Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Sweetpacks & other stuff

  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    78

    Default Sweetpacks & other stuff

    Not sure how I got Sweetpacks, but it's annoying as all heck. Also, during the asw scan, it showed utorrent or scanning it but I cannot find that anywhere on my computer. Not in my program files or add/remove programs or anything. Not sure if that's something or not. Also, ran spybot the other night to post here, but computer derped so didn't get the files. it detected a few things it could not fix..but this sca
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 1.6.0_45
    Run by Phoenix at 21:36:25 on 2013-07-02
    Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3262.1557 [GMT -5:00]
    .
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Furcadia\furc_on.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Furcadia\Furcadia.exe
    C:\Program Files\mIRC\mirc.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\dmwu.exe
    C:\Windows\System32\jmdp\stij.exe
    C:\Program Files\SkypeAutoAnswer\AutoAnswer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN10050045552776410&UM=2&UP=SP7A9AAE07-8879-4A87-AF5D-A270EDA89B8F
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5FA32070-E33B-11E2-8337-001E682AA689}
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\program files\hp\smart web printing\hpswp_framework.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [SearchProtect] c:\users\phoenix\appdata\roaming\searchprotect\bin\cltmng.exe
    uRunOnce: [SpybotDeletingB5299] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
    uRunOnce: [SpybotDeletingD7233] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
    uRunOnce: [SpybotDeletingB1253] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
    uRunOnce: [SpybotDeletingD7190] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
    uRunOnce: [SpybotDeletingB7470] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
    uRunOnce: [SpybotDeletingD3935] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
    uRunOnce: [SpybotDeletingB3608] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
    uRunOnce: [SpybotDeletingD9148] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
    uRunOnce: [SpybotDeletingB8942] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
    uRunOnce: [SpybotDeletingD4376] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
    uRunOnce: [SpybotDeletingB9361] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
    uRunOnce: [SpybotDeletingD4637] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
    uRunOnce: [SpybotDeletingB5160] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
    uRunOnce: [SpybotDeletingD9852] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
    uRunOnce: [SpybotDeletingB7921] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
    uRunOnce: [SpybotDeletingD5412] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
    uRunOnce: [SpybotDeletingB3459] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
    uRunOnce: [SpybotDeletingD9859] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
    uRunOnce: [SpybotDeletingB7049] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
    uRunOnce: [SpybotDeletingD4699] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
    uRunOnce: [SpybotDeletingB5428] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
    uRunOnce: [SpybotDeletingD9190] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
    uRunOnce: [SpybotDeletingB926] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
    uRunOnce: [SpybotDeletingD4296] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
    uRunOnce: [SpybotDeletingB6145] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
    uRunOnce: [SpybotDeletingD275] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
    uRunOnce: [SpybotDeletingB1729] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
    uRunOnce: [SpybotDeletingD1293] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
    uRunOnce: [SpybotDeletingB4960] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
    uRunOnce: [SpybotDeletingD6968] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
    uRunOnce: [SpybotDeletingB9276] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
    uRunOnce: [SpybotDeletingD4045] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
    uRunOnce: [SpybotDeletingB2028] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
    uRunOnce: [SpybotDeletingD6160] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
    uRunOnce: [SpybotDeletingB9306] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
    uRunOnce: [SpybotDeletingD3802] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
    uRunOnce: [SpybotDeletingB7536] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
    uRunOnce: [SpybotDeletingD9713] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
    uRunOnce: [SpybotDeletingB5542] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
    uRunOnce: [SpybotDeletingD5440] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
    uRunOnce: [SpybotDeletingB2779] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
    uRunOnce: [SpybotDeletingD7173] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
    uRunOnce: [SpybotDeletingB3122] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
    uRunOnce: [SpybotDeletingD4924] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
    uRunOnce: [SpybotDeletingB1170] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
    uRunOnce: [SpybotDeletingD9060] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
    uRunOnce: [SpybotDeletingB9757] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
    uRunOnce: [SpybotDeletingD2747] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
    uRunOnce: [SpybotDeletingB7855] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
    uRunOnce: [SpybotDeletingD1510] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
    uRunOnce: [SpybotDeletingB4217] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
    uRunOnce: [SpybotDeletingD6137] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
    uRunOnce: [SpybotDeletingB314] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
    uRunOnce: [SpybotDeletingD433] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
    uRunOnce: [SpybotDeletingB8188] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
    uRunOnce: [SpybotDeletingD6635] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
    uRunOnce: [SpybotDeletingB8996] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
    uRunOnce: [SpybotDeletingD451] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
    uRunOnce: [SpybotDeletingB6449] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
    uRunOnce: [SpybotDeletingD7215] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
    uRunOnce: [SpybotDeletingB412] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
    uRunOnce: [SpybotDeletingD3417] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
    uRunOnce: [SpybotDeletingB1570] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
    uRunOnce: [SpybotDeletingD5700] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
    uRunOnce: [SpybotDeletingB534] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
    uRunOnce: [SpybotDeletingD1010] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
    uRunOnce: [SpybotDeletingB6227] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
    uRunOnce: [SpybotDeletingD3155] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
    uRunOnce: [SpybotDeletingB2170] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
    uRunOnce: [SpybotDeletingD5595] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
    uRunOnce: [SpybotDeletingB3129] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
    uRunOnce: [SpybotDeletingD253] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
    uRunOnce: [SpybotDeletingB8926] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
    uRunOnce: [SpybotDeletingD593] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
    uRunOnce: [SpybotDeletingB5983] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
    uRunOnce: [SpybotDeletingD77] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
    uRunOnce: [SpybotDeletingB2866] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
    uRunOnce: [SpybotDeletingD5049] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
    uRunOnce: [SpybotDeletingB6306] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
    uRunOnce: [SpybotDeletingD4258] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
    uRunOnce: [SpybotDeletingB641] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
    uRunOnce: [SpybotDeletingD1185] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
    uRunOnce: [SpybotDeletingB6585] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
    uRunOnce: [SpybotDeletingD5826] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
    uRunOnce: [SpybotDeletingB1479] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
    uRunOnce: [SpybotDeletingD5913] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
    uRunOnce: [SpybotDeletingB3567] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
    uRunOnce: [SpybotDeletingD3447] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
    uRunOnce: [SpybotDeletingB7281] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
    uRunOnce: [SpybotDeletingD770] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
    uRunOnce: [SpybotDeletingB1497] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
    uRunOnce: [SpybotDeletingD9512] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
    uRunOnce: [SpybotDeletingB6992] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
    uRunOnce: [SpybotDeletingD8790] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
    uRunOnce: [SpybotDeletingB2805] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
    uRunOnce: [SpybotDeletingD383] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
    uRunOnce: [SpybotDeletingB838] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
    uRunOnce: [SpybotDeletingD1645] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
    uRunOnce: [SpybotDeletingB1362] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
    uRunOnce: [SpybotDeletingD4097] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
    uRunOnce: [SpybotDeletingB8348] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
    uRunOnce: [SpybotDeletingD5847] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
    mRunOnce: [SpybotDeletingA3039] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
    mRunOnce: [SpybotDeletingC1226] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
    mRunOnce: [SpybotDeletingA1346] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
    mRunOnce: [SpybotDeletingC3427] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
    mRunOnce: [SpybotDeletingA4726] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
    mRunOnce: [SpybotDeletingC1632] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
    mRunOnce: [SpybotDeletingA1898] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
    mRunOnce: [SpybotDeletingC4408] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
    mRunOnce: [SpybotDeletingA1157] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
    mRunOnce: [SpybotDeletingC5928] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
    mRunOnce: [SpybotDeletingA2556] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
    mRunOnce: [SpybotDeletingC5883] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
    mRunOnce: [SpybotDeletingA9464] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
    mRunOnce: [SpybotDeletingC8159] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
    mRunOnce: [SpybotDeletingA7117] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
    mRunOnce: [SpybotDeletingC1565] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
    mRunOnce: [SpybotDeletingA4227] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
    mRunOnce: [SpybotDeletingC4800] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
    mRunOnce: [SpybotDeletingA671] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
    mRunOnce: [SpybotDeletingC2208] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
    mRunOnce: [SpybotDeletingA7486] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
    mRunOnce: [SpybotDeletingC7603] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
    mRunOnce: [SpybotDeletingA5440] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
    mRunOnce: [SpybotDeletingC9490] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
    mRunOnce: [SpybotDeletingA1630] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
    mRunOnce: [SpybotDeletingC4396] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
    mRunOnce: [SpybotDeletingA9821] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
    mRunOnce: [SpybotDeletingC2297] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
    mRunOnce: [SpybotDeletingA3047] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
    mRunOnce: [SpybotDeletingC7444] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
    mRunOnce: [SpybotDeletingA1321] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
    mRunOnce: [SpybotDeletingC2547] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
    mRunOnce: [SpybotDeletingA216] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
    mRunOnce: [SpybotDeletingC5159] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
    mRunOnce: [SpybotDeletingA5574] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
    mRunOnce: [SpybotDeletingC907] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
    mRunOnce: [SpybotDeletingA4558] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
    mRunOnce: [SpybotDeletingC6576] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
    mRunOnce: [SpybotDeletingA659] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
    mRunOnce: [SpybotDeletingC7654] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
    mRunOnce: [SpybotDeletingA2039] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
    mRunOnce: [SpybotDeletingC6281] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
    mRunOnce: [SpybotDeletingA6457] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
    mRunOnce: [SpybotDeletingC6032] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
    mRunOnce: [SpybotDeletingA9048] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
    mRunOnce: [SpybotDeletingC8622] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
    mRunOnce: [SpybotDeletingA2977] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
    mRunOnce: [SpybotDeletingC1233] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
    mRunOnce: [SpybotDeletingA8076] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
    mRunOnce: [SpybotDeletingC1142] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
    mRunOnce: [SpybotDeletingA4499] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
    mRunOnce: [SpybotDeletingC6406] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
    mRunOnce: [SpybotDeletingA4903] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
    mRunOnce: [SpybotDeletingC983] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
    mRunOnce: [SpybotDeletingA741] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
    mRunOnce: [SpybotDeletingC4612] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
    mRunOnce: [SpybotDeletingA3952] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
    mRunOnce: [SpybotDeletingC9314] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
    mRunOnce: [SpybotDeletingA7949] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
    mRunOnce: [SpybotDeletingC9890] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
    mRunOnce: [SpybotDeletingA5954] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
    mRunOnce: [SpybotDeletingC7572] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
    mRunOnce: [SpybotDeletingA529] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
    mRunOnce: [SpybotDeletingC5226] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
    mRunOnce: [SpybotDeletingA7462] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
    mRunOnce: [SpybotDeletingC3124] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
    mRunOnce: [SpybotDeletingA7028] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
    mRunOnce: [SpybotDeletingC9516] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
    mRunOnce: [SpybotDeletingA1665] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
    mRunOnce: [SpybotDeletingC9588] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
    mRunOnce: [SpybotDeletingA8159] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
    mRunOnce: [SpybotDeletingC2910] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
    mRunOnce: [SpybotDeletingA8782] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
    mRunOnce: [SpybotDeletingC9060] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
    mRunOnce: [SpybotDeletingA9645] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
    mRunOnce: [SpybotDeletingC3611] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
    mRunOnce: [SpybotDeletingA1172] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
    mRunOnce: [SpybotDeletingC1135] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
    mRunOnce: [SpybotDeletingA6013] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
    mRunOnce: [SpybotDeletingC3112] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
    mRunOnce: [SpybotDeletingA5464] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
    mRunOnce: [SpybotDeletingC2990] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
    mRunOnce: [SpybotDeletingA551] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
    mRunOnce: [SpybotDeletingC3958] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
    mRunOnce: [SpybotDeletingA2339] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
    mRunOnce: [SpybotDeletingC6704] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
    mRunOnce: [SpybotDeletingA4589] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
    mRunOnce: [SpybotDeletingC5225] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
    mRunOnce: [SpybotDeletingA8708] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
    mRunOnce: [SpybotDeletingC8297] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
    mRunOnce: [SpybotDeletingA1656] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
    mRunOnce: [SpybotDeletingC6396] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
    mRunOnce: [SpybotDeletingA5894] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
    mRunOnce: [SpybotDeletingC1833] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
    mRunOnce: [SpybotDeletingA1878] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
    mRunOnce: [SpybotDeletingC3637] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
    mRunOnce: [SpybotDeletingA5996] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
    mRunOnce: [SpybotDeletingC8738] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
    mRunOnce: [SpybotDeletingA5336] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
    mRunOnce: [SpybotDeletingC2019] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
    mRunOnce: [SpybotDeletingA6736] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
    mRunOnce: [SpybotDeletingC230] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\phoenix\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{54A4859D-93EA-43A8-AD0A-3FEF4C6863ED} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\
    FF - prefs.js: browser.search.defaulturl -
    FF - prefs.js: browser.search.selectedEngine - SweetIM Search
    FF - prefs.js: browser.startup.homepage - hxxp://start.sweetpacks.com/?barid={5FA32070-E33B-11E2-8337-001E682AA689}&crg=3.5000006.10045&st=23|http://www.aywas.org/news/
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
    FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
    FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
    FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
    FF - ExtSQL: 2013-06-13 22:09; {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVEs2DdX&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 5cf6908d000000000000001f3a513170
    FF - user.js: extensions.incredibar_i.instlDay - 15673
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.142:50:40
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6OyVEs2DdX
    FF - user.js: extensions.incredibar_i.upn2n - 92262534126543597
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-13 37664]
    R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2012-11-29 1167152]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2013-5-27 27136]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
    S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2013-5-27 746392]
    S4 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]
    S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-8-12 1153368]
    S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-27 1015984]
    .
    =============== Created Last 30 ================
    .
    2013-07-02 17:24:28 -------- d-----w- c:\program files\SkypeAutoAnswer
    2013-07-02 14:29:50 -------- d-----w- c:\users\phoenix\appdata\local\CRE
    2013-07-02 14:29:05 -------- d-----w- c:\users\phoenix\appdata\roaming\SearchProtect
    2013-06-21 12:12:22 -------- d-----w- c:\users\phoenix\appdata\roaming\runic games
    2013-06-19 00:57:48 -------- d-----w- c:\users\phoenix\appdata\local\GOG.com
    2013-06-19 00:57:35 -------- d-----w- c:\program files\GOG.com
    2013-06-14 03:10:01 -------- d-----w- c:\program files\Sun
    .
    ==================== Find3M ====================
    .
    2013-06-18 10:10:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-18 10:10:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-27 22:20:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-05-27 08:58:04 1167152 ----a-w- c:\windows\system32\dmwu.exe
    2013-05-27 08:55:06 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
    .
    ============= FINISH: 21:36:54.56 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-07-03 04:47:43
    -----------------------------
    04:47:43.811 OS Version: Windows 6.0.6001 Service Pack 1
    04:47:43.811 Number of processors: 2 586 0x6802
    04:47:43.812 ComputerName: DJIBOUTI UserName: Phoenix
    04:47:48.715 Initialize success
    04:48:41.136 AVAST engine defs: 13070200
    04:48:50.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    04:48:50.238 Disk 0 Vendor: WDC_WD5000LPVT-00G33T0 01.01A01 Size: 476940MB BusType: 3
    04:48:50.472 Disk 0 MBR read successfully
    04:48:50.488 Disk 0 MBR scan
    04:48:50.518 Disk 0 unknown MBR code
    04:48:50.553 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 465484 MB offset 63
    04:48:50.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11452 MB offset 953313165
    04:48:50.672 Disk 0 scanning sectors +976768065
    04:48:51.024 Disk 0 scanning C:\Windows\system32\drivers
    04:49:20.732 Service scanning
    04:50:29.564 Modules scanning
    04:50:37.017 Disk 0 trace - called modules:
    04:50:37.054 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ndis.sys nvmfdx32.sys dxgkrnl.sys nvlddmkm.sys
    04:50:37.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85341740]
    04:50:37.057 3 CLASSPNP.SYS[8a5a1745] -> nt!IofCallDriver -> [0x83f971c8]
    04:50:37.058 5 acpi.sys[806166a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x83f98ba0]
    04:50:40.298 AVAST engine scan C:\Windows
    04:50:48.822 AVAST engine scan C:\Windows\system32
    04:54:57.923 AVAST engine scan C:\Windows\system32\drivers
    04:55:40.822 AVAST engine scan C:\Users\Phoenix
    06:29:13.659 AVAST engine scan C:\ProgramData
    06:41:03.829 Scan finished successfully
    09:54:26.556 Disk 0 MBR has been saved successfully to "C:\Users\Phoenix\Desktop\MBR.dat"
    09:54:26.615 The log file has been saved successfully to "C:\Users\Phoenix\Desktop\aswMBR.txt"

    Win32.Downloader.gen: [SBI $BCCEBCBD] Program directory (Directory, nothing done)
    C:\Users\Phoenix\AppData\Roaming\SearchProtect\

    FastClick: Tracking cookie (Internet Explorer: Phoenix) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Internet Explorer: Phoenix) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Internet Explorer: Phoenix) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
    Attached Files Attached Files
    And Still She Sings, Till Everything Burns
    +-+-+-+-+-+-+-+
    |P|h|o|e|n|i|x|
    +-+-+-+-+-+-+-+
    I Believe In Karma, What You Give Is What You Get Returned

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Most times you get things like Sweetpacks by downloading a program and not reading what your getting, a lot of this garbage is bundled with some legit programs, during the install your need to read read read before clicking on Next


    Go here and download AdwCleaner to your desktop

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.








    Please download Junkware Removal Tool to your desktop.
    • Shutdown your antivirus to avoid any conflicts.
    • Double click JRT.exe to run the tool
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next reply






    Please download Malwarebytes Anti-Malware to your desktop.

    • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan as shown below.


    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.




    I need to see
    1. Adwcleaner log
    2. Junkware removal log
    3. Malwarebytes log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Jan 2008
    Posts
    78

    Default

    Thank you for your reply. I was beginning to worry.

    # AdwCleaner v2.305 - Logfile created 07/14/2013 at 18:34:07
    # Updated 11/07/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
    # User : Phoenix - DJIBOUTI
    # Boot Mode : Normal
    # Running from : C:\Users\Phoenix\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Windows\system32\jmdp
    Deleted on reboot : C:\Windows\system32\Zynga
    Deleted on reboot : C:\Windows\system32\Zynga
    File Deleted : C:\END
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\user.js
    File Deleted : C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
    File Deleted : C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Users\Phoenix\Desktop\jZip.lnk
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\IB Updater
    Folder Deleted : C:\Program Files\jZip
    Folder Deleted : C:\Program Files\SearchProtect
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Phoenix\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Phoenix\AppData\Local\Conduit
    Folder Deleted : C:\Users\Phoenix\AppData\Local\jZip
    Folder Deleted : C:\Users\Phoenix\AppData\Local\Temp\AirInstaller
    Folder Deleted : C:\Users\Phoenix\AppData\Local\Temp\jZip
    Folder Deleted : C:\Users\Phoenix\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Phoenix\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Phoenix\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Phoenix\AppData\Roaming\SearchProtect
    Folder Deleted : C:\Windows\system32\ARFC
    Folder Deleted : C:\Windows\system32\WNLT

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\jZip
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\WNLT
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
    Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287804
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\Software\jZip
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\Viewpoint
    Key Deleted : HKLM\Software\WNLT
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6001.18639

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN10050045552776410&UM=2&UP=SP7A9AAE07-8879-4A87-AF5D-A270EDA89B8F --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5FA32070-E33B-11E2-8337-001E682AA689} --> hxxp://www.google.com

    -\\ Mozilla Firefox v19.0.2 (en-US)

    File : C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\prefs.js

    C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\user.js ... Deleted !

    Deleted : user_pref("CT2612669_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CT3287804_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN33133571[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
    Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
    Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v6 Customized Web Search");
    Deleted : user_pref("browser.search.selectedEngine", "SweetIM Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?barid={5FA32070-E33B-11E2-8337-0[...]
    Deleted : user_pref("extensions.incredibar.admin", false);
    Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar.cntry", "US");
    Deleted : user_pref("extensions.incredibar.dfltLng", "");
    Deleted : user_pref("extensions.incredibar.dfltSrch", false);
    Deleted : user_pref("extensions.incredibar.did", "10643");
    Deleted : user_pref("extensions.incredibar.envrmnt", "production");
    Deleted : user_pref("extensions.incredibar.excTlbr", false);
    Deleted : user_pref("extensions.incredibar.hdrMd5", "9FE8072D79CEEEE09BAAC0A2B20B9533");
    Deleted : user_pref("extensions.incredibar.hmpg", false);
    Deleted : user_pref("extensions.incredibar.id", "5cf6908d000000000000001f3a513170");
    Deleted : user_pref("extensions.incredibar.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar.instlDay", "15673");
    Deleted : user_pref("extensions.incredibar.instlRef", "");
    Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
    Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.142:50:40");
    Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
    Deleted : user_pref("extensions.incredibar.newTab", false);
    Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
    Deleted : user_pref("extensions.incredibar.ppd", "1");
    Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar.productid", "26");
    Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar.sg", "none");
    Deleted : user_pref("extensions.incredibar.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyVEs2DdX&loc=IB_T[...]
    Deleted : user_pref("extensions.incredibar.upn2", "6OyVEs2DdX");
    Deleted : user_pref("extensions.incredibar.upn2n", "92262534126543597");
    Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.142:50:40");
    Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
    Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
    Deleted : user_pref("extensions.incredibar_i.did", "10643");
    Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
    Deleted : user_pref("extensions.incredibar_i.id", "5cf6908d000000000000001f3a513170");
    Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
    Deleted : user_pref("extensions.incredibar_i.instlDay", "15673");
    Deleted : user_pref("extensions.incredibar_i.instlRef", "");
    Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
    Deleted : user_pref("extensions.incredibar_i.newTab", false);
    Deleted : user_pref("extensions.incredibar_i.ppd", "1");
    Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
    Deleted : user_pref("extensions.incredibar_i.productid", "26");
    Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
    Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
    Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
    Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyVEs2DdX&loc=IB[...]
    Deleted : user_pref("extensions.incredibar_i.upn2", "6OyVEs2DdX");
    Deleted : user_pref("extensions.incredibar_i.upn2n", "92262534126543597");
    Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
    Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.142:50:40");
    Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
    Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3287804");
    Deleted : user_pref("smartbar.machineId", "+PX/FK26FMBU54E5VGQVPJTHLBN/GY0/9KKYRDQZ8F4WVAE1VQL2UI6BCWIAKUSLLBV[...]
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.aywas.org/news/");
    Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

    -\\ Opera v12.11.1661.0

    File : C:\Users\Phoenix\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [398 octets] - [14/07/2013 15:23:05]
    AdwCleaner[S2].txt - [18100 octets] - [14/07/2013 18:34:07]

    ########## EOF - C:\AdwCleaner[S2].txt - [18161 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 5.0.9 (07.12.2013:2)
    OS: Windows Vista (TM) Home Basic x86
    Ran by Phoenix on Sun 07/14/2013 at 18:56:50.28
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CD7C5EC1-2A04-46FE-B268-FB8D75872430}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CD7C5EC1-2A04-46FE-B268-FB8D75872430}



    ~~~ Files

    Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"
    Successfully deleted: [File] C:\eula.1028.txt
    Successfully deleted: [File] C:\eula.1031.txt
    Successfully deleted: [File] C:\eula.1033.txt
    Successfully deleted: [File] C:\eula.1036.txt
    Successfully deleted: [File] C:\eula.1040.txt
    Successfully deleted: [File] C:\eula.1041.txt
    Successfully deleted: [File] C:\eula.1042.txt
    Successfully deleted: [File] C:\eula.2052.txt
    Successfully deleted: [File] C:\install.res.1028.dll
    Successfully deleted: [File] C:\install.res.1031.dll
    Successfully deleted: [File] C:\install.res.1033.dll
    Successfully deleted: [File] C:\install.res.1036.dll
    Successfully deleted: [File] C:\install.res.1040.dll
    Successfully deleted: [File] C:\install.res.1041.dll
    Successfully deleted: [File] C:\install.res.1042.dll
    Successfully deleted: [File] C:\install.res.2052.dll
    Successfully deleted: [File] C:\install.res.3082.dll



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Phoenix\appdata\local\{754E9E12-F80E-4871-9FD1-126073BF48A9}
    Successfully deleted: [Empty Folder] C:\Users\Phoenix\appdata\local\{D83F4B25-B55B-4A8E-BE63-55F9B3388765}



    ~~~ FireFox

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7d4f1959-3f72-49d5-8e59-f02f8aa6815d}
    Emptied folder: C:\Users\Phoenix\AppData\Roaming\mozilla\firefox\profiles\1w5oxnrp.default\minidumps [126 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 07/14/2013 at 19:00:10.35
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.07.14.08

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    Phoenix :: DJIBOUTI [administrator]

    7/14/2013 7:11:59 PM
    mbam-log-2013-07-14 (19-11-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210784
    Time elapsed: 8 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Phoenix\Downloads\windows live messenger setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

    (end)
    And Still She Sings, Till Everything Burns
    +-+-+-+-+-+-+-+
    |P|h|o|e|n|i|x|
    +-+-+-+-+-+-+-+
    I Believe In Karma, What You Give Is What You Get Returned

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Sometimes we get so busy that a thread now and then may fall through the cracks, very sorry about that but I am linked to you now

    Things any better ?


    OTL by OldTimer
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the "Scan All Users" checkbox.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
        Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Jan 2008
    Posts
    78

    Default

    Yes. Sweetpacks stuff is gone!

    OTL logfile created on: 7/15/2013 5:40:32 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phoenix\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.19 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 74.45% Memory free
    6.60 Gb Paging File | 5.87 Gb Available in Paging File | 88.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 454.58 Gb Total Space | 200.39 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
    Drive D: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.83% Space Free | Partition Type: NTFS
    Drive F: | 454.58 Gb Total Space | 257.14 Gb Free Space | 56.57% Space Free | Partition Type: NTFS
    Drive G: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.90% Space Free | Partition Type: NTFS

    Computer Name: DJIBOUTI | User Name: Phoenix | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Phoenix\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Furcadia\furc_on.exe (Dragon's Eye Productions, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe File not found
    SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
    SRV - (AffinegyService) -- C:\Program Files\TWC\DigiDo\AffinegyService.exe (Affinegy, Inc.)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
    SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
    SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
    SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
    DRV - (tap0901t) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
    DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
    DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
    DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
    DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
    DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
    DRV - (SymIMMP) -- C:\Windows\System32\drivers\SymIM.sys (Symantec Corporation)
    DRV - (SymIM) -- C:\Windows\System32\drivers\SymIM.sys (Symantec Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
    DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
    DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
    DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
    DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
    DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{1D006497-C638-413B-B6A4-ABEA308EB006}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt




    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes\{1D006497-C638-413B-B6A4-ABEA308EB006}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaulturl: ""
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.aywas.org/news/"
    FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2
    FF - prefs.js..extensions.enabledAddons: activegs%40freetoolsassociation.com:3.6.1307
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0045-ABCDEFFEDCBA%7D:6.0.45
    FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7
    FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.0.8
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Phoenix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Phoenix\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Phoenix\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phoenix\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phoenix\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/02 09:29:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/25 16:29:59 | 000,000,000 | ---D | M]

    [2012/06/30 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Extensions
    [2013/07/09 12:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions
    [2013/07/09 12:02:04 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
    [2012/06/30 20:37:11 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
    [2013/02/25 08:51:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2013/03/29 21:13:27 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com
    [2013/02/05 02:48:15 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\djziggy@gmail.com
    [2012/06/30 20:40:30 | 000,613,946 | ---- | M] () (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{021bfe80-a015-11de-8a39-0800200c9a66}.xpi
    [2013/07/03 12:32:27 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2013/07/03 14:22:34 | 000,001,793 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\Bing.xml
    [2013/07/02 09:30:31 | 000,001,110 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
    [2013/06/13 22:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/06/13 22:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
    [2013/03/10 05:49:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/12/20 02:32:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2013/03/10 05:49:10 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2013/05/27 09:49:55 | 000,448,610 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 15406 more lines...
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
    O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
    O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
    O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_45)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_45)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_45)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54A4859D-93EA-43A8-AD0A-3FEF4C6863ED}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2012/06/29 04:15:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O32 - AutoRun File - [2011/03/09 18:11:17 | 000,000,074 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - G:\AUTOMODE -- [ NTFS ]
    O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell - "" = AutoRun
    O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
    O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/07/15 17:38:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe
    [2013/07/15 14:47:21 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\Desktop\CDL
    [2013/07/14 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\Malwarebytes
    [2013/07/14 19:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/07/14 19:10:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/07/14 19:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/07/14 19:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/07/14 19:09:54 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phoenix\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/14 18:56:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/07/14 18:55:51 | 000,559,441 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Phoenix\Desktop\JRT.exe
    [2013/07/03 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\SkypePM
    [2013/07/03 00:09:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2013/07/03 00:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/07/03 00:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2013/07/02 12:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypeAutoAnswer
    [2013/07/02 12:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\SkypeAutoAnswer
    [2013/07/02 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Local\CRE
    [2013/07/01 23:26:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Phoenix\Desktop\dds.scr
    [2013/07/01 23:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/06/21 07:12:22 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\runic games
    [2013/06/18 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\Documents\GOG.com Downloads
    [2013/06/18 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Local\GOG.com
    [2013/06/18 19:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
    [2013/06/18 19:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
    [2013/06/17 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

    ========== Files - Modified Within 30 Days ==========

    [2013/07/15 17:38:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe
    [2013/07/15 17:16:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/07/15 16:54:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000UA.job
    [2013/07/15 16:10:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/07/15 16:10:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/07/15 14:47:21 | 000,041,861 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.001
    [2013/07/15 13:50:27 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/07/15 00:16:38 | 002,090,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/07/15 00:16:38 | 000,633,434 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/07/15 00:10:22 | 000,000,214 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
    [2013/07/15 00:10:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/07/15 00:10:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2013/07/15 00:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/07/15 00:09:59 | 3421,396,992 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/14 23:54:18 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000Core.job
    [2013/07/14 20:11:10 | 000,030,208 | ---- | M] () -- C:\Users\Phoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/07/14 19:10:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/07/14 19:09:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phoenix\Desktop\mbam-setup-1.75.0.1300.exe
    [2013/07/14 18:56:14 | 000,559,441 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Phoenix\Desktop\JRT.exe
    [2013/07/14 15:21:45 | 000,662,345 | ---- | M] () -- C:\Users\Phoenix\Desktop\AdwCleaner.exe
    [2013/07/03 14:31:00 | 000,000,733 | ---- | M] () -- C:\Users\Phoenix\Desktop\SkypePortable.exe - Shortcut.lnk
    [2013/07/03 10:00:24 | 000,000,803 | ---- | M] () -- C:\Users\Phoenix\Desktop\attach.zip
    [2013/07/03 09:54:26 | 000,000,512 | ---- | M] () -- C:\Users\Phoenix\Desktop\MBR.dat
    [2013/07/02 21:30:00 | 000,004,879 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/07/02 12:24:28 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\SkypeAutoAnswer.lnk
    [2013/07/02 08:40:00 | 000,484,992 | ---- | M] () -- C:\Users\Phoenix\Desktop\MineCraftNEW.exe
    [2013/07/01 23:36:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Phoenix\Desktop\aswMBR.exe
    [2013/07/01 23:26:22 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Phoenix\Desktop\dds.scr
    [2013/07/01 23:21:12 | 000,000,714 | ---- | M] () -- C:\Users\Phoenix\Desktop\ERUNT.lnk
    [2013/07/01 23:19:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Phoenix\Desktop\erunt-setup.exe
    [2013/06/21 07:19:25 | 000,041,861 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.dat
    [2013/06/21 07:12:16 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight.lnk
    [2013/06/19 19:08:03 | 000,315,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/06/18 05:10:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/06/18 05:10:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/06/17 17:50:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

    ========== Files Created - No Company Name ==========

    [2013/07/14 19:10:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/07/14 15:21:33 | 000,662,345 | ---- | C] () -- C:\Users\Phoenix\Desktop\AdwCleaner.exe
    [2013/07/13 23:49:17 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000UA.job
    [2013/07/13 23:49:15 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000Core.job
    [2013/07/03 14:31:00 | 000,000,733 | ---- | C] () -- C:\Users\Phoenix\Desktop\SkypePortable.exe - Shortcut.lnk
    [2013/07/03 10:00:24 | 000,000,803 | ---- | C] () -- C:\Users\Phoenix\Desktop\attach.zip
    [2013/07/03 09:54:26 | 000,000,512 | ---- | C] () -- C:\Users\Phoenix\Desktop\MBR.dat
    [2013/07/03 00:09:10 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/07/02 21:29:39 | 000,004,879 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/07/02 12:24:28 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\SkypeAutoAnswer.lnk
    [2013/07/02 08:39:56 | 000,484,992 | ---- | C] () -- C:\Users\Phoenix\Desktop\MineCraftNEW.exe
    [2013/07/01 23:21:12 | 000,000,714 | ---- | C] () -- C:\Users\Phoenix\Desktop\ERUNT.lnk
    [2013/06/21 07:12:16 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight.lnk
    [2013/06/17 17:50:40 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/11/29 03:50:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
    [2012/10/18 18:41:23 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
    [2012/10/02 00:04:36 | 000,000,542 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\wklnhst.dat
    [2012/09/16 15:53:33 | 000,030,208 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/09/09 00:06:45 | 000,007,944 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\d3d9caps.dat
    [2012/06/29 21:18:39 | 000,041,861 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.001
    [2012/06/29 21:16:00 | 000,041,861 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.dat
    [2012/06/29 12:19:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/06/29 12:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2012/06/29 05:16:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2012/06/29 05:11:58 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2012/06/29 04:30:03 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========


    ========== Purity Check ==========



    < End of report >

    OTL Extras logfile created on: 7/15/2013 5:40:32 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phoenix\Desktop
    Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.19 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 74.45% Memory free
    6.60 Gb Paging File | 5.87 Gb Available in Paging File | 88.93% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 454.58 Gb Total Space | 200.39 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
    Drive D: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.83% Space Free | Partition Type: NTFS
    Drive F: | 454.58 Gb Total Space | 257.14 Gb Free Space | 56.57% Space Free | Partition Type: NTFS
    Drive G: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.90% Space Free | Partition Type: NTFS

    Computer Name: DJIBOUTI | User Name: Phoenix | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01687783-2772-48FC-8CC3-4D89F5B67A2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{0732DD12-1AB9-4EF0-9AFD-121894C3B45A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
    "{25566255-B92F-439E-AC19-96F96A8B85A9}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{304C490E-CB16-44FB-94C7-52474A9E55FE}" = protocol=17 | dir=in | app=c:\program files\twc\digido\digido.exe |
    "{43BB93BE-BFEB-444F-B91E-DF7873F46FF3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{4C442032-0851-4E04-A8A0-2F15E594E3F7}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "{55885F82-A7F1-4005-9BD4-7F4FDE810A93}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{625BC8B9-5A19-4361-9331-FA7C0360F0B8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{627F4A80-4F47-4E3D-9682-34A297B93D90}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "{71855A7C-E690-4322-903C-E39917BA24A7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{71E8DCE7-B83F-4985-995A-BB98D4FC6425}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{749D35D4-5243-49A2-96AF-B93ACA4B5838}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{7550F804-68CE-4A7C-94D0-7068DE800435}" = protocol=17 | dir=in | app=c:\program files\twc\digido\digido.exe |
    "{79B876FC-F79A-4598-AB3A-3C276AFAFBD1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{7B2FDC6D-94D7-4A18-BFF8-EB6DFA83B20F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{7F1CAA7E-630A-438E-B31B-E2D1438C3325}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{7F857DD5-587D-4C07-A1EC-73117B5A3D36}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
    "{81395C6B-CDCE-4E00-A1A8-46A84B911C5A}" = protocol=6 | dir=in | app=c:\program files\twc\digido\digido.exe |
    "{8716181D-2D44-4286-9143-5E832497A1D0}" = protocol=6 | dir=in | app=c:\program files\twc\digido\digido.exe |
    "{8915B9AB-DD5C-499B-BEA1-474D3BCE780D}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
    "{8F142F54-4ECC-46C9-BE91-ED1887459603}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{A40B63D1-0114-4210-A87C-EF29DAD92675}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
    "{B0E46038-C6F6-44FB-A9BC-F359493688BF}" = protocol=17 | dir=in | app=c:\users\phoenix\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{B5300067-991E-4932-A597-B17929B934B9}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
    "{B7D80C69-F547-4741-87D2-23116E276B8F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{C18BDADD-7C69-4D9B-BA5A-ACF156DF214E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{CA569E3C-883D-47AE-B324-76689B467E55}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{CAD66A92-5FE3-4E0B-9360-419233F9AE5A}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{CFF9362C-3C1A-4181-ABF4-4EF7BA7B433A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
    "{D32397F0-D869-405E-A4E0-1E131CFE999B}" = dir=in | app=c:\program files\twc\digido\digido.exe |
    "{D8B6E76D-1CAC-4F35-978C-832F4004EC43}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{E16578F1-C9D4-4245-8F60-B964974E14A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{E8395569-5858-452B-8137-C3F4AA8AF1BD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{EEE01CCB-1980-4B70-AA9B-C0C9C0CF63FD}" = protocol=6 | dir=in | app=c:\users\phoenix\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{F8801A7F-DFCC-4C90-A3B1-6351FEB62894}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{FD825796-B701-419C-AB67-CC5A04FA11F9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{FEC9A0A6-98C5-4C8A-981E-79B7B29FC4B0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "TCP Query User{02289D55-4E95-45CA-830B-47384100B8CE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{2A34255E-8ECB-4F5D-AE08-021971B59C53}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{2A56B09F-F179-4382-B05E-324523CAF749}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "TCP Query User{2B9F2503-C42B-4D79-B725-15B2E4DFB12D}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |
    "TCP Query User{8FB2B311-87AE-4777-8622-CD4281FE0E1B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
    "TCP Query User{A05E216B-5D25-427B-8183-387D84970DE4}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{A0B83AC2-2412-4374-A7CA-C2E59125A324}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{C0753ABC-478B-4C7B-88AE-F552C2865FF3}C:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe |
    "TCP Query User{E485D79B-594D-4CBC-8344-871DDDDF715F}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "TCP Query User{FCCBE696-C865-4F1D-8380-ED2723309645}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
    "TCP Query User{FD4D8B49-B335-4378-BF54-9EE85B97A051}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
    "UDP Query User{36ED8AF5-39D5-4F6C-B0EF-C518B8376E6B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
    "UDP Query User{373B216C-93BE-4399-899A-8BA79F62EAE4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{3D27B7E5-E53B-4E4D-B8CF-319A6C2841C3}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
    "UDP Query User{5C018A19-95A1-4585-B940-7A475DA7FDB2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{5DE01926-8263-4526-B852-7E93E9641726}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
    "UDP Query User{822D1E8F-B3C3-4EA3-ADE1-C15660A6C9B1}C:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe |
    "UDP Query User{A3BD1DA8-66A7-4AA7-ACC6-608EC8ADDDC7}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{ADCBECE3-B8CA-429C-9187-963912E2F20B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{B2689B77-EB10-4B0D-B646-BB544764B960}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "UDP Query User{E9FB7C77-334D-4915-8494-6BA4AADA2910}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
    "UDP Query User{F6EC9C22-8717-4324-9A1C-1674D50E8512}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
    "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
    "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
    "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
    "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{32A3A4F4-B792-11D6-A78A-00B0D0160450}" = Java(TM) SE Development Kit 6 Update 45
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.5.7
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
    "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
    "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
    "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
    "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
    "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
    "{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = DigiDo
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "ERUNT_is1" = ERUNT 1.1j
    "Furcadia" = Furcadia
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "mIRC" = mIRC
    "Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "NVIDIA Drivers" = NVIDIA Drivers
    "Opera 12.11.1661" = Opera 12.11
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "SkypeAutoAnswer" = SkypeAutoAnswer
    "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
    "SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Torchlight_is1" = Torchlight
    "Tunngle beta_is1" = Tunngle beta
    "VLC media player" = VLC media player 2.0.7
    "WildTangent hp Master Uninstall" = My HP Games
    "Winamp" = Winamp
    "WinRAR archiver" = WinRAR 4.20 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Battle for Wesnoth 1.10.5" = Battle for Wesnoth 1.10.5
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/14/2013 8:25:19 PM | Computer Name = Djibouti | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2013 8:30:23 PM | Computer Name = Djibouti | Source = LoadPerf | ID = 3012
    Description =

    Error - 7/14/2013 8:30:23 PM | Computer Name = Djibouti | Source = LoadPerf | ID = 3011
    Description =

    Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = WinMgmt | ID = 10
    Description =

    Error - 7/15/2013 1:16:35 AM | Computer Name = Djibouti | Source = LoadPerf | ID = 3012
    Description =

    Error - 7/15/2013 1:16:35 AM | Computer Name = Djibouti | Source = LoadPerf | ID = 3011
    Description =

    Error - 7/15/2013 2:49:45 PM | Computer Name = Djibouti | Source = Application Error | ID = 1000
    Description = Faulting application Skype.exe, version 6.0.0.126, time stamp 0x509ce778,
    faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception
    code 0xc0000005, fault offset 0x00123790, process id 0x1f4, application start time
    0x01ce818b9576f51c.

    Error - 7/15/2013 3:48:48 PM | Computer Name = Djibouti | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/15/2013 3:48:51 PM | Computer Name = Djibouti | Source = Windows Search Service | ID = 3013
    Description =

    Error - 7/15/2013 3:49:32 PM | Computer Name = Djibouti | Source = Windows Search Service | ID = 3013
    Description =

    [ System Events ]
    Error - 7/15/2013 1:10:10 AM | Computer Name = Djibouti | Source = HTTP | ID = 15016
    Description =

    Error - 7/15/2013 1:11:24 AM | Computer Name = Djibouti | Source = DCOM | ID = 10005
    Description =

    Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7009
    Description =

    Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/15/2013 1:11:47 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7034
    Description =

    Error - 7/15/2013 5:27:51 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7009
    Description =

    Error - 7/15/2013 5:27:51 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/15/2013 6:11:11 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7009
    Description =

    Error - 7/15/2013 6:11:11 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
    And Still She Sings, Till Everything Burns
    +-+-+-+-+-+-+-+
    |P|h|o|e|n|i|x|
    +-+-+-+-+-+-+-+
    I Believe In Karma, What You Give Is What You Get Returned

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great

    Open OTL.exe
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
      O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell - "" = AutoRun
      O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
      O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell - "" = AutoRun
      O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
      O33 - MountPoints2\E\Shell - "" = AutoRun
      O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
      O33 - MountPoints2\H\Shell - "" = AutoRun
      O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
      
      
      :Services
      
      :Reg
      
      :Files
      ipconfig /flushdns /c
      
      
      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top. <--Not run Scan
    • Let the program run unhindered, reboot when it is done
    • Then post the results of the log it produces
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Jan 2008
    Posts
    78

    Default

    Yeah. Bit of an issue here now.

    I ran OTL like you said. It got to [emptytemp] and then sat there for a bit. Then the program did a "Not Responding" sort of thing. I figured it was just busy doing whatever it was doing, so I left it alone for a bit. I don't know if an hour was long enough but, an hour of "Not Responding" leads me to believe something isn't right.
    Perhaps I should of just left it not responding for a long time, but at that point I was a bit impatient. Force shut down my comp with the power button..then proceeded to have issues loading it up. It took forever, and I had to shut down a few times just to get it back on.

    A bit scarey, since I do not have the funds atm and probably will not for a while to afford a new computer.

    What do I do?
    And Still She Sings, Till Everything Burns
    +-+-+-+-+-+-+-+
    |P|h|o|e|n|i|x|
    +-+-+-+-+-+-+-+
    I Believe In Karma, What You Give Is What You Get Returned

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Just reboot a few times and see if it makes a difference
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Jan 2008
    Posts
    78

    Default

    Ok. You may have to elaborate for me. You said reboot a few times and see if there is any difference. In an difference to what exactly?
    And Still She Sings, Till Everything Burns
    +-+-+-+-+-+-+-+
    |P|h|o|e|n|i|x|
    +-+-+-+-+-+-+-+
    I Believe In Karma, What You Give Is What You Get Returned

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    The way you worded your statement I thought you where having problems starting up your system and sometimes just rebooting it a few times will straighten it out. How is your system behaving now ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •