Possible Virus - Delta Search, Babylon.Toolbar

L

Luney Loz

New member
Hi there,

I'm posting this on behalf of my Dad since his PC (which was my old one) appears to be infected.

Last night, a toolbar called delta-search appeared on his computer in both Internet Explorer and Firefox. It changed both browser's home page's to delta-search and WOT flagged it as unsafe. I won't post the link unless you want me to. Don't want anyone clicking on it and getting infected.

Today, I updated both Spybot S&D2 and Malwarebytes. I then immunized with Spybot and ran a scan. The scan in Spybot showed 'Babylon.Toolbar' at lvl5 as well as 17 or so other results. I clicked fix, re-scanned, and 5 more results showed but I'm not sure if they were nasties or not. After that, I ran a full scan in Malwarebytes. That showed 3 results but they were my Dad's game cheat things. I know he's risking infection by downloading those stupid cheats but I'll just get my head bitten off if I tell him not to do it.

----------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by lauren at 14:35:55 on 2013-05-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.2047.867 [GMT 10:00]
.
AV: BitDefender Antivirus *Disabled/Outdated* {5988F8C3-A12C-B8DD-7291-D5248C8353F8}
SP: BitDefender Antispyware *Disabled/Outdated* {E2E91927-8716-B753-4821-EE56F7041945}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: BitDefender Firewall *Enabled* {61B379E6-EB43-B985-59CE-7C1172501483}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\TeamViewer\Version8\tv_w32.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ipstar.com.au/nbn/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: BitDefender Toolbar: {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BlazeServoTool] "c:\program files\blazevideo\blazedvd 5 professional\MediaDetector.exe"
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAC0ATgBHAFUATgBSAC0AVgBWAEwAUQBVAC0ANAA5AEQAMABBAC0AMwBDAEIAMwBDAC0AOQA0AFkANABWAA"&"inst=NwA2AC0AMQAwADEAMQA2ADUAMAA3ADEANwAtAFgATwAzADYAKwAxAC0ARABEAFQAKwAwAC0AUAA5ADAAVABCACsAMgAtAE4AMQBEACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAC0AUABMACsAOQAtAFAAOQAwAE0AMQAyAEMAKwAxAC0AVQA5ADUAKwAxAC0AVABCACsAMQA"&"prod=94"&"ver=9.0.914
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{305EE8BF-5C5A-4252-A9EB-0BF282A6E190} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5e31e552-b1ca-4ee0-bf68-b57acaa94126%7D&mid=53ec061cf0c73e93f535ca82e6ed2b77-b1cb44c9957b677d6d9565446c14d635b3dd8bff&ds=AVG&v=9.0.0.18.1&lang=us&pr=&d=2011-12-30%2018%3A41%3A32&sap=ku&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programdata\avg secure search\9.0.0.18\components\toolbarhomewmp.dll
FF - component: c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}\components\PriceGongFF.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\1.104.0\npesnlaunch.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-03-22 15:20; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\lauren\appdata\roaming\mozilla\firefox\profiles\7v4sz15g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2013-04-01 16:53; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\drivers\BdfNdisf6.sys [2009-10-19 72200]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2009-10-19 79368]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2010\bdvedisk.sys [2009-9-22 83208]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-3-21 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-3-21 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-3-21 168384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-3-23 3574624]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-1-23 92592]
R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-11-10 152456]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\drivers\KMWDFILTER.sys [2009-4-29 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2009-7-14 265088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSIb.sys [2009-7-14 11904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-24 14848]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-24 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-18 1343400]
.
=============== Created Last 30 ================
.
2013-05-12 09:44:25 -------- d-----w- c:\programdata\BrowserProtect
2013-05-12 09:41:09 -------- d-----w- c:\programdata\Tarma Installer
2013-05-12 09:40:25 -------- d-----w- c:\program files\TornTV.com
2013-05-11 11:07:50 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{60dea222-2119-475c-9550-11c04847871e}\offreg.dll
2013-05-10 10:01:54 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{60dea222-2119-475c-9550-11c04847871e}\mpengine.dll
2013-05-03 03:30:13 -------- d-----w- c:\users\lauren\appdata\local\DDMSettings
2013-04-25 09:04:35 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-04-25 09:04:35 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-04-25 09:04:34 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-04-23 23:24:41 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 01:40:58 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-22 05:44:12 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10144.bin
2013-04-17 03:59:35 -------- d-----w- C:\Nexon
2013-04-17 03:59:34 -------- d-----w- c:\programdata\NexonUS
.
==================== Find3M ====================
.
2013-05-06 23:49:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-06 23:49:37 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-01 16:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-04 04:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-22 08:48:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-21 00:37:36 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-21 00:37:36 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:09:59 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-25 13:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 13:22:36 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-25 13:22:34 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 13:22:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-25 13:22:32 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-25 13:22:32 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-25 13:22:30 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-25 13:22:26 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 13:22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 13:22:08 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-25 13:22:06 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 13:22:06 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
============= FINISH: 14:36:28.68 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-13 14:42:43
-----------------------------
14:42:43.976 OS Version: Windows 6.1.7601 Service Pack 1
14:42:43.976 Number of processors: 4 586 0x1707
14:42:43.976 ComputerName: LAUREN-PC UserName: lauren
14:42:48.281 Initialize success
14:44:05.501 AVAST engine download error: 0
14:45:10.881 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:45:10.881 Disk 0 Vendor: ST3500320AS SD1A Size: 476940MB BusType: 3
14:45:10.974 Disk 0 MBR read successfully
14:45:10.974 Disk 0 MBR scan
14:45:10.974 Disk 0 Windows 7 default MBR code
14:45:10.990 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:45:11.021 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:45:11.021 Disk 0 scanning sectors +976771072
14:45:11.099 Disk 0 scanning C:\Windows\system32\drivers
14:45:17.386 Service scanning
14:45:31.504 Modules scanning
14:45:37.681 Disk 0 trace - called modules:
14:45:37.697 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
14:45:38.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b01890]
14:45:38.212 3 CLASSPNP.SYS[8320459e] -> nt!IofCallDriver -> [0x859c7918]
14:45:38.212 5 ACPI.sys[88acc3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x859c5908]
14:45:38.227 Scan finished successfully
14:46:05.481 Disk 0 MBR has been saved successfully to "C:\Users\lauren\Desktop\MBR.dat"
14:46:05.481 The log file has been saved successfully to "C:\Users\lauren\Desktop\aswMBR.txt"
 

Attachments

Hi Luney Loz,

Thanks for being so patient. :bigthumb:

1. Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select "Run as Administrator" and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

2. AdwCleaner

Download AdwCleaner to your desktop.

Right click and select "Run as Administrator".
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
=========================

3. OTL

  • Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • AdwCleaner.txt
  • OTL.txt
  • Extras.txt
  • Describe any symptoms you are experiencing.
 
Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
BitDefender Antivirus
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox (21.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
Common Files BitDefender BitDefender Update Service livesrv.exe
BitDefender BitDefender 2010 vsserv.exe
BitDefender BitDefender 2010 bdagent.exe
BitDefender BitDefender 2010 seccenter.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

---------

OTL logfile created on: 21/05/2013 9:27:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lauren\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
4.00 Gb Paging File | 2.99 Gb Available in Paging File | 74.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 334.82 Gb Free Space | 71.90% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAUREN-PC | User Name: lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lauren\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Lauren\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\BitDefender\BitDefender 2010\framework.dll ()
MOD - C:\Windows\System32\txmlutil.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (cusbohcn) -- C:\Users\Lauren\AppData\Local\Temp\cusbohcn.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ipstar.com.au/nbn/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 67 70 F8 11 DA CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=726
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{800AD787-4E99-402F-AB8A-3C9F0B8BF537}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111253,17023,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: clickclean@hotcleaner.com:3.6.5.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.0
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={101A0EC6-CB3D-495A-B32F-16F906F795F9}&Version=3.6.5&Vintage=20111253&Defaultbrowserid=16&Productid=2723&Vendorid=6384&Offerid=17029&searchterm="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/06/06 18:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/04/01 15:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 19:24:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 19:24:25 | 000,000,000 | ---D | M]

[2012/04/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2012/04/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/21 21:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions
[2013/05/17 08:07:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/03/28 16:28:44 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\clickclean@hotcleaner.com
[2013/05/09 21:01:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/19 19:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/19 19:24:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/01 15:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

O1 HOSTS File: ([2013/05/13 12:47:01 | 000,447,225 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15354 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe" File not found
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{305EE8BF-5C5A-4252-A9EB-0BF282A6E190}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/05 00:37:47 | 001,064,960 | R--- | M] (Codemasters Software Co.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/17 23:10:53 | 000,000,067 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{097c7de7-4204-11df-b3c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{097c7de7-4204-11df-b3c8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/09/05 00:37:47 | 001,064,960 | R--- | M] (Codemasters Software Co.)
O33 - MountPoints2\{56cde57c-72c7-11df-8715-002215977ef7}\Shell - "" = AutoRun
O33 - MountPoints2\{56cde57c-72c7-11df-8715-002215977ef7}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{fffa45f9-6365-11e1-bb8d-002215977ef7}\Shell - "" = AutoRun
O33 - MountPoints2\{fffa45f9-6365-11e1-bb8d-002215977ef7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/21 21:08:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lauren\Desktop\OTL.exe
[2013/05/19 19:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/18 16:55:00 | 000,000,000 | ---D | C] -- C:\Users\lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/05/15 21:14:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 21:14:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 21:14:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 21:14:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 21:14:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 21:14:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 21:14:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/15 21:14:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 21:14:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 21:14:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 17:22:42 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/15 17:22:41 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 17:22:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 17:22:29 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/13 14:55:42 | 000,000,000 | ---D | C] -- C:\Users\lauren\Desktop\Spybot Forums
[2013/05/03 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\lauren\AppData\Local\DDMSettings
[2013/04/25 19:04:35 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2013/04/25 19:04:35 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2013/04/25 19:04:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2013/04/23 11:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/23 11:40:58 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/23 11:40:58 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/23 11:40:58 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/23 11:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/21 21:27:07 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 21:27:07 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/21 21:26:56 | 000,636,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/21 21:26:56 | 000,114,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/21 21:19:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/21 21:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/21 21:19:46 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 21:17:46 | 000,000,106 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/21 21:08:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lauren\Desktop\OTL.exe
[2013/05/21 21:08:15 | 000,632,031 | ---- | M] () -- C:\Users\lauren\Desktop\AdwCleaner.exe
[2013/05/21 21:06:21 | 000,890,825 | ---- | M] () -- C:\Users\lauren\Desktop\SecurityCheck.exe
[2013/05/21 20:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/21 20:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/18 16:54:53 | 000,000,551 | ---- | M] () -- C:\Windows\eReg.dat
[2013/05/17 22:54:15 | 000,000,024 | ---- | M] () -- C:\Users\lauren\random.dat
[2013/05/17 20:13:20 | 000,000,024 | ---- | M] () -- C:\Users\lauren\jagexappletviewer.preferences
[2013/05/17 17:51:09 | 000,000,032 | ---- | M] () -- C:\Users\lauren\jagex_cl_runescape_LIVE.dat
[2013/05/16 21:39:43 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2013/05/16 16:54:50 | 000,310,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 18:50:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 18:50:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/13 14:46:05 | 000,000,512 | ---- | M] () -- C:\Users\lauren\Desktop\MBR.dat
[2013/05/13 12:47:01 | 000,447,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/13 12:34:44 | 000,447,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130513-124701.backup
[2013/05/10 20:18:40 | 000,001,457 | ---- | M] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising v1.0 + 4 Trainer - Shortcut.lnk
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 19:20:43 | 000,000,250 | ---- | M] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising.lnk
[2013/04/28 16:48:17 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/21 21:17:42 | 000,000,106 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/21 21:08:09 | 000,632,031 | ---- | C] () -- C:\Users\lauren\Desktop\AdwCleaner.exe
[2013/05/21 21:06:16 | 000,890,825 | ---- | C] () -- C:\Users\lauren\Desktop\SecurityCheck.exe
[2013/05/18 16:54:53 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2013/05/13 14:46:05 | 000,000,512 | ---- | C] () -- C:\Users\lauren\Desktop\MBR.dat
[2013/05/10 20:18:40 | 000,001,457 | ---- | C] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising v1.0 + 4 Trainer - Shortcut.lnk
[2013/04/29 19:20:43 | 000,000,250 | ---- | C] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising.lnk
[2013/04/07 11:41:10 | 000,000,045 | ---- | C] () -- C:\Users\lauren\jagex_cl_oldschool_LIVE.dat
[2013/04/07 11:41:10 | 000,000,024 | ---- | C] () -- C:\Users\lauren\random.dat
[2013/03/23 20:42:08 | 000,000,032 | ---- | C] () -- C:\Users\lauren\jagex_cl_runescape_LIVE.dat
[2013/03/23 20:41:07 | 000,000,024 | ---- | C] () -- C:\Users\lauren\jagexappletviewer.preferences
[2012/04/27 17:21:30 | 000,000,057 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\mbam.context.scan
[2012/01/05 06:59:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/05 06:57:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/04 15:45:43 | 000,022,328 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\PnkBstrK.sys
[2012/01/04 15:45:21 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/01 12:53:24 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/31 21:47:27 | 000,000,025 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\bdfvconp.ini
[2010/04/27 20:43:08 | 000,000,000 | ---- | C] () -- C:\Users\lauren\AppData\Local\prvlcl.dat
[2010/04/19 19:38:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\6AC54BA7A2.sys
[2010/04/19 19:38:41 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/12 23:33:09 | 000,000,087 | ---- | C] () -- C:\Users\lauren\jagex_runescape_preferences2.dat
[2010/04/12 23:33:09 | 000,000,000 | ---- | C] () -- C:\Users\lauren\jagex__preferences3.dat
[2010/04/12 23:29:28 | 000,000,042 | ---- | C] () -- C:\Users\lauren\jagex_runescape_preferences.dat
[2010/04/07 18:00:49 | 000,007,597 | ---- | C] () -- C:\Users\lauren\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/30 13:33:52 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\BitDefender
[2013/05/13 12:09:02 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Mumble
[2012/01/04 15:21:31 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Origin
[2013/03/27 15:20:19 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\raidcall
[2013/05/02 14:02:43 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Screaming Bee
[2013/03/23 21:11:07 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\TeamViewer
[2012/04/20 20:54:17 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\TomTom
[2012/02/13 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\Windows Live Writer
[2012/10/09 18:12:10 | 000,000,000 | ---D | M] -- C:\Users\lauren\AppData\Roaming\XRay Engine

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 11:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 15:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 15:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 15:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 22:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 15:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 15:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 16:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2012/11/13 13:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 11:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 22:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 11:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 16:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 15:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 22:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 11:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

========== Base Services ==========
SRV - [2009/07/14 11:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 14:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 11:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 22:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 22:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 11:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 07:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 14:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 22:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 15:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 11:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 11:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 11:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 22:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 11:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 11:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 11:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 11:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/04 02:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 11:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 20:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 15:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 11:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 22:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 22:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 11:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 15:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 11:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 22:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 22:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 22:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 22:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 11:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 14:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 22:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 22:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 22:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 22:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 22:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 22:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 22:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 22:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 11:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 08:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 22:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 11:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 22:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500320AS ATA Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 466.00GB
Starting Offset: 105906176
Hidden sectors: 0


========== Files - Unicode (All) ==========
[2013/02/24 17:41:17 | 000,000,072 | ---- | M] ()(C:\Windows\System32\?I) -- C:\Windows\System32\纈Ī
[2013/02/24 17:41:17 | 000,000,072 | ---- | C] ()(C:\Windows\System32\?I) -- C:\Windows\System32\纈Ī
[2013/02/09 19:32:24 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?H) -- C:\Windows\System32\簘Ħ
[2013/02/09 19:32:24 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?H) -- C:\Windows\System32\簘Ħ
[2012/12/29 21:50:04 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?I) -- C:\Windows\System32\䚰Ĭ
[2012/12/29 21:50:04 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?I) -- C:\Windows\System32\䚰Ĭ
[2012/09/23 20:57:10 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\풰ġ
[2012/09/23 20:57:10 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\풰ġ
[2012/09/13 20:57:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쩸Ĝ
[2012/09/13 20:57:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쩸Ĝ

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >
 

Attachments

OTL Extras logfile created on: 21/05/2013 9:27:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lauren\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 69.91% Memory free
4.00 Gb Paging File | 2.99 Gb Available in Paging File | 74.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 334.82 Gb Free Space | 71.90% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAUREN-PC | User Name: lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E606969-E1CC-4A2D-9E2F-49170ACBC1D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21756A25-EA3D-4AC8-B063-92A199F76FBF}" = lport=445 | protocol=6 | dir=in | app=system |
"{298106AE-C77F-4733-BCAE-E6D1708BFFE8}" = rport=137 | protocol=17 | dir=out | app=system |
"{2D09F248-9D51-4BE4-9EA1-545C9EB6D587}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{399A9F84-060F-4F51-B089-C0E56B490827}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3DA94FD9-24FB-4CC6-A80F-A43866020CD1}" = rport=138 | protocol=17 | dir=out | app=system |
"{442312D5-1CA0-4B06-A13A-DA028A108C97}" = rport=445 | protocol=6 | dir=out | app=system |
"{46847DF4-E89D-418D-B627-267F7CFFCB27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51BF0C56-F390-44AE-8F17-7F00E5AFE36C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5DF3DD92-812D-438A-8975-0D634D681AF0}" = lport=138 | protocol=17 | dir=in | app=system |
"{6656E849-BC0C-470C-8C8F-3971A61A96D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{73991B9E-8EC9-40A6-895E-A547A6EC9DE7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76A3814B-5F1C-4EAF-8A61-071163182309}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86395880-DE28-46D4-A972-9970787365E0}" = lport=137 | protocol=17 | dir=in | app=system |
"{87410725-2271-4C84-9316-C5E83E9906C2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A87712D3-9794-4ED1-9D17-06F5AF5CAEC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ADCFFF60-C112-4633-922C-D492CD51246B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BFA25B84-5B77-4F18-96A7-D6267F5A9112}" = rport=139 | protocol=6 | dir=out | app=system |
"{C9A783BD-9656-41DD-A3E5-98ADC6568183}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D62963EA-85EE-4316-A305-872A955F2990}" = lport=139 | protocol=6 | dir=in | app=system |
"{E0E160C1-7241-4B30-8DF8-D5A14551401D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E11315B2-40F2-4D22-8193-F71903A9DF66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E5E7E405-1C94-43A5-8025-12DD28053651}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{F59C2ED0-4E77-46E9-BD2E-C3A8A18BA696}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC607087-5A64-4D52-AB46-C3641C83BA78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0104E217-5E3F-4229-BEB5-53E24E2D3E8E}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{11D1C08D-E2CE-4603-8F5C-17E84C0CB620}" = protocol=17 | dir=in | app=c:\program files\eidos\conflict denied ops\conflictdeniedops.exe |
"{15ECC05C-A96E-45A8-8DFE-A2DA5EEE3AD6}" = protocol=6 | dir=in | app=c:\program files\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{20FF0BF5-1A80-4752-B157-5307C55A1E8A}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{2B7CDBF3-37B1-4800-9064-38BE01BDD59A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30AE41E5-5542-4A60-8AD4-9EEB6326B38B}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{334249EE-E12D-4A71-B985-00A690896105}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{36B29F21-5C0E-46BF-8A02-5D6AD0C9356A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{36CBBB92-02D8-4AAE-A86A-AE063C010AFD}" = protocol=6 | dir=out | app=system |
"{37E8AC92-6395-4C77-97E3-1270B5E1AB47}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{38048607-CE93-4884-9325-8EE4C01BE917}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3868502F-401A-4091-8120-9E1851B39F0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3C5821EB-CB52-466A-B64D-4F77CB472570}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{3EAB5866-F715-42CC-BCCF-0E69603FC205}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{3ED78880-17D5-4506-ADD7-C6D09E712632}" = protocol=17 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{3F73544D-A8DC-46E2-A83B-2914EB63D1F7}" = protocol=6 | dir=in | app=c:\program files\eidos\conflict denied ops\conflictdeniedops.exe |
"{43E6FD97-8FB3-4201-86E6-D2117049DD8B}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{474F8DCF-3576-4858-9786-750772B066FB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4A227D2D-8B6A-4EE0-BEB8-5AF925A18F3E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{548419B7-9E90-48CF-8C2B-2A2DDFE470E3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{55661940-7998-4EF7-AE8E-925D3AA76DCF}" = protocol=6 | dir=in | app=c:\program files\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{5B7B10EE-BFE9-46F9-918F-24E6AF7D3DCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C8BB8D8-3509-43BF-AFB3-0C91FAAC1C45}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{5D245139-6A22-49B3-9EB6-49F235E50FAD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E3782AC-A6E4-463C-80D8-636E7E875D92}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |
"{5F92A36E-4746-41F2-B31A-7CBD9B235A5A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{65AD746E-125C-4B0B-BD38-634118DB3D36}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{66798C17-5E86-4310-947B-87A35F9E4442}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{69391A9A-9E75-4628-9573-C6AF9CAEE5B4}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{6AEEAEF6-D2FC-4CF4-871B-50CCA05F4C6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B81DE87-F58D-4C01-9830-AEC5CAE71B04}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C703A00-303A-4845-A7DD-CFB943EF9160}" = protocol=6 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{70C1D016-DC2A-4600-9F1F-48097307AC3A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{79DDB1C2-BC75-4840-8954-947C4E343450}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E296DE0-E7DB-4574-9D1B-AEEC05FFC2BF}" = protocol=17 | dir=in | app=c:\program files\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{7F74874A-A98D-40F2-85E6-163E05CE5D74}" = protocol=17 | dir=in | app=c:\program files\codemasters\turning point - fall of liberty\binaries\ltcg-tpgame.exe |
"{8E456A0D-E06C-40D3-9F2B-68D42C385DCA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{92D645ED-572B-4BCA-A6B0-E05AD627D087}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{96AD0E2D-9A30-4E62-ADBE-6F0918861C85}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |
"{985EB132-1BDE-44FD-A348-32F74817E2FA}" = protocol=6 | dir=in | app=c:\program files\codemasters\turning point - fall of liberty\binaries\ltcg-tpgame.exe |
"{A09CCE0A-2520-499A-81F9-B1921651A481}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{A7D96BFC-9CA4-473B-8501-156629332842}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ADFD78BF-00C7-4C89-9756-AA42A9B8F9F5}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B8AB21DF-1E1C-450A-8215-82578AACF9BD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B8AE1E7A-0946-4900-A4E2-A0BCD7169EDF}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{B9F0A396-9150-4D07-8538-A85952A46B49}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{BB04EA74-EA10-493A-B7EC-1D08C68FC2B9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C369B009-5901-484C-87F3-68E2BD74730E}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{C68EF2B4-13DC-482C-9412-B9E6C42B3521}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C9B87EE1-BA59-4C16-B5CE-BB9C70FB3070}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{CD0CF86F-B267-4F9D-BE63-351E59FDEF9A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D456A4C7-FD6D-4AAD-A562-AC7004528662}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{D655E743-D456-468F-95A6-02408D6CABE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB8E19FE-E850-44AF-9712-7489CEF0699B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"{DD246403-6542-4365-9E81-2E723715DFCD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{DD3360D9-3B3D-4D7C-AA59-E4FF1B6080E3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E1983EF1-4B5C-4D49-B77A-92A885E60FC1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E28EF435-E815-4544-8A0A-56AB5509094C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E4777EBB-3082-4CBC-A6E6-E46DDF74DBCC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5D6CD09-0D76-49D3-A098-981E591C6D1A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E6F041AC-DAA9-4C62-B3A6-8A8B2341AB4C}" = protocol=17 | dir=in | app=c:\program files\midway games\stranglehold\binaries\retail-stranglehold.exe |
"{EAE8A282-C767-4CE3-BE1E-40BEF3E62E47}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F1366F5A-347D-43DF-94A7-553F237FEA73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F2278FC0-8AB1-4F6F-A2CD-4E9C64FE0AB3}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe |
"{F2AF0377-4F67-43EF-BC9F-2EBE68EFC6B1}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{F8A79607-3274-4929-9210-3F4132378CAC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F9800458-1C96-40A6-A5A3-3BF7BEE4CE87}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"TCP Query User{11EC00F7-50C5-4528-B11B-B602ADD115A2}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{CEAFDDF6-B684-4941-8E9C-D530B5F648B6}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{5DDD7A7F-A89C-4CD5-88B0-BFB7C1CEA4F6}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{CC083020-0B2D-4021-8C61-07133696D906}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{16393B5A-43A8-434B-B22A-0724581F7873}" = GameShadow
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{36A29F5F-5CBE-4CE0-9E25-4F9297E8570D}" = BitDefender Total Security 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86EDEF11-EFE4-46CB-8B08-9CBD4A936B1F}" = Stranglehold
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FCCBE-31AB-4312-A5A9-165FF3B0BF90}" = RuneScape Launcher 1.2.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D4FEA244-A9BC-4727-8EA9-B369579F43CF}" = Turning Point - Fall of Liberty
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE4BA4C3-6DE4-404C-9B69-A84709BED752}" = Conflict Denied Ops
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup" = DivX Setup
"DragonNest" = DragonNest
"InstallShield_{D4FEA244-A9BC-4727-8EA9-B369579F43CF}" = Turning Point - Fall of Liberty
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"TeamViewer 8" = TeamViewer 8
"TomTom HOME" = TomTom HOME 2.8.3.2499
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/05/2013 6:12:17 PM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/05/2013 2:49:05 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlmail.exe, version: 16.4.3505.912, time
stamp: 0x50510ef6 Faulting module name: bdoe.dll, version: 13.1.14.123, time stamp:
0x4adc9b0e Exception code: 0xc0000005 Fault offset: 0x0000f380 Faulting process id:
0x1784 Faulting application start time: 0x01ce495c8f288088 Faulting application path:
C:\Program Files\Windows Live\Mail\wlmail.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
2010\bdoe.dll Report Id: e0070d8b-b54f-11e2-bd3d-002215977ef7

Error - 5/05/2013 7:44:25 PM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 5/05/2013 7:50:32 PM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: nvwgf2um.dll, version: 9.18.13.1106,
time stamp: 0x50f94515 Exception code: 0xc0000005 Fault offset: 0x001a2519 Faulting
process id: 0x1508 Faulting application start time: 0x01ce49eb3ed49be4 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\nvwgf2um.dll
Report
Id: 9208aa76-b5de-11e2-bb81-002215977ef7

Error - 6/05/2013 6:45:55 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: OFDR.exe, version: 1.0.0.0, time stamp:
0x4ab36c56 Faulting module name: OFDR.exe, version: 1.0.0.0, time stamp: 0x4ab36c56
Exception
code: 0xc0000005 Fault offset: 0x00b5249d Faulting process id: 0x1ad8 Faulting application
start time: 0x01ce4a4699985c1b Faulting application path: C:\Program Files\Codemasters\OF
Dragon Rising\OFDR.exe Faulting module path: C:\Program Files\Codemasters\OF Dragon
Rising\OFDR.exe Report Id: 2078740f-b63a-11e2-bb81-002215977ef7

Error - 6/05/2013 6:47:23 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlmail.exe, version: 16.4.3505.912, time
stamp: 0x50510ef6 Faulting module name: bdoe.dll, version: 13.1.14.123, time stamp:
0x4adc9b0e Exception code: 0xc0000005 Fault offset: 0x0000f380 Faulting process id:
0x1904 Faulting application start time: 0x01ce4a4707407d23 Faulting application path:
C:\Program Files\Windows Live\Mail\wlmail.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
2010\bdoe.dll Report Id: 5548b863-b63a-11e2-bb81-002215977ef7

Error - 6/05/2013 7:38:18 AM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 7/05/2013 5:41:12 AM | Computer Name = lauren-PC | Source = Application Error | ID = 1000
Description = Faulting application name: wlmail.exe, version: 16.4.3505.912, time
stamp: 0x50510ef6 Faulting module name: bdoe.dll, version: 13.1.14.123, time stamp:
0x4adc9b0e Exception code: 0xc0000005 Fault offset: 0x0000f380 Faulting process id:
0x129c Faulting application start time: 0x01ce4b06f0a9be0a Faulting application path:
C:\Program Files\Windows Live\Mail\wlmail.exe Faulting module path: C:\Program Files\BitDefender\BitDefender
2010\bdoe.dll Report Id: 40b386a7-b6fa-11e2-a341-002215977ef7

Error - 7/05/2013 8:17:55 PM | Computer Name = lauren-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 8/05/2013 3:17:57 AM | Computer Name = lauren-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Spybot - Search and Destroy Events ]
Error - 21/03/2013 12:29:12 AM | Computer Name = lauren-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 21/03/2013 2:14:23 AM | Computer Name = lauren-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 1/04/2013 12:49:03 AM | Computer Name = lauren-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 18/05/2013 5:27:20 PM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 18/05/2013 5:27:20 PM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 19/05/2013 12:49:40 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 19/05/2013 12:49:40 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 20/05/2013 3:08:33 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 20/05/2013 3:08:33 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 21/05/2013 3:24:53 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 21/05/2013 3:24:53 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069

Error - 21/05/2013 7:22:04 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
with the currently configured password due to the following error: %%1330 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 21/05/2013 7:22:04 AM | Computer Name = lauren-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
following error: %%1069


< End of report >
 
Hi Luney Loz,

1. Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • AVG (if present)
=========================

2. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
[2013/04/23 11:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

:Files
C:\Program Files\AVG

:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

3. Enable Hidden Files & Folders :

To enable the viewing of hidden and protected system files in Windows please follow these steps:
  1. Close all programs so that you are at your desktop.
  2. Click on the Start button. (This is the small round button with the Windows flag in the lower left corner.)
  3. Click on the Control Panel menu option.
  4. When the control panel opens you can either be in Classic View or Control Panel Home view:

    If you are in the Classic View do the following:
    1. Double-click on the Folder Options icon.
    2. Click on the View tab.
    3. Go to step 5
    If you are in the Control Panel Home view do the following:
    1. Click on the Appearance and Personalization link.
    2. Click on Show Hidden Files or Folders.
    3. Go to step 5.
  5. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  6. Remove the check mark from the check box labeled Hide extensions for known file types.
  7. Remove the check mark from the check box labeled Hide protected operating system files.
  8. Press the Apply button and then the OK button.
=========================

4. VirusTotal

Please go to: VirusTotal

virustotal2-SWI.png


  • Click the Browse button and search for the following file: C:\ProgramData\6AC54BA7A2.sys
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

=========================

In your next post please provide the following:

  • OTL fix log
  • VirusTotal results
  • Fresh OTL.txt log
  • What issues/symptoms are you experiencing?
 
Hi,

Couldn't find AVG in the Programs & Features.

Not sure if the OTL log I posted below is the fix log or not. It didn't post on my Dad's desktop so I had to manually search.

The hidden files were already shown for some reason.

Hope I posted the right stuff.

I attached the OTL.txt because when I tried pasting it, Asian characters showed.

----------

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
C:\ProgramData\McAfee\MCLOGS\Common\jre-7u21-windows-i586-iftw folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common folder moved successfully.
C:\ProgramData\McAfee\MCLOGS folder moved successfully.
C:\ProgramData\McAfee folder moved successfully.
========== FILES ==========
C:\Program Files\AVG\AVG9\log folder moved successfully.
C:\Program Files\AVG\AVG9\cfg folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: lauren
->Java cache emptied: 2347633 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: lauren
->Flash cache emptied: 42143 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 41620 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05222013_102808

----------

SHA256: 5b2c4577f7a86d6849ae53a9171e02a739f07ee80d95711b29b51fa2840e6ad2
SHA1: 9d9aa8012b2a3069adc5f11675be8cf0c8ffdf27
MD5: 40b19155988abb412b4283e150ab217c
File size: 88 bytes ( 88 bytes )
File name: 6AC54BA7A2.sys
File type: unknown
Detection ratio: 0 / 47
Analysis date: 2013-05-22 00:41:15 UTC ( 0 minutes ago )
 

Attachments

Hi Luney Loz,

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
O3 - HKLM\..\Toolbar: (no name) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No CLSID value found.
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found

:Files
C:\Users\Lauren\AppData\Local\Temp\cusbohcn.sys

:Services
cusbohcn

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

2. Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
  • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to run the program..
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.

    MBAM.jpg


  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample: and click Remove Selected .


  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

3. ESET Online Scanner

*Note:
  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.
** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.
=========================

In your next post please provide the following:
  • OTL fix log
  • MBAM.txt
  • ESET's log.txt
  • How is the computer running at the moment?
 
Hi,

I haven't been using the PC much as I've mostly been using my own. I've only been using it to run the scans you mentioned.

From what my Dad says, that malware hasn't tried changing his home page again. I'm not sure if that and the Babylon thing were the only malware or not.

My Dad mentioned he removed WOT because he thought it had something to do with the malware but I told him it wouldn't have been that. I re-installed it in Internet Explorer last night.

----------

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
========== FILES ==========
C:\Users\Lauren\AppData\Local\Temp\cusbohcn.sys moved successfully.
========== SERVICES/DRIVERS ==========
Service cusbohcn stopped successfully!
Service cusbohcn deleted successfully!
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lauren
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 584430777 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51667232 bytes
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 1598848 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9634647 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 617.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05222013_220603

Files\Folders moved on Reboot...
C:\Users\lauren\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

----------

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.22.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
lauren :: LAUREN-PC [administrator]

22/05/2013 10:14:51 PM
mbam-log-2013-05-22 (22-14-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228651
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Attachments

Hi Luney Loz,

My Dad mentioned he removed WOT because he thought it had something to do with the malware but I told him it wouldn't have been that
Click to expand...
:bigthumb:WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

=========================

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :Files
C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF
C:\Users\lauren\Desktop\Trainers\ME3+18Tr-LNG_Final

:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

2. ATF Cleaner by Atribune

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Download - ATF Cleaner
Right-click ATF-Cleaner.exe and select "run as administrator" to run the program.
Under Main choose: Select All
Click the Empty Selected button.

  • If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

=========================

3. Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:

  • OTL fix log
  • Fresh OTL.txt log
  • How's the computer running, any remaining issues we haven't addressed yet?
 
Hi,

I ran ATF Cleaner but it said no files were removed.

I attached the OTL file because it showed Asian characters again.

----------

========== FILES ==========
C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF\Latest\HtmlScreens folder moved successfully.
C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF\Latest folder moved successfully.
C:\Users\lauren\AppData\Local\Temp\F0F4722A-BAB0-7891-8B8E-5190F0D079AF folder moved successfully.
C:\Users\lauren\Desktop\Trainers\ME3+18Tr-LNG_Final folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: lauren
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: lauren
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232013_103607
 

Attachments

Hi Luney Loz,

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :Files
C:\Windows\System32\?I /U /S
C:\Windows\System32\?H /U /S
C:\Windows\System32\?g /U /S
C:\Windows\System32\?G /U /S

:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

In your next post please provide the following:

  • OTL.fix log
  • Fresh OTL.txt
  • Any remaining issues?
 
All processes killed
========== FILES ==========
File\Folder C:\Windows\System32\?I not found.
File\Folder C:\Windows\System32\?H not found.
File\Folder C:\Windows\System32\?g not found.
File\Folder C:\Windows\System32\?G not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: lauren
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05232013_173500

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Attachments

Hi Luney Loz,

Let's try a slighly different approach.

1. Run OTL.exe

Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code: 
    :OTL
[2013/02/24 17:41:17 | 000,000,072 | ---- | M] ()(C:\Windows\System32\?I) -- C:\Windows\System32\纈Ī
[2013/02/24 17:41:17 | 000,000,072 | ---- | C] ()(C:\Windows\System32\?I) -- C:\Windows\System32\纈Ī
[2013/02/09 19:32:24 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?H) -- C:\Windows\System32\簘Ħ
[2013/02/09 19:32:24 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?H) -- C:\Windows\System32\簘Ħ
[2012/12/29 21:50:04 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?I) -- C:\Windows\System32\䚰Ĭ
[2012/12/29 21:50:04 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?I) -- C:\Windows\System32\䚰Ĭ
[2012/09/23 20:57:10 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?g) -- C:\Windows\System32\풰ġ
[2012/09/23 20:57:10 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?g) -- C:\Windows\System32\풰ġ
[2012/09/13 20:57:40 | 000,000,036 | ---- | M] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쩸Ĝ
[2012/09/13 20:57:40 | 000,000,036 | ---- | C] ()(C:\Windows\System32\?G) -- C:\Windows\System32\쩸Ĝ

:Commands
[purity]
[createrestorepoint]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
=========================

In your next post please provide the following:

  • OTL fix log
  • Any remaining issues?
 
Hi,

Not sure if this is the log or not. I had to manually search after the reboot. How do things appear to be looking?

----------

========== OTL ==========
C:\Windows\System32\纈Ī moved successfully.
File C:\Windows\System32\纈Ī not found.
C:\Windows\System32\簘Ħ moved successfully.
File C:\Windows\System32\簘Ħ not found.
C:\Windows\System32\䚰Ĭ moved successfully.
File C:\Windows\System32\䚰Ĭ not found.
C:\Windows\System32\풰ġ moved successfully.
File C:\Windows\System32\풰ġ not found.
C:\Windows\System32\쩸Ĝ moved successfully.
File C:\Windows\System32\쩸Ĝ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05242013_130431
 
Hi fujymo,

How do things appear to be looking?
Click to expand...
We are making good progress. Run OTL again for a fresh scan, if all looks good we will clean up and send you on your way.

=========================

1. Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:

  • OTL.txt
 
Hi,

My Dad wanted me to mention that WOT doesn't show those circles beside search results to show if a site isn't safe or not. He uses Internet Explorer. They show in Firefox. They used to show in Internet Explorer before my Dad deleted WOT, thinking it was the virus. I re-installed it but it didn't show in search results.

----------

OTL logfile created on: 27/05/2013 10:48:58 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lauren\Desktop\Spybot Forums
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.21% Memory free
4.00 Gb Paging File | 2.78 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 335.00 Gb Free Space | 71.94% Space Free | Partition Type: NTFS
Drive D: | 4.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LAUREN-PC | User Name: lauren | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lauren\Desktop\Spybot Forums\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Lauren\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\BitDefender\BitDefender 2010\framework.dll ()
MOD - C:\Windows\System32\txmlutil.dll ()


========== Services (SafeList) ==========

SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer8) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E62x86.sys (Atheros Communications, Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (BrSerIb) -- C:\Windows\System32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (BrUsbSIb) -- C:\Windows\System32\drivers\BrUsbSIb.sys (Brother Industries Ltd.)
DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RT61) -- C:\Windows\System32\drivers\rt61.sys (Ralink Technology Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ipstar.com.au/nbn/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 67 70 F8 11 DA CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {800AD787-4E99-402F-AB8A-3C9F0B8BF537}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&r=726
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{800AD787-4E99-402F-AB8A-3C9F0B8BF537}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20111253,17023,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: clickclean%40hotcleaner.com:4.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: clickclean@hotcleaner.com:3.6.5.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..extensions.enabledItems: addon@defaulttab.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.2.20111006100951
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.0
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={101A0EC6-CB3D-495A-B32F-16F906F795F9}&Version=3.6.5&Vintage=20111253&Defaultbrowserid=16&Productid=2723&Vendorid=6384&Offerid=17029&searchterm="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010/06/06 18:51:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/04/01 15:53:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 19:24:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 19:24:25 | 000,000,000 | ---D | M]

[2012/04/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions
[2012/04/20 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2013/05/21 21:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions
[2013/05/17 08:07:39 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/03/28 16:28:44 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\clickclean@hotcleaner.com
[2013/05/09 21:01:13 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Lauren\AppData\Roaming\Mozilla\Firefox\Profiles\7v4sz15g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/19 19:24:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/19 19:24:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/04/01 15:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

O1 HOSTS File: ([2013/05/13 12:47:01 | 000,447,225 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15354 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Professional\MediaDetector.exe" File not found
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{305EE8BF-5C5A-4252-A9EB-0BF282A6E190}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/05 00:37:47 | 001,064,960 | R--- | M] (Codemasters Software Co.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/17 23:10:53 | 000,000,067 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{097c7de7-4204-11df-b3c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{097c7de7-4204-11df-b3c8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/09/05 00:37:47 | 001,064,960 | R--- | M] (Codemasters Software Co.)
O33 - MountPoints2\{56cde57c-72c7-11df-8715-002215977ef7}\Shell - "" = AutoRun
O33 - MountPoints2\{56cde57c-72c7-11df-8715-002215977ef7}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{fffa45f9-6365-11e1-bb8d-002215977ef7}\Shell - "" = AutoRun
O33 - MountPoints2\{fffa45f9-6365-11e1-bb8d-002215977ef7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/22 22:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/22 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\lauren\Desktop\AIR CON
[2013/05/22 10:28:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/21 22:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
[2013/05/19 19:24:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/05/18 16:55:00 | 000,000,000 | ---D | C] -- C:\Users\lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/05/15 21:14:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/15 21:14:17 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/15 21:14:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/05/15 21:14:17 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/15 21:14:16 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/15 21:14:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/15 21:14:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/05/15 21:14:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/05/15 21:14:16 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/05/15 21:14:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/05/15 17:22:42 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/05/15 17:22:41 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/05/15 17:22:29 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/05/15 17:22:29 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/05/13 14:55:42 | 000,000,000 | ---D | C] -- C:\Users\lauren\Desktop\Spybot Forums
[2013/05/03 13:30:13 | 000,000,000 | ---D | C] -- C:\Users\lauren\AppData\Local\DDMSettings

========== Files - Modified Within 30 Days ==========

[2013/05/27 10:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/27 10:44:06 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 10:44:06 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/27 10:43:56 | 000,636,792 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/27 10:43:56 | 000,114,234 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/27 10:39:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/27 10:36:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/27 10:36:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/27 10:36:42 | 1609,867,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 11:42:55 | 000,000,024 | ---- | M] () -- C:\Users\lauren\random.dat
[2013/05/25 11:42:31 | 000,000,024 | ---- | M] () -- C:\Users\lauren\jagexappletviewer.preferences
[2013/05/25 11:42:01 | 000,000,032 | ---- | M] () -- C:\Users\lauren\jagex_cl_runescape_LIVE.dat
[2013/05/24 13:23:24 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2013/05/21 21:17:46 | 000,000,106 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/18 16:54:53 | 000,000,551 | ---- | M] () -- C:\Windows\eReg.dat
[2013/05/16 16:54:50 | 000,310,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/15 18:50:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 18:50:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/13 14:46:05 | 000,000,512 | ---- | M] () -- C:\Users\lauren\Desktop\MBR.dat
[2013/05/13 12:47:01 | 000,447,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/13 12:34:44 | 000,447,225 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130513-124701.backup
[2013/05/10 20:18:40 | 000,001,457 | ---- | M] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising v1.0 + 4 Trainer - Shortcut.lnk
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/29 19:20:43 | 000,000,250 | ---- | M] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising.lnk
[2013/04/28 16:48:17 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk

========== Files Created - No Company Name ==========

[2013/05/21 21:17:42 | 000,000,106 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/18 16:54:53 | 000,000,551 | ---- | C] () -- C:\Windows\eReg.dat
[2013/05/13 14:46:05 | 000,000,512 | ---- | C] () -- C:\Users\lauren\Desktop\MBR.dat
[2013/05/10 20:18:40 | 000,001,457 | ---- | C] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising v1.0 + 4 Trainer - Shortcut.lnk
[2013/04/29 19:20:43 | 000,000,250 | ---- | C] () -- C:\Users\lauren\Desktop\Operation Flashpoint - Dragon Rising.lnk
[2013/04/07 11:41:10 | 000,000,045 | ---- | C] () -- C:\Users\lauren\jagex_cl_oldschool_LIVE.dat
[2013/04/07 11:41:10 | 000,000,024 | ---- | C] () -- C:\Users\lauren\random.dat
[2013/03/23 20:42:08 | 000,000,032 | ---- | C] () -- C:\Users\lauren\jagex_cl_runescape_LIVE.dat
[2013/03/23 20:41:07 | 000,000,024 | ---- | C] () -- C:\Users\lauren\jagexappletviewer.preferences
[2012/04/27 17:21:30 | 000,000,057 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\mbam.context.scan
[2012/01/05 06:59:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/05 06:57:18 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/04 15:45:43 | 000,022,328 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\PnkBstrK.sys
[2012/01/04 15:45:21 | 000,107,832 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/01 12:53:24 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/05/31 21:47:27 | 000,000,025 | ---- | C] () -- C:\Users\lauren\AppData\Roaming\bdfvconp.ini
[2010/04/27 20:43:08 | 000,000,000 | ---- | C] () -- C:\Users\lauren\AppData\Local\prvlcl.dat
[2010/04/19 19:38:42 | 000,000,088 | RHS- | C] () -- C:\ProgramData\6AC54BA7A2.sys
[2010/04/19 19:38:41 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/12 23:33:09 | 000,000,087 | ---- | C] () -- C:\Users\lauren\jagex_runescape_preferences2.dat
[2010/04/12 23:33:09 | 000,000,000 | ---- | C] () -- C:\Users\lauren\jagex__preferences3.dat
[2010/04/12 23:29:28 | 000,000,042 | ---- | C] () -- C:\Users\lauren\jagex_runescape_preferences.dat
[2010/04/07 18:00:49 | 000,007,597 | ---- | C] () -- C:\Users\lauren\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 
Hi Luney Loz,

We have a few options to try and clear up the WOT issue:

Try step 1 first and check the results, if that fails to correct the problem go to step 2.

=========================

1. Clear Browser Cache in IE9
  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button
    ietoolsbutton.jpg
    , and then expand theSafety menu, then select Delete browsing history.
  • Select the check box next to each of the following categories.
    • Temporary Internet files and website files
    • History
  • Click Delete
=========================

2. To Reset Internet Explorer Settings

  1. Close all Internet Explorer and Windows Explorer windows that are currently open.
  2. Open Internet Explorer.
  3. Click the Tools button
    ietoolsbutton.jpg
    , and then click Internet Options.
  4. Click the Advanced tab, and then click Reset.
  5. Select the Delete personal settings check box if you would also like to remove browsing history, search providers, Accelerators, home pages, Tracking Protection, and ActiveX Filtering data.
  6. In the Reset Internet Explorer Settings dialog box, click Reset.
  7. When Internet Explorer finishes applying default settings, click Close, and then click OK.
  8. Close Internet Explorer.
=========================

In your next post please provide the following:

  • Update on the WOT issue
  • Any remaining issues we haven't addressed?
 
Hi,

For some reason, it still doesn't show up beside search results in Internet Explorer. It only shows in FireFox even though it's installed on both. Dunno what my Dad did to stuff it up.
 
Hi Luney Loz,

If it's working in Firefox but not in Internet Explorer it's definitely an IE issue.

Let's try these steps in this sequence and see if we can correct this issue. (I know quite a few steps)

1. Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • WOT for IE
=========================

2. Disable WOT add-on in Internet Explorer

  • With Internet Explorer open locate the (gear icon) in the top right corner.
  • Select in choose Manage add-ons >> in the Add-on Types category select Toolbars and Extensions
  • Scroll down to WOT and disable any that might be present, confirm the Disable add-on pop-up
  • Close the Manage Add-on window
=========================

3. Clear Browser Cache in IE9

  • Close all Internet Explorer and Windows Explorer windows that are currently open.
  • Open Internet Explorer.
  • Click the Tools button
    ietoolsbutton.jpg
    , and then expand theSafety menu, then select Delete browsing history.
  • Select the check box next to each of the following categories.
    • Temporary Internet files and website files
    • History
  • Click Delete
=========================

4. Reboot

=========================

5. Download a new copy of WOT for IE

  • Go to http://www.mywot.com/en/download and download and install a fresh copy
  • Follow the onscreen instructions
  • Remember to close any open Internet Explorer windows that may be open.

=========================

6. Reboot Again

=========================

7. Check WOT in IE

Now check to see if WOT shows in the Manage Add-ons section, and also see if it functions in Internet Explorer.

=========================
 
You must log in or register to reply here.
Back
Top