:12:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Belle\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Belle\AppData\Roaming\IDM\idmmzcc5 [2012/04/09 12:42:11 | 000,000,000 | ---D | M]

[2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shuki\AppData\Roaming\Mozilla\Extensions
[2012/02/09 16:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/04/09 13:29:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions
[2012/03/06 23:45:23 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Belle\AppData\Roaming\mozilla\Firefox\Profiles\1af5k6uw.default\extensions\anttoolbar@ant.com
[2012/04/01 11:33:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/01 11:33:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/06 23:05:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/04/09 12:42:11 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\BELLE\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
() (No name found) -- C:\USERS\BELLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1AF5K6UW.DEFAULT\EXTENSIONS\XPIRFTOOLBAR@ROBOFORM.COM.XPI
[2012/03/19 09:12:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\Healthcare\HealthCare.exe (skyware)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A783B15E-6FC6-407F-A9B9-EA185603CF5E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/11 00:41:38 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\Unity
[2012/04/10 22:37:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/10 21:12:24 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Local\temp
[2012/04/10 21:12:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/10 20:36:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/10 20:36:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/10 20:36:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/10 20:36:40 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/10 20:36:38 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/10 20:30:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/10 20:25:48 | 004,455,939 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
[2012/04/10 15:24:29 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
[2012/04/09 17:57:01 | 000,000,000 | ---D | C] -- C:\ERDNT
[2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/09 17:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/09 17:55:31 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
[2012/04/09 16:55:40 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/04/09 16:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\IDM
[2012/04/09 12:41:58 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\DMCache
[2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 12:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2012/04/09 12:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2012/04/09 12:40:46 | 004,489,152 | ---- | C] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
[2012/04/09 11:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012/04/09 11:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/09 11:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2012/04/09 11:07:03 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/04/09 11:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/04 13:13:38 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/04/04 13:13:26 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/04/04 13:13:22 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/04/02 17:32:22 | 000,000,000 | ---D | C] -- C:\Users\Belle\Documents\NetBeansProjects
[2012/04/02 17:22:19 | 000,000,000 | ---D | C] -- C:\Users\Belle\.m2
[2012/04/02 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Belle\.netbeans
[2012/04/02 17:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
[2012/04/02 17:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.1.1
[2012/04/02 17:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/02 17:05:57 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/04/02 17:05:57 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/04/02 17:05:57 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/02 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\.nbi
[2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/01 11:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/01 04:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012/03/29 22:20:13 | 000,000,000 | ---D | C] -- C:\Users\Belle\AppData\Roaming\Malwarebytes
[2012/03/29 22:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 22:20:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/29 22:20:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/29 16:36:48 | 000,072,080 | ---- | C] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
[2012/03/16 07:08:36 | 000,091,936 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[2012/03/15 08:17:39 | 000,000,000 | ---D | C] -- C:\Users\Belle\Desktop\Agile

========== Files - Modified Within 30 Days ==========

[2012/04/11 16:10:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
[2012/04/11 16:07:59 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
[2012/04/11 16:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2012/04/11 15:53:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
[2012/04/11 15:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 15:08:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 14:04:31 | 000,000,680 | ---- | M] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
[2012/04/11 12:26:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 11:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
[2012/04/11 11:08:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 10:53:31 | 000,056,320 | ---- | M] () -- C:\Users\Belle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/11 10:25:12 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/04/11 08:48:15 | 094,521,641 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/04/10 23:22:04 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/04/10 23:22:04 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/04/10 23:21:46 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/04/10 20:26:02 | 004,455,939 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\ComboFix.exe
[2012/04/10 17:49:12 | 000,355,579 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/04/10 16:38:26 | 000,741,758 | ---- | M] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
[2012/04/10 16:03:34 | 000,000,512 | ---- | M] () -- C:\Users\Belle\Documents\MBR.dat
[2012/04/10 15:33:25 | 000,749,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/10 15:33:25 | 000,159,844 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/10 15:24:31 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Belle\Desktop\OTL.exe
[2012/04/09 17:56:31 | 000,000,714 | ---- | M] () -- C:\Users\Belle\Desktop\ERUNT.lnk
[2012/04/09 17:55:32 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Belle\Desktop\dds.scr
[2012/04/09 17:29:10 | 000,000,408 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012/04/09 12:40:58 | 004,489,152 | ---- | M] (Tonec Inc.) -- C:\Users\Belle\Desktop\idman610.exe
[2012/04/09 11:17:57 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/04/08 22:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2012/04/05 13:32:52 | 007,131,152 | ---- | M] () -- C:\Users\Belle\Desktop\w_infk15.pdf
[2012/04/04 13:13:38 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2012/04/04 13:13:26 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2012/04/04 13:13:22 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2012/04/02 17:13:38 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
[2012/04/02 17:05:11 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/04/02 17:05:11 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/04/02 17:05:11 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/04/02 17:05:11 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/04/01 11:32:48 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/29 22:20:02 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/29 16:36:48 | 000,072,080 | ---- | M] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
[2012/03/27 14:51:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/22 22:23:52 | 000,027,436 | ---- | M] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
[2012/03/22 22:23:45 | 000,037,754 | ---- | M] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf

========== Files Created - No Company Name ==========

[2012/04/10 20:36:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/10 20:36:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/10 20:36:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/10 20:36:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/10 20:36:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/10 16:38:26 | 000,741,758 | ---- | C] () -- C:\Users\Belle\Desktop\Tuvya Maeir Health Form.pdf
[2012/04/10 16:03:34 | 000,000,512 | ---- | C] () -- C:\Users\Belle\Documents\MBR.dat
[2012/04/09 17:56:31 | 000,000,714 | ---- | C] () -- C:\Users\Belle\Desktop\ERUNT.lnk
[2012/04/09 17:26:31 | 000,000,408 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2012/04/09 11:17:56 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/04/05 13:32:15 | 007,131,152 | ---- | C] () -- C:\Users\Belle\Desktop\w_infk15.pdf
[2012/04/02 17:13:38 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.1.1.lnk
[2012/03/29 22:20:02 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/22 22:23:52 | 000,027,436 | ---- | C] () -- C:\Users\Belle\Desktop\technology%20management%20after.pdf
[2012/03/22 22:23:45 | 000,037,754 | ---- | C] () -- C:\Users\Belle\Desktop\business%20analyst%20after.pdf
[2012/02/02 11:06:21 | 000,000,680 | ---- | C] () -- C:\Users\Belle\AppData\Local\d3d9caps.dat
[2011/09/18 11:28:08 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/04/23 20:20:55 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/23 20:20:55 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/09/22 07:51:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< End of report >

Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.htmll).

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.



Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:


Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.



Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
----------

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)

First part:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Belle :: MAEIR_NEW [administrator]

4/12/2012 10:09:02 AM
mbam-log-2012-04-12 (10-09-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238332
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

First part:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.09.06
(end)


IGNORE - forgot to update, doing that now

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6d52e5210fe6144691d196158079cf01
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-12 08:33:33
# local_time=2012-04-12 04:33:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 99433848 99433848 0 0
# compatibility_mode=1032 16777213 100 96 0 77310385 0 0
# compatibility_mode=5892 16776574 100 100 43771722 170861769 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=313129
# found=3
# cleaned=0
# scan_time=8572
C:\Qoobox\Quarantine\C\Windows\System32\helpsvc.dll.vir Win32/Sirefef.ER trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\drivers\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

Hi,

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Right-click and Run as Administrator SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
*netbt.sys


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.12.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Belle :: MAEIR_NEW [administrator]

4/12/2012 5:25:15 PM
mbam-log-2012-04-12 (17-25-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240766
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SystemLook 30.07.11 by jpshortstuff
Log created at 17:52 on 12/04/2012 by Belle
Administrator - Elevation successful

========== filefind ==========

Searching for "*netbt.sys"
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys --a---- 185856 bytes [11:28 24/09/2009] [04:45 11/04/2009] ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\System32\drivers\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 62A04C5466D64F6E30E730AD49CC81C8
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys --a---- 184320 bytes [02:24 21/01/2008] [02:24 21/01/2008] 62A04C5466D64F6E30E730AD49CC81C8

-= EOF =-

Hi,

Looks like you have an infected netbt.sys....

Run ERUNT again and then do the following...

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Services

:Files
copy C:\Windows\System32\drivers\netbt.sys C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys /c

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

Hey Jeff,

Hope you had a good weekend.

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
< copy C:\Windows\System32\drivers\netbt.sys C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys /c >
1 file(s) copied.
C:\Users\Belle\Desktop\cmd.bat deleted successfully.
C:\Users\Belle\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Belle
->Temp folder emptied: 7964339 bytes
->Temporary Internet Files folder emptied: 3968810 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 346829468 bytes
->Flash cache emptied: 6450 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shuki
->Temp folder emptied: 310412 bytes
->Temporary Internet Files folder emptied: 7299606 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Tuvya
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 711240 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17032 bytes
RecycleBin emptied: 1724101871 bytes

Total Files Cleaned = 1,994.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04152012_024537

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hi,

Please delete the current version of Combofix.exe from your desktop and download a new version from here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------

Looking good!

ComboFix 12-04-15.02 - Belle 04/15/2012 12:44:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1620 [GMT -4:00]
Running from: c:\users\Belle\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\$NtUninstallKB9260$ . . . . Failed to delete
.
---- Previous Run -------
.
c:\windows\$NtUninstallKB9260$\3150435492
c:\windows\$NtUninstallKB9260$\36054538\@
c:\windows\$NtUninstallKB9260$\36054538\cfg.ini
c:\windows\$NtUninstallKB9260$\36054538\Desktop.ini
c:\windows\$NtUninstallKB9260$\36054538\L\qnbwvoto
c:\windows\$NtUninstallKB9260$\36054538\oemid
c:\windows\$NtUninstallKB9260$\36054538\U\00000001.@
c:\windows\$NtUninstallKB9260$\36054538\U\00000002.@
c:\windows\$NtUninstallKB9260$\36054538\U\00000004.@
c:\windows\$NtUninstallKB9260$\36054538\U\80000000.@
c:\windows\$NtUninstallKB9260$\36054538\U\80000004.@
c:\windows\$NtUninstallKB9260$\36054538\U\80000032.@
c:\windows\$NtUninstallKB9260$\36054538\version
c:\windows\s.bat
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\helpsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pdlndqll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 16:52 . 2012-04-15 16:52 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-15 16:52 . 2012-04-15 16:52 -------- d-----w- c:\users\Tuvya\AppData\Local\temp
2012-04-15 16:52 . 2012-04-15 16:52 -------- d-----w- c:\users\Shuki\AppData\Local\temp
2012-04-15 16:52 . 2012-04-15 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 01:25 . 2012-04-15 01:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-12 14:36 . 2012-04-12 14:36 -------- d-----w- c:\program files\ESET
2012-04-11 04:41 . 2012-04-11 04:41 -------- d-----w- c:\users\Belle\AppData\Local\Unity
2012-04-11 02:37 . 2012-04-11 02:37 -------- d-----w- C:\_OTL
2012-04-11 01:12 . 2012-04-15 16:59 -------- d-----w- c:\users\Belle\AppData\Local\temp
2012-04-09 21:57 . 2012-04-09 21:57 -------- d-----w- C:\ERDNT
2012-04-09 21:56 . 2012-04-09 21:56 -------- d-----w- c:\program files\ERUNT
2012-04-09 20:55 . 2012-04-11 03:21 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-09 20:15 . 2012-04-09 22:20 -------- d-----w- c:\program files\Common Files\iS3
2012-04-09 16:41 . 2012-04-15 16:53 -------- d-----w- c:\users\Belle\AppData\Roaming\DMCache
2012-04-09 16:41 . 2012-04-12 13:18 -------- d-----w- c:\users\Belle\AppData\Roaming\IDM
2012-04-09 16:41 . 2012-04-09 16:42 -------- d-----w- c:\program files\Internet Download Manager
2012-04-09 15:17 . 2012-04-11 02:38 -------- d-----w- c:\program files\BabylonToolbar
2012-04-09 15:17 . 2012-04-09 15:17 237 ----a-w- C:\user.js
2012-04-09 15:17 . 2012-04-09 15:17 -------- d-----w- c:\programdata\Premium
2012-04-09 15:07 . 2012-04-09 15:07 -------- d-----w- C:\codec-info
2012-04-09 15:06 . 2012-04-09 15:17 -------- d-----w- c:\programdata\InstallMate
2012-04-04 17:13 . 2012-04-04 17:13 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 17:13 . 2012-04-04 17:13 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 17:13 . 2012-04-04 17:13 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-02 21:22 . 2012-04-02 21:22 -------- d-----w- c:\users\Belle\.m2
2012-04-02 21:20 . 2012-04-02 21:21 -------- d-----w- c:\users\Belle\.netbeans
2012-04-02 21:11 . 2012-04-02 21:14 -------- d-----w- c:\program files\NetBeans 7.1.1
2012-04-02 21:06 . 2012-04-02 21:06 -------- d-----w- c:\program files\Common Files\Java
2012-04-02 21:05 . 2012-04-02 21:05 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-02 20:44 . 2012-04-02 21:17 -------- d-----w- c:\users\Belle\.nbi
2012-04-01 15:32 . 2012-04-01 15:32 -------- d-----w- c:\program files\Common Files\Skype
2012-04-01 08:18 . 2012-04-01 08:18 -------- d-----w- c:\program files\RealNetworks
2012-03-30 02:20 . 2012-03-30 02:20 -------- d-----w- c:\users\Belle\AppData\Roaming\Malwarebytes
2012-03-30 02:20 . 2012-04-15 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 02:20 . 2012-04-09 19:42 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 02:20 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 20:36 . 2012-03-29 20:36 72080 ----a-w- c:\windows\system32\drivers\SZKGFS.sys
2012-03-27 21:35 . 2012-03-27 21:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-19 13:12 . 2012-03-19 13:12 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 13:12 . 2012-03-19 13:12 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 21:05 . 2010-05-06 02:56 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 18:51 . 2011-06-26 14:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 03:04 . 2009-03-12 04:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-07 03:04 . 2009-03-12 04:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-24 19:28 . 2012-02-24 19:28 99728 ----a-w- c:\windows\system32\drivers\SZKG.sys
2012-02-24 19:28 . 2012-02-24 19:28 99728 ----a-w- c:\windows\system32\drivers\is3srv.sys
2012-02-23 18:17 . 2012-02-23 18:04 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-23 18:09 . 2012-02-23 18:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 18:09 . 2012-02-23 18:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 18:09 . 2012-02-23 18:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 18:09 . 2012-02-23 18:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 18:09 . 2012-02-23 18:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 18:09 . 2012-02-23 18:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 18:09 . 2012-02-23 18:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 18:09 . 2012-02-23 18:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 18:09 . 2012-02-23 18:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-08 01:13 . 2012-03-16 11:08 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-01 21:30 . 2012-02-01 21:30 104949 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\pidgin-uninst.exe
2012-02-01 21:29 . 2012-02-01 21:29 90496 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2012-02-01 21:29 . 2012-02-01 21:29 55808 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\zlib1.dll
2012-02-01 21:29 . 2012-02-01 21:29 54700 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libpixmap.dll
2012-02-01 21:29 . 2012-02-01 21:29 447280 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\lib\gtk-2.0\modules\libgail.dll
2012-02-01 21:29 . 2012-02-01 21:29 27101 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\pango-querymodules.exe
2012-02-01 21:29 . 2012-02-01 21:29 219305 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpng14-14.dll
2012-02-01 21:29 . 2012-02-01 21:29 102774 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpangowin32-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 686030 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpangoft2-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 95189 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 904525 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libcairo-2.dll
2012-02-01 21:29 . 2012-02-01 21:29 827670 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgdk-win32-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 535264 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\freetype6.dll
2012-02-01 21:29 . 2012-02-01 21:29 53043 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgailutil-18.dll
2012-02-01 21:29 . 2012-02-01 21:29 482872 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgio-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 4740156 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgtk-win32-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 40146 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgthread-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 337702 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpango-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 31692 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgmodule-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 314501 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgobject-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 279059 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libfontconfig-1.dll
2012-02-01 21:29 . 2012-02-01 21:29 26251 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gtk-query-immodules-2.0.exe
2012-02-01 21:29 . 2012-02-01 21:29 25718 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gspawn-win32-helper.exe
2012-02-01 21:29 . 2012-02-01 21:29 25294 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gdk-pixbuf-query-loaders.exe
2012-02-01 21:29 . 2012-02-01 21:29 252150 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgdk_pixbuf-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 24264 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gspawn-win32-helper-console.exe
2012-02-01 21:29 . 2012-02-01 21:29 150664 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libatk-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 143096 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libexpat-1.dll
2012-02-01 21:29 . 2012-02-01 21:29 1100888 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libglib-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 104861 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\intl.dll
2012-01-19 14:22 . 2012-01-19 14:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-03-19 13:12 . 2012-02-22 17:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-12-24 19:19 241752 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Healthcare"="c:\program files\Lenovo\Healthcare\HealthCare.exe" [2008-02-24 466944]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2008-12-24 2916352]
"SetDefaultSCR"="c:\program files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2008-08-07 98304]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-03-07 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
tisspwiz.lnk - c:\program files\Trend Micro\Internet Security\tisspwiz.exe [N/A]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IDMWFP
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
aelookupsvc
wercplsupport
themes
certpropsvc
scpolicysvc
lanmanserver
gpsvc
ikeext
audiosrv
fastuserswitchingcompatibility
ias
irmon
nla
ntmssvc
nwcworkstation
nwsapagent
rasauto
rasman
remoteaccess
sens
sharedaccess
srservice
wdelmgr20
cypresslink
serialkeys
vetfddnt
eacsys
fsma
sis7018
usrpda
gtf32bus
a016mdm
vaiomediaplatform-musicserver-http
iwebcal
cqmgserv
retrolauncher
z525mgmt
lvhidsvc
pelusblf
mresp50
unlockerdriver5
ups
symmpi
gt890x
wceusbsh
agnwifi
ptdcmdm
srvcssiomngr
cdrbsdrv
w800obex
xponaut_wbd
sfhlp02
icam5usb
phc600
pdlndqll
ntrtscan
ativxstw
cqcpu
vx1000
regmanserv
se2emdfl
zteusbser6k
ubhelper
cachemgr
gtndis5
diviscts
mresp50a64
nwadi
dmusic
ser2plms
emu10k1
dladresm
patrol_scheduler
lvrs
fvnetusb
dyndns_updater_service
evian
umaxpcls
srescan
mcdbus
nxsysmon
vrservice
ctljystk
arcltsrv
dashsvc
sndtdriverv32
tapisrv
wmi
wmdmpmsp
termservice
wuauserv
bits
shellhwdetection
logonhours
pcaudit
helpsvc
uploadmgr
iphlpsvc
seclogon
appinfo
msiscsi
mmcss
profsvc
eaphost
winmgmt
schedule
sessionenv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2012-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-11 02:57]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:36]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:36]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
- c:\users\Belle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 19:30]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
- c:\users\Belle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 19:30]
.
2012-04-09 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-01-02 23:08]
.
2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
- c:\windows\system32\msfeedssync.exe [2011-09-18 04:32]
.
2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
- c:\windows\system32\msfeedssync.exe [2011-09-18 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\download.dll
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Belle\AppData\Roaming\Mozilla\Firefox\Profiles\1af5k6uw.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Unattend0000000001{630DEC53-CECA-49A3-896C-B064A4DC05AA} - c:\windows\test.bat
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 13:00
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4062213243-2715843153-2725576425-1005_Classes\CLSID\{584a646f-4073-4b57-8794-b721da25fbf6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000069
"Therad"=dword:00000007
.
[HKEY_USERS\S-1-5-21-4062213243-2715843153-2725576425-1005_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1e,e1,7f,ea,6e,07,61,99,49,10,53,36,0a,3b,e5,a6,1e,8b,a3,d3,f2,
09,8b,37,2b,a7,25,29,2c,5e,a6,5c,a7,5e,d4,99,8b,f4,a3,fd,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5872)
c:\windows\system32\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\program files\Ant.com\IE add-on\AntUpdaterService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Trend Micro\OKAVAgent\OKAVAgent.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\AVG\AVG10\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-15 13:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 17:03
.
Pre-Run: 196,633,255,936 bytes free
Post-Run: 196,165,033,984 bytes free
.
- - End Of File - - 98ECB643FF7A300D8C0E40A8D4D6E4A8

For x32 (x86) bit systems download Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe) and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Hi Jeff.
Hit a bump in the road.

My BIOS does not have Advanced Boot options and the VISTA windows disk are OEM, they only allow the user to install or reinstall the OS.

I think our best best is to make my USB a Windows boot device.

What I've found on the net all require the Windows install disks (which I do not have) or copying from the system on the hard drive (which we want to avoid due to the risk of infection).

Any other ideas?

Hi,

Let's use ComboFix first...


Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


ClearJavaCache::

Folder::
c:\windows\$NtUninstallKB9260$


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Combofix got stuck while preparing the log file.

I had to reset.
this is the log file that I found in its directory

ComboFix 12-04-15.02 - Belle 04/15/2012 22:41:02.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2118 [GMT -4:00]
Running from: C:\Users\Belle\Desktop\ComboFix.exe
Command switches used :: C:\Users\Belle\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))


2012-04-16 02:53:37 . 2012-04-16 02:53:37 -------- d-----w- C:\Users\Tuvya\AppData\Local\temp
2012-04-16 02:53:37 . 2012-04-16 02:53:37 -------- d-----w- C:\Users\Shuki\AppData\Local\temp
2012-04-16 02:53:37 . 2012-04-16 02:53:37 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-15 22:05:45 . 2012-04-15 22:05:45 -------- d-----w- C:\FRST
2012-04-15 17:04:01 . 2012-04-16 02:55:00 -------- d-----w- C:\Users\Belle\AppData\Local\temp
2012-04-15 01:25:31 . 2012-04-15 01:25:31 -------- d-----w- C:\Program Files\MALWAREBYTES ANTI-MALWARE
2012-04-12 14:36:18 . 2012-04-12 14:36:18 -------- d-----w- C:\Program Files\ESET
2012-04-11 04:41:38 . 2012-04-11 04:41:38 -------- d-----w- C:\Users\Belle\AppData\Local\Unity
2012-04-11 02:37:25 . 2012-04-11 02:37:25 -------- d-----w- C:\_OTL
2012-04-09 21:57:01 . 2012-04-09 21:57:01 -------- d-----w- C:\ERDNT
2012-04-09 21:56:30 . 2012-04-09 21:56:35 -------- d-----w- C:\Program Files\ERUNT
2012-04-09 20:55:40 . 2012-04-11 03:21:46 101720 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2012-04-09 20:15:30 . 2012-04-09 22:20:58 -------- d-----w- C:\Program Files\Common Files\iS3
2012-04-09 16:41:58 . 2012-04-16 02:54:14 -------- d-----w- C:\Users\Belle\AppData\Roaming\DMCache
2012-04-09 16:41:58 . 2012-04-12 13:18:59 -------- d-----w- C:\Users\Belle\AppData\Roaming\IDM
2012-04-09 16:41:54 . 2012-04-09 16:42:09 -------- d-----w- C:\Program Files\Internet Download Manager
2012-04-09 15:17:56 . 2012-04-11 02:38:52 -------- d-----w- C:\Program Files\BabylonToolbar
2012-04-09 15:17:56 . 2012-04-09 15:17:57 237 ----a-w- C:\user.js
2012-04-09 15:17:42 . 2012-04-09 15:17:42 -------- d-----w- C:\ProgramData\Premium
2012-04-09 15:07:03 . 2012-04-09 15:07:03 -------- d-----w- C:\codec-info
2012-04-09 15:06:58 . 2012-04-09 15:17:44 -------- d-----w- C:\ProgramData\InstallMate
2012-04-04 17:13:38 . 2012-04-04 17:13:38 23376 ----a-r- C:\Windows\system32\SZIO5.dll
2012-04-04 17:13:26 . 2012-04-04 17:13:26 546640 ----a-r- C:\Windows\system32\SZComp5.dll
2012-04-04 17:13:22 . 2012-04-04 17:13:22 481104 ----a-r- C:\Windows\system32\SZBase5.dll
2012-04-02 21:22:19 . 2012-04-02 21:22:19 -------- d-----w- C:\Users\Belle\.m2
2012-04-02 21:20:55 . 2012-04-02 21:21:43 -------- d-----w- C:\Users\Belle\.netbeans
2012-04-02 21:11:36 . 2012-04-02 21:14:48 -------- d-----w- C:\Program Files\NetBeans 7.1.1
2012-04-02 21:06:55 . 2012-04-02 21:06:55 -------- d-----w- C:\Program Files\Common Files\Java
2012-04-02 21:05:57 . 2012-04-02 21:05:11 637848 ----a-w- C:\Windows\system32\npdeployJava1.dll
2012-04-02 20:44:13 . 2012-04-02 21:17:12 -------- d-----w- C:\Users\Belle\.nbi
2012-04-01 15:32:48 . 2012-04-01 15:32:48 -------- d-----w- C:\Program Files\Common Files\Skype
2012-04-01 08:18:59 . 2012-04-01 08:18:59 -------- d-----w- C:\Program Files\RealNetworks
2012-03-30 02:20:13 . 2012-03-30 02:20:13 -------- d-----w- C:\Users\Belle\AppData\Roaming\Malwarebytes
2012-03-30 02:20:00 . 2012-04-15 01:22:01 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-03-30 02:20:00 . 2012-04-09 19:42:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-30 02:20:00 . 2012-04-04 19:56:40 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-03-29 20:36:48 . 2012-03-29 20:36:48 72080 ----a-w- C:\Windows\system32\drivers\SZKGFS.sys
2012-03-27 21:35:19 . 2012-03-27 21:35:22 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-19 13:12:38 . 2012-03-19 13:12:38 592824 ----a-w- C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-19 13:12:38 . 2012-03-19 13:12:38 44472 ----a-w- C:\Program Files\Mozilla Firefox\mozglue.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

Hi,

Looks like ComboFix got stuck and didn't complete. Boot into Safe Mode and run the same set of instructions that I provided earlier and then post the log that is created. :)

Will do.

Meanwhile, can you also post instructions how to remove AVG, I will install Microsoft Security Essentials instead.

Thanks.

Jeff,

In Safe Mode, I'm getting an Access Denied error message from ComboFix and telling me to use an Admin command prompt to execute those commands.

After that, it created the restore point and started the scan which is now running.

Let me know if I need to redo the scan or not.
I'll post the results as soon as the scan is done.
(and no, I'm not posting this from the PC thats being scanned :D)

and here is the log from the Safe Mode scan.

ComboFix 12-04-15.02 - Belle 04/16/2012 11:03:22.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.2638 [GMT -4:00]
Running from: c:\users\Belle\Desktop\ComboFix.exe
Command switches used :: c:\users\Belle\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-16 15:14 . 2012-04-16 15:14 -------- d-----w- c:\users\Belle\AppData\Local\temp
2012-04-16 15:14 . 2012-04-16 15:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-16 15:14 . 2012-04-16 15:14 -------- d-----w- c:\users\Tuvya\AppData\Local\temp
2012-04-16 15:14 . 2012-04-16 15:14 -------- d-----w- c:\users\Shuki\AppData\Local\temp
2012-04-16 15:14 . 2012-04-16 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-15 22:05 . 2012-04-15 22:05 -------- d-----w- C:\FRST
2012-04-15 01:25 . 2012-04-15 01:25 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-04-12 14:36 . 2012-04-12 14:36 -------- d-----w- c:\program files\ESET
2012-04-11 04:41 . 2012-04-11 04:41 -------- d-----w- c:\users\Belle\AppData\Local\Unity
2012-04-11 02:37 . 2012-04-11 02:37 -------- d-----w- C:\_OTL
2012-04-09 21:57 . 2012-04-09 21:57 -------- d-----w- C:\ERDNT
2012-04-09 21:56 . 2012-04-09 21:56 -------- d-----w- c:\program files\ERUNT
2012-04-09 20:55 . 2012-04-11 03:21 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-04-09 20:15 . 2012-04-09 22:20 -------- d-----w- c:\program files\Common Files\iS3
2012-04-09 16:41 . 2012-04-16 14:56 -------- d-----w- c:\users\Belle\AppData\Roaming\DMCache
2012-04-09 16:41 . 2012-04-12 13:18 -------- d-----w- c:\users\Belle\AppData\Roaming\IDM
2012-04-09 16:41 . 2012-04-09 16:42 -------- d-----w- c:\program files\Internet Download Manager
2012-04-09 15:17 . 2012-04-11 02:38 -------- d-----w- c:\program files\BabylonToolbar
2012-04-09 15:17 . 2012-04-09 15:17 237 ----a-w- C:\user.js
2012-04-09 15:17 . 2012-04-09 15:17 -------- d-----w- c:\programdata\Premium
2012-04-09 15:07 . 2012-04-09 15:07 -------- d-----w- C:\codec-info
2012-04-09 15:06 . 2012-04-09 15:17 -------- d-----w- c:\programdata\InstallMate
2012-04-04 17:13 . 2012-04-04 17:13 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 17:13 . 2012-04-04 17:13 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 17:13 . 2012-04-04 17:13 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-04-02 21:22 . 2012-04-02 21:22 -------- d-----w- c:\users\Belle\.m2
2012-04-02 21:20 . 2012-04-02 21:21 -------- d-----w- c:\users\Belle\.netbeans
2012-04-02 21:11 . 2012-04-02 21:14 -------- d-----w- c:\program files\NetBeans 7.1.1
2012-04-02 21:06 . 2012-04-02 21:06 -------- d-----w- c:\program files\Common Files\Java
2012-04-02 21:05 . 2012-04-02 21:05 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-02 20:44 . 2012-04-02 21:17 -------- d-----w- c:\users\Belle\.nbi
2012-04-01 15:32 . 2012-04-01 15:32 -------- d-----w- c:\program files\Common Files\Skype
2012-04-01 08:18 . 2012-04-01 08:18 -------- d-----w- c:\program files\RealNetworks
2012-03-30 02:20 . 2012-03-30 02:20 -------- d-----w- c:\users\Belle\AppData\Roaming\Malwarebytes
2012-03-30 02:20 . 2012-04-15 01:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-30 02:20 . 2012-04-09 19:42 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 02:20 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 20:36 . 2012-03-29 20:36 72080 ----a-w- c:\windows\system32\drivers\SZKGFS.sys
2012-03-27 21:35 . 2012-03-27 21:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-19 13:12 . 2012-03-19 13:12 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-19 13:12 . 2012-03-19 13:12 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 21:05 . 2010-05-06 02:56 567696 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-27 18:51 . 2011-06-26 14:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 03:04 . 2009-03-12 04:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-03-07 03:04 . 2009-03-12 04:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-24 19:28 . 2012-02-24 19:28 99728 ----a-w- c:\windows\system32\drivers\SZKG.sys
2012-02-24 19:28 . 2012-02-24 19:28 99728 ----a-w- c:\windows\system32\drivers\is3srv.sys
2012-02-23 18:17 . 2012-02-23 18:04 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-23 18:09 . 2012-02-23 18:09 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 18:09 . 2012-02-23 18:09 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 18:09 . 2012-02-23 18:09 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 18:09 . 2012-02-23 18:09 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 18:09 . 2012-02-23 18:09 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 18:09 . 2012-02-23 18:09 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 18:09 . 2012-02-23 18:09 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 18:09 . 2012-02-23 18:09 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 18:09 . 2012-02-23 18:09 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-08 01:13 . 2012-03-16 11:08 91936 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-02-01 21:30 . 2012-02-01 21:30 104949 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\pidgin-uninst.exe
2012-02-01 21:29 . 2012-02-01 21:29 90496 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2012-02-01 21:29 . 2012-02-01 21:29 55808 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\zlib1.dll
2012-02-01 21:29 . 2012-02-01 21:29 54700 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libpixmap.dll
2012-02-01 21:29 . 2012-02-01 21:29 447280 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\lib\gtk-2.0\modules\libgail.dll
2012-02-01 21:29 . 2012-02-01 21:29 27101 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\pango-querymodules.exe
2012-02-01 21:29 . 2012-02-01 21:29 219305 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpng14-14.dll
2012-02-01 21:29 . 2012-02-01 21:29 102774 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpangowin32-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 686030 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpangoft2-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 95189 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 904525 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libcairo-2.dll
2012-02-01 21:29 . 2012-02-01 21:29 827670 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgdk-win32-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 535264 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\freetype6.dll
2012-02-01 21:29 . 2012-02-01 21:29 53043 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgailutil-18.dll
2012-02-01 21:29 . 2012-02-01 21:29 482872 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgio-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 4740156 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgtk-win32-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 40146 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgthread-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 337702 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libpango-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 31692 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgmodule-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 314501 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgobject-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 279059 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libfontconfig-1.dll
2012-02-01 21:29 . 2012-02-01 21:29 26251 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gtk-query-immodules-2.0.exe
2012-02-01 21:29 . 2012-02-01 21:29 25718 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gspawn-win32-helper.exe
2012-02-01 21:29 . 2012-02-01 21:29 25294 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gdk-pixbuf-query-loaders.exe
2012-02-01 21:29 . 2012-02-01 21:29 252150 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libgdk_pixbuf-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 24264 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\gspawn-win32-helper-console.exe
2012-02-01 21:29 . 2012-02-01 21:29 150664 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libatk-1.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 143096 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libexpat-1.dll
2012-02-01 21:29 . 2012-02-01 21:29 1100888 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\libglib-2.0-0.dll
2012-02-01 21:29 . 2012-02-01 21:29 104861 ----a-w- c:\users\Belle\AppData\Roaming\Microsoft\Windows\Pidgin\Gtk\bin\intl.dll
2012-01-19 14:22 . 2012-01-19 14:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-03-19 13:12 . 2012-02-22 17:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-12-24 19:19 241752 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-11 39408]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-16 3478936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-20 6144000]
"Healthcare"="c:\program files\Lenovo\Healthcare\HealthCare.exe" [2008-02-24 466944]
"VeriFaceManager"="c:\program files\Lenovo\VeriFaceIII\PManage.exe" [2008-12-24 2916352]
"SetDefaultSCR"="c:\program files\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe" [2008-08-07 98304]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-03-07 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
tisspwiz.lnk - c:\program files\Trend Micro\Internet Security\tisspwiz.exe [N/A]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
NETSVCS REQUIRES REPAIRS - current entries shown
aelookupsvc
wercplsupport
themes
certpropsvc
scpolicysvc
lanmanserver
gpsvc
ikeext
audiosrv
fastuserswitchingcompatibility
ias
irmon
nla
ntmssvc
nwcworkstation
nwsapagent
rasauto
rasman
remoteaccess
sens
sharedaccess
srservice
wdelmgr20
cypresslink
serialkeys
vetfddnt
eacsys
fsma
sis7018
usrpda
gtf32bus
a016mdm
vaiomediaplatform-musicserver-http
iwebcal
cqmgserv
retrolauncher
z525mgmt
lvhidsvc
pelusblf
mresp50
unlockerdriver5
ups
symmpi
gt890x
wceusbsh
agnwifi
ptdcmdm
srvcssiomngr
cdrbsdrv
w800obex
xponaut_wbd
sfhlp02
icam5usb
phc600
pdlndqll
ntrtscan
ativxstw
cqcpu
vx1000
regmanserv
se2emdfl
zteusbser6k
ubhelper
cachemgr
gtndis5
diviscts
mresp50a64
nwadi
dmusic
ser2plms
emu10k1
dladresm
patrol_scheduler
lvrs
fvnetusb
dyndns_updater_service
evian
umaxpcls
srescan
mcdbus
nxsysmon
vrservice
ctljystk
arcltsrv
dashsvc
sndtdriverv32
tapisrv
wmi
wmdmpmsp
termservice
wuauserv
bits
shellhwdetection
logonhours
pcaudit
helpsvc
uploadmgr
iphlpsvc
seclogon
appinfo
msiscsi
mmcss
profsvc
eaphost
winmgmt
schedule
sessionenv
browser
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 23:54]
.
2012-04-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-11 02:57]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:36]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 23:36]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005Core.job
- c:\users\Belle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 19:30]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4062213243-2715843153-2725576425-1005UA.job
- c:\users\Belle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-07 19:30]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{B4A8E5D0-2834-4498-8E6B-E9DD1D4D46E4}.job
- c:\windows\system32\msfeedssync.exe [2011-09-18 04:32]
.
2012-04-16 c:\windows\Tasks\User_Feed_Synchronization-{B7B6FDF8-737B-4CD3-AC18-9B0AFF415412}.job
- c:\windows\system32\msfeedssync.exe [2011-09-18 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - c:\program files\Ant.com\IE add-on\download.dll
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Belle\AppData\Roaming\Mozilla\Firefox\Profiles\1af5k6uw.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 11:14
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4062213243-2715843153-2725576425-1005_Classes\CLSID\{584a646f-4073-4b57-8794-b721da25fbf6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000006a
"Therad"=dword:00000008
.
[HKEY_USERS\S-1-5-21-4062213243-2715843153-2725576425-1005_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):1e,e1,7f,ea,6e,07,61,99,49,10,53,36,0a,3b,e5,a6,1e,8b,a3,d3,f2,
09,8b,37,2b,a7,25,29,2c,5e,a6,5c,a7,5e,d4,99,8b,f4,a3,fd,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1540)
c:\windows\system32\IcnOvrly.dll
.
Completion time: 2012-04-16 11:17:47
ComboFix-quarantined-files.txt 2012-04-16 15:17
ComboFix2.txt 2012-04-16 14:50
ComboFix3.txt 2012-04-15 17:03
.
Pre-Run: 195,915,710,464 bytes free
Post-Run: 195,851,583,488 bytes free
.
- - End Of File - - 85BE4D114F74BFBE2292BBD7FDC6F8E4

Hi,

To remove AVG completely download and run the tool found here (http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe).
----------

That ComboFix log was what I was wanting to see. How is your system running? :)

The FF/IE redirection is gone and it seems faster.
Which is what brought me here in the first place.

Thank you for your help. :rockon:

I'll remove AVG and that should also speed up things as I free up resources.

--Josh

Hi,

Glad things are back to normal...

Providing there are no other malware related problems...

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

:2thumb:

I'm all set.

Thank you very much Jeff.
You have been very helpful and a delight to work with.

:bigthumb:

You are more than welcome! I am glad that I could help. :)

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
----------