Search Babylon redirect plus slow PC

Status
Not open for further replies.

marcus89

New member
I haven't used this PC for a while but need to do so over the next few weeks. Whenever I open up an internet browser I am redirected to a search babylon page. Not sure if this is related but I also have some strange flashing blue/yellow lines that resemble barcodes going down my screen making things a little hard to see although I guess that's more of a hardware issue.

Here is my DDS log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
Run by Marcus at 12:58:44 on 2012-12-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.598 [GMT 0:00]
.
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Marcus\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\vssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Ask.com\SaUpdate.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\marcus\appdata\roaming\media finder\extensions\gencrawler_gc.dll
BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - c:\users\marcus\appdata\roaming\complitly\Complitly.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [IHateThisKey] c:\program files\bytegems.com\i hate this key\IHateThisKey.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [BitTorrent DNA] "c:\users\marcus\program files\dna\btdna.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [NltYsmms] c:\users\marcus\appdata\local\ficmijdg\nltysmms.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\marcus\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E} : DHCPNameServer = 208.67.220.220,208.67.222.222
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - component: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\marcus\program files\dna\plugins\npbtdna.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\mozilla firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.BabylonToolbar_i.id - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.hardId - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:32:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111576&tt=050412_30b~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-18 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-31 207280]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-31 112592]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-27 1439744]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-27 6400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-1 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [2001-11-27 10880]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-20 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-7 38224]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-27 27192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-31 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-31 1141200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-04 12:52:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 12:52:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 13:07:08.03 ===============

Followed by aswMBR log:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 13:11:06
-----------------------------
13:11:06.172 OS Version: Windows 6.0.6001 Service Pack 1
13:11:06.172 Number of processors: 2 586 0xF0B
13:11:06.172 ComputerName: MARCUS-PC UserName: Marcus
13:11:08.293 Initialize success
13:12:00.339 AVAST engine defs: 12120301
13:15:54.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:15:54.735 Disk 0 Vendor: ST3320820AS 3.AHG Size: 305245MB BusType: 3
13:15:54.746 Disk 0 MBR read successfully
13:15:54.749 Disk 0 MBR scan
13:15:54.754 Disk 0 unknown MBR code
13:15:54.757 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 297163 MB offset 63
13:15:54.785 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8079 MB offset 608590395
13:15:54.806 Disk 0 scanning sectors +625137345
13:15:54.875 Disk 0 scanning C:\Windows\system32\drivers
13:16:11.873 Service scanning
13:16:42.741 Modules scanning
13:16:52.557 Disk 0 trace - called modules:
13:16:52.600 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll ataport.SYS pciide.sys
13:16:52.627 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b1d820]
13:16:52.628 3 CLASSPNP.SYS[8cf9d745] -> nt!IofCallDriver -> [0x89b06050]
13:16:52.628 5 PCTCore.sys[807c388f] -> nt!IofCallDriver -> [0x89a0a918]
13:16:52.629 7 acpi.sys[8c8c56a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x899f8ba0]
13:16:57.623 AVAST engine scan C:\Windows
13:17:05.026 AVAST engine scan C:\Windows\system32
13:21:34.420 AVAST engine scan C:\Windows\system32\drivers
13:21:53.478 AVAST engine scan C:\Users\Marcus
13:32:01.289 File: C:\Users\Marcus\AppData\Local\Temp\ftotuoodnwwgkpja.exe **INFECTED** Win32:Katusha-FK [Trj]
14:10:25.405 File: C:\Users\Marcus\Downloads\Bobafett\BOBAFETT.EXE **INFECTED** Win32:CIH-C
14:12:16.524 File: C:\Users\Marcus\Downloads\XvidSetup(2).exe **INFECTED** Win32:HotBar-BL [Adw]
14:12:16.665 File: C:\Users\Marcus\Downloads\XvidSetup(3).exe **INFECTED** Win32:HotBar-BL [Adw]
14:12:16.774 File: C:\Users\Marcus\Downloads\XvidSetup(4).exe **INFECTED** Win32:HotBar-BL [Adw]
14:12:16.852 File: C:\Users\Marcus\Downloads\XvidSetup.exe **INFECTED** Win32:HotBar-BL [Adw]
14:26:56.493 AVAST engine scan C:\ProgramData
14:30:21.477 Scan finished successfully
14:34:17.099 Disk 0 MBR has been saved successfully to "C:\Users\Marcus\Desktop\MBR.dat"
14:34:17.131 The log file has been saved successfully to "C:\Users\Marcus\Desktop\aswMBR.txt"
 
Hello marcus89,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Important Note for Vista and Windows 7 users:

These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")

Please stay with this topic until I let you know that your system appears to be "All Clear"
 
Hi marcus89,

IMPORTANT NOTE: Unfortunately, one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Next

Please download DeFogger to your desktop.
Right click DeFogger and select "Run as Administrator" to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • If it needs to, DeFogger may ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

Next

Refer to the ComboFix User's Guide

  1. Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

In your next post please provide the following:
  • ComboFix log
 
Hi, apologies for the late reply. I've followed your instructions and will copy and paste the combofix log:

ComboFix 12-12-07.01 - Marcus 08/12/2012 11:01:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.503 [GMT 0:00]
Running from: c:\users\Marcus\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\users\Marcus\AppData\Local\ficmijdg\nltysmms.exe
c:\users\Marcus\AppData\Roaming\Rewire.dll
c:\users\Marcus\AppData\Roaming\REX Shared Library.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 10:55 . 2012-12-08 10:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 13:47 . 2012-04-09 13:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-04 13:47 . 2011-06-17 12:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"IHateThisKey"="c:\program files\ByteGems.com\I Hate This Key\IHateThisKey.exe" [2008-11-08 716800]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"BitTorrent DNA"="c:\users\Marcus\Program Files\DNA\btdna.exe" [2011-12-27 342848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:47]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_Marcus.job
- c:\users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.BabylonToolbar_i.id - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.hardId - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111576&tt=050412_30b~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NltYsmms - c:\users\Marcus\AppData\Local\ficmijdg\nltysmms.exe
AddRemove-Complitly_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 11:30
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:98,8b,c0,2a,df,b6,11,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3072)
c:\program files\ByteGems.com\I Hate This Key\ihtkh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\hp\kbd\kbd.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-08 11:41:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-08 11:41
ComboFix2.txt 2011-12-15 23:05
.
Pre-Run: 63,909,015,552 bytes free
Post-Run: 63,172,444,160 bytes free
.
- - End Of File - - 6114F177685C2C9F732AC04018C0AC5B
 
Hi marcus89,

thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next
  • Download OTL to your desktop.
  • To run OTL, Right click and select "Run as Administrator". Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
In your next post please provide the following:
  • JRT.txt
  • OTL.txt
  • Extras.txt
  • How is your computer running at the moment?
 
Hi, sorry again for my late reply, here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.0 (12.12.2012:3)
OS: Windows Vista (TM) Home Premium x86
Ran by Marcus on 13/12/2012 at 13:25:16.63
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1589503311-819724082-689753091-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1589503311-819724082-689753091-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\complitly"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\mediafinder"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\download with &media finder"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\complitly.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\dnu.exe"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\conduit.engine"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdate"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloaduibrowser"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloadupdcontroller"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\gencrawler_gc.gencrawler"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\mf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Marcus\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Marcus\AppData\Roaming\complitly"
Successfully deleted: [Folder] "C:\Users\Marcus\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\local\speedapps"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\locallow\speedapps"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\user.js
Successfully deleted: [File] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\engine@conduit.com
Successfully deleted the following from C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\prefs.js

user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"02992a2cf51639933e67422a185fcf4c1\"");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"4b06e7159f6e9dd4b6a070ffb76b2f931\"");
user_pref("CommunityToolbar.ETag.http://Translation.engine.conduit-services.com/?browser=FF&lut=5/12/2011 4:15:34 PM&locale=en-GB", "\"2554-3c64e4c0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1182482/1178159/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1194029/1189706/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1318881119\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"0\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "L+tncv4eqt6Qm5T3dzChdA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "QmycQXJXVyFVAzIiNllWhQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "SuMy8xgBA7+FodOxmk9aiQ==");
user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2790392", "\"2554-3c64e4c0\"");
user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2801948", "\"2554-3c64e4c0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"75babe825203d7a8eecb898dcf55bf17\"");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634285417620000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634303635100000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=CT2790392", "\"1321973041\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"1321973107\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1311168866\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"1311168850\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634351849102130000\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"ced64c3c2c583b79e12b73d4f9b02d35\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"7332ceccda78fecf0735910f5095f094\"");
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 08 2012 11:46:43 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 08 2012 11:46:43 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "f211d5b2-d336-4725-a62c-2a2adfd7f340");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 09 2012 14:23:38 GMT+0100 (GMT Daylight Time)");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.FirstServerDate", "12/27/2010 18");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.FixPageNotFoundErrors", false);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.HideEngineAfterRestart", false);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
user_pref("ConduitEngine.InstalledDate", "Mon Dec 27 2010 15:29:11 GMT+0000 (GMT Standard Time)");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", false);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.2.3.3", "Tue Feb 08 2011 20:09:39 GMT+0000 (GMT Standard Time)");
user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.PublisherContainerWidth", 0);
user_pref("ConduitEngine.SavedHomepage", "www.google.com");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.UserID", "UN28780611490878959");
user_pref("ConduitEngine.engineLocale", "en-GB");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.initDone", true);
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=111576&tt=050412_30b~171011_prot");
user_pref("extensions.BabylonToolbar.bbDpng", 9);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar.instlDay", "15439");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=KW_ss&mntrId=d6db8b98000000000000001bfcdfb611&q=");
user_pref("extensions.BabylonToolbar.lastDP", 9);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:32:18");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.0");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=NT_ss&mntrId=d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 72541320);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:32:18");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111576&tt=050412_30b~171011_prot");
user_pref("extensions.BabylonToolbar_i.hardId", "d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar_i.id", "d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar_i.instlDay", "15439");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:32:18");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.apn_dbr", "ff_3.0.19");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "9D");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.crumb", "2011.12.08+11.42.41-toolbar008iad-GB-TG9uZG9uLFVuaXRlZCBLaW5nZG9t");
user_pref("extensions.asktb.default-channel-url-mask", "http://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYGB");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0085");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff-original-keyword-url", "chrome://browser-region/locale/region.properties");
user_pref("extensions.asktb.first-launch-url", "http://go.microsoft.com/fwlink/?LinkId=54729");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "0E65DD15-E42A-49C2-8C22-D65774416CB3");
user_pref("extensions.asktb.hpr", "YES");
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"http
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1333977815784");
user_pref("extensions.asktb.last-v", "3.14.0.100009");
user_pref("extensions.asktb.locale", "en_UK");
user_pref("extensions.asktb.location", "London,United Kingdom");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-enabled", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "41648107");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "5");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "5C1275F6-A498-49EA-A05C-C73F5EFD2463");
user_pref("extensions.asktb.search-plugin-suggestions-url", "http://ss.websearch.uk.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "08/12/2011 19:43:07");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.14.1.100010");
user_pref("extensions.asktb.volume", "");
user_pref("extensions.enabledItems", "engine@conduit.com:3.2.3.3,gencrawler@some.com:2.0,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{20a82645-c095-46ed-80e3-08825760534b}:1
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/12/2012 at 13:30:06.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And the OTL log:

OTL logfile created on: 13/12/2012 13:32:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.60% Memory free
4.24 Gb Paging File | 2.88 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 58.17 Gb Free Space | 20.04% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marcus\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation)


========== Driver Services (SafeList) ==========

DRV - (SYMTDIv) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://playbox.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_en-GB
IE - HKCU\..\SearchScopes\{9F7C261E-CA8A-4667-8904-2F99F0A06BE3}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BLP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/13 13:25:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}

[2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/12/13 13:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/09 13:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\staged
[2012/03/17 15:41:38 | 000,021,906 | ---- | M] () (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\staged\coupons@chilicoupon.com.xpi
[2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\live-search.xml
[2012/04/09 14:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2011/12/08 21:26:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/15 18:19:32 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
[2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/12/08 11:30:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Marcus\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/13 13:24:43 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/08 11:41:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/08 11:30:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/04 13:11:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/12/13 13:28:38 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/13 13:28:37 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/13 13:28:11 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2012/12/13 13:24:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 13:24:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 13:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/13 13:21:25 | 2144,673,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 11:47:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 11:30:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/08 10:55:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/08 10:46:10 | 000,000,138 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:47:23 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/04 13:47:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/04 13:31:08 | 000,605,098 | ---- | M] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2012/12/04 13:11:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2012/12/08 10:46:08 | 000,000,138 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | C] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2011/12/15 22:34:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 22:34:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 22:34:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 22:34:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 22:34:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
[2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
[2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
[2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/08/27 12:22:59 | 000,053,760 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 07:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/13 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ableton
[2007/10/16 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\acccore
[2011/07/10 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Antares
[2011/11/28 01:23:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent
[2008/03/13 08:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent DNA
[2010/12/27 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CheeseSoft
[2012/04/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ChiliCoupon
[2012/07/09 07:50:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools
[2012/12/13 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DNA
[2007/12/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Grisoft
[2012/04/09 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\IE ChiliCoupon
[2010/04/17 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ImgBurn
[2010/05/03 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ManyCam
[2011/02/08 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\NCH Swift Sound
[2011/01/26 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Neuratron
[2008/05/13 09:42:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Propellerhead Software
[2007/11/29 19:20:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\RhythmRascal
[2008/09/14 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SecondLife
[2012/05/20 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Spotify
[2010/03/17 20:10:27 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Steinberg
[2012/01/07 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Synthesia
[2011/05/26 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SystemRequirementsLab
[2012/01/14 15:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Thinstall
[2009/04/07 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2008/03/04 11:41:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/04/29 20:40:25 | 000,010,222 | ---- | M] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2012/04/29 20:40:21 | 000,010,222 | ---- | C] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

I'm afraid I couldn't find the extras text, I had a look in my C drive and downloads folder but there isn't an OTL folder. The OTL.txt came up automatically and seems to be saved in my download folder but no extras.txt.
 
Hi marcus89,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:
File::
C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
C:\Users\Marcus\AppData\Local\nSVDb4q65iE
C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
C:\ProgramData\20xYJkS83BHk4
C:\Users\Marcus\AppData\Local\Ltomariv.bin
C:\Users\Marcus\AppData\Local\Usejadiruvup.dat

Folder::
c:\users\Marcus\AppData\Local\ficmijdg

Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, please post the C:\ComboFix.txt for further review.

Next

P2P - I see you have/had P2P software uTorrent & BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall these now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
  • BitTorrent
If you choose to not remove these programs please refrain from using them until we have finished cleaning your computer.

Next

Locate Malwarebytes' Anti-Malware (it should be on your desktop).

  • Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

    MBAM.jpg


  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Next

Please run Eset Online Scanner
Administrator rights are required to run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
In your next post please provide the following:
  • ComboFix.txt
  • MBAM log
  • ESET report
  • Describe how your computer is running at the moment.
 
Hi, I couldn't find any of the bit torrent programs in the uninstall programs list, I deleted all the bittorrent related folders on my C drive but not sure what else can be done for now.

Here is the mbam log:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.15.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Marcus :: MARCUS-PC [administrator]

Protection: Enabled

15/12/2012 11:38:17
mbam-log-2012-12-15 (11-38-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249826
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Marcus\Desktop\MusicConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup(4).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\SetupRegKill.exe (Adware.CommonName) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\SetupRegKill2702.exe (Adware.CommonName) -> Quarantined and deleted successfully.

(end)

Combofix:

ComboFix 12-12-14.01 - Marcus 15/12/2012 11:08:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.769 [GMT 0:00]
Running from: c:\users\Marcus\Downloads\ComboFix.exe
Command switches used :: c:\users\Marcus\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\20xYJkS83BHk4"
"c:\users\Marcus\AppData\Local\20xYJkS83BHk4"
"c:\users\Marcus\AppData\Local\Ltomariv.bin"
"c:\users\Marcus\AppData\Local\nSVDb4q65iE"
"c:\users\Marcus\AppData\Local\Usejadiruvup.dat"
"c:\users\Marcus\AppData\Roaming\vqdlkr.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marcus\AppData\Local\ficmijdg
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 13:25 . 2012-12-13 13:25 -------- d-----w- c:\windows\ERUNT
2012-12-13 13:24 . 2012-12-13 13:24 -------- d-----w- C:\JRT
2012-12-08 10:55 . 2012-12-08 10:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 13:47 . 2012-04-09 13:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 13:47 . 2011-06-17 12:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"IHateThisKey"="c:\program files\ByteGems.com\I Hate This Key\IHateThisKey.exe" [2008-11-08 716800]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"BitTorrent DNA"="c:\users\Marcus\Program Files\DNA\btdna.exe" [2011-12-27 342848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:47]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_Marcus.job
- c:\users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 11:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:98,8b,c0,2a,df,b6,11,00
DUMPHIVE0.003 (REGF)
.
Completion time: 2012-12-15 11:29:44
ComboFix-quarantined-files.txt 2012-12-15 11:29
ComboFix2.txt 2012-12-08 11:41
ComboFix3.txt 2011-12-15 23:05
.
Pre-Run: 62,631,510,016 bytes free
Post-Run: 61,866,610,688 bytes free
.
- - End Of File - - B752E907B3D382D7DDC58DBF6088D1A7

ESET:

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=3e3399b27dadc7459d789b11b080e3af
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-15 02:42:35
# local_time=2012-12-15 02:42:35 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 85931533 193115283 0 0
# scanned=281084
# found=9
# cleaned=0
# scan_time=6913
C:\Program Files\Perfect Uninstaller\RkHitApi.dll a variant of Win32/Adware.SpywareCease.AA application (unable to clean) 339B726E4B3D7F4AE77D75F69B6EF8B01E433A14 I
C:\Program Files\SearchIn1Step\searchin1.exe a variant of Win32/Adware.OneStep application (unable to clean) 70227ECD635D953CD973099AF83F7EEA202A065A I
C:\Program Files\SearchIn1Step\si1opt.exe a variant of Win32/Adware.OneStep.B application (unable to clean) E7F1C57318FC5C5EADD94A526AA8F4638315667E I
C:\Qoobox\Quarantine\C\Users\Marcus\AppData\Local\usrHelpppm\SystemMain32.dll.vir probably a variant of Win32/Sefnit.CD trojan (unable to clean) 4D512B7520A0D53910D84EA2A55A32F794A374F9 I
C:\Qoobox\Quarantine\C\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (unable to clean) C1BAC22B767030CB056CCA7E6BD1AB42348E3EEE I
C:\Qoobox\Quarantine\C\Windows\System32\edgtdhiy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 9917D386E707B6A6E2863F68F8740923A3A51E42 I
C:\Users\Marcus\Documents\Downloads\Magic ISO Maker 5.4+_KEYGEN.EXE Win32/VB.NKW trojan (unable to clean) 203AD087330FB208F04E08DAFB09AB6C0871F5D5 I
C:\Users\Marcus\Documents\Downloads\Perfect Uninstaller™ V6.3.2.2\PerfectUninstaller_Setup.exe a variant of Win32/Adware.SpywareCease.AA application (unable to clean) 5A3709471657F0897A07D1A2454C340D554F6ACC I
C:\Users\Marcus\Downloads\PerfectUninstaller_Setup.exe a variant of Win32/Adware.SpywareCease.AA application (unable to clean) 81AF828FBB11A22979325D1523FEF64C49BAFF0D I
 
Hi marcus89,

Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Under Extra Registry place the check mark in Use Safe List -- special instructions
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:

  • OTL.txt
  • Extras.txt
 
Hi, it would appear I am no longer being redirected to that search babylon site, here is the OTL log:

OTL logfile created on: 17/12/2012 12:05:57 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.89% Memory free
4.23 Gb Paging File | 3.22 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 57.48 Gb Free Space | 19.81% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Users\Marcus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/13 13:25:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}

[2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/12/16 15:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/09 13:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\staged
[2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\live-search.xml
[2012/12/13 13:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2011/12/08 21:26:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/15 18:19:32 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
[2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========


O1 HOSTS File: ([2012/12/08 11:30:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 11:29:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/15 11:26:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/13 13:24:43 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/04 13:11:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/12/17 12:08:19 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/17 12:08:19 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/17 12:04:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 12:04:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 12:03:41 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2012/12/17 12:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/17 12:00:58 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/15 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/15 11:47:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/15 11:47:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/15 11:37:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 11:30:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/08 10:55:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/08 10:46:10 | 000,000,138 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | M] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2012/12/04 13:11:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2012/12/15 11:37:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 10:46:08 | 000,000,138 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | C] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2011/12/15 22:34:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 22:34:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 22:34:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 22:34:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 22:34:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
[2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010/05/31 16:07:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/05/31 16:07:50 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
[2010/03/26 17:56:17 | 000,696,832 | ---- | C] () -- C:\Windows\is-6C4JA.exe
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
[2010/02/28 18:23:49 | 000,005,612 | ---- | C] () -- C:\Windows\unpsd.ini
[2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/10/05 14:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/27 08:17:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/27 08:17:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/08 15:01:48 | 000,016,925 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2008/05/15 17:17:38 | 000,000,207 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
[2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/02/14 19:13:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/12/14 19:42:21 | 000,002,962 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/12/01 00:51:26 | 000,000,316 | ---- | C] () -- C:\Windows\Sampler.INI
[2007/12/01 00:51:26 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2007/12/01 00:51:25 | 000,000,325 | ---- | C] () -- C:\Windows\BeatBox.INI
[2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/15 21:43:56 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2007/09/27 20:14:38 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2007/09/27 20:14:38 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2007/09/27 20:14:38 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2007/09/27 20:14:38 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2007/09/27 20:14:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2007/09/27 20:14:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2007/09/27 20:14:38 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2007/09/27 20:14:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2007/09/27 20:14:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2007/09/27 20:14:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2007/09/27 20:14:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2007/09/27 20:14:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2007/09/27 20:14:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2007/09/27 20:14:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2007/09/27 20:14:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/09/27 20:07:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2007/09/06 19:05:09 | 000,000,245 | ---- | C] () -- C:\Windows\musicmaker.INI
[2007/09/06 19:01:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/09/06 19:01:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2007/09/06 18:59:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2007/09/06 18:59:55 | 000,000,999 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/27 12:22:59 | 000,053,760 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/26 22:06:31 | 000,000,496 | ---- | C] () -- C:\Windows\eReg.dat
[2007/08/24 22:00:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/08/24 22:00:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/08/24 22:00:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/08/24 20:40:30 | 000,160,951 | ---- | C] () -- C:\Windows\System32\drivers\gtipdsp_.bin
[2007/06/27 22:35:35 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/06/27 22:20:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/06/27 22:17:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/27 22:17:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 08:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 14:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 14:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,436,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 17:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/03/02 06:37:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/03/02 06:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2004/01/22 18:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1998/09/15 08:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Files - Unicode (All) ==========
[2012/04/29 20:40:25 | 000,010,222 | ---- | M] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2012/04/29 20:40:21 | 000,010,222 | ---- | C] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
And the extras.

OTL Extras logfile created on: 17/12/2012 12:05:57 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.89% Memory free
4.23 Gb Paging File | 3.22 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 57.48 Gb Free Space | 19.81% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- C:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05069BA8-21F2-4046-A265-7BBCE5478E8D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{35928ED6-70F0-4AC8-AE0C-C9E203A80A44}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A849754-F16C-40F3-8470-16AD8B945CEA}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{FFF4809C-B639-4195-B5B3-F0A6905DFB87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1CBFEB-DC97-4F4D-BDD3-30BC3011EF26}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{0D026CCE-573D-4A24-97CE-76BAED5E2C59}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{0F71CF66-3092-442F-8922-2737DEC8F944}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{11243E18-99A4-456E-950E-214DF94D1535}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{15C3476E-6B8E-4F0B-BD7A-78B3BCD960EF}" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"{172CEEDF-F2C8-40E7-B043-DF02246037AB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{1779051B-25A3-445D-AEDA-86F5C4C72FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1CA0895C-9175-44FD-8D4C-46E007CF039A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30A3112A-4AF0-4BD2-8185-97813BB927D8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{3110A17E-6433-494D-9356-7EFD25D83684}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{3A589965-23E1-4559-BFDF-539F884F8A92}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
"{3C438585-3BFC-4C80-9C15-EE93B03262A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{3E957A28-299A-4C25-A959-CDB84A556519}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{40FBBB9E-8A76-4C25-906A-00776CE25AE5}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
"{437E17A8-3B30-4F84-A3B3-4BCB0DFBA716}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{43FFA852-98A3-4046-B690-6F1499AE82D7}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{45079EF0-BE68-478A-919B-5FC243444A29}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{46354080-058F-4E0E-AC93-FE1B6DAE3403}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{46EDF16A-237E-40E8-BF76-9E93688287BA}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4759C8D4-4123-4D0E-A1C9-542C63AB4CE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4891ACF5-09F4-4097-BC61-16713725CD98}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{54F0DF5C-1A04-496A-8971-297050B7888D}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
"{565A471C-99F2-4C82-ABF9-822B286C2A7E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{57CE008C-D5DB-4257-91EE-24FB9BFBC47E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{656DB2CA-AE85-4CD0-8F4C-9F7AC38A0B8F}" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"{6606C470-4FE7-4332-9064-67815CA2F6A8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
"{67233814-FE52-4C79-8431-D0E19D6A5CEE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{72E40133-A1BD-4451-AC16-35548EF5404F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{7306407D-F11B-4831-A599-7A159C9F2CA9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{73BFE3DC-DD5A-439D-B12F-B928D48FC20A}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
"{7CBD3D1A-22FD-43C8-9A4A-FCC3B362DD0A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7CD62407-4AFF-4769-942E-8FC0575DFFED}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7F3BB18E-EAD1-44BB-BDB0-ED81B98F17EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{81F65645-11E0-4B10-9AF7-FAB5708D73C0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{83752797-490C-41BA-BC0E-D2236A55FEAA}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{8675C652-A5E3-4A7E-ABA7-EBE956394F05}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{912DDB1B-3D56-446C-962A-700BB66C3946}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9687EA38-A746-4636-9BB9-A28D117F2FFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{977090B5-257A-45EE-B92F-F3128CF4E438}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{985DF217-F2E0-44CF-B3E9-E4DDC5EAF8F8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
"{A62D4CC0-CC1B-4ED8-8394-5EAACCAE38A3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{A91198A0-645A-418D-BDD9-41C290024F91}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{ABDF3BF1-EC98-42BF-832D-C5D712442A63}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFA8D931-9E0A-450C-9CDE-BC7A6A0F1CF0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B0EB7DB8-069C-4C50-92E5-42575A9C2095}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B1A23E38-1F7D-4256-934B-25F5E51649F4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B336444F-55A9-49DB-A7F4-E0FE2C16BEC4}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
"{B662FE93-68B7-48A3-BE60-FC64D0DC1EFB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B70FE6A8-17BE-4AA9-A355-9323113A6F5E}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
"{BB381FD6-2C58-40B7-A80A-5F3BED6DA8F1}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
"{BDBFC4E3-4947-473E-B6B7-A82EA899B4FA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BEF93859-0EE7-4D0E-ACD2-A54582779F7D}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C3057C9E-CE04-40C7-8F93-35E924F7E33C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C673261E-E0D9-40F3-A1BE-EC4B6FA88666}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{C88E5345-4A46-4D38-BFE8-F1AF427DBFDB}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
"{D208D1B9-9521-48B0-9236-45B3D45F3C41}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{DD2EB50A-8511-4A7A-A7FC-D8DECF0300C7}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
"{E0E646DA-1BCF-4219-8208-E486E8F7EF67}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{EFBFE5C8-DD66-4108-905B-35F22D0219E2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F3335E79-18B7-40BF-BBE1-0C5BBAEA62C3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F45DA851-699B-4FB9-B6D7-C208B03D1379}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB0D2316-5992-4D84-9A63-D9BAE29260D3}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
"TCP Query User{24B95080-20C0-49CF-95E9-7BD5D8BE94A3}C:\users\marcus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"TCP Query User{263FB633-FAD4-40BA-86F1-3FF2EC663DA9}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{5107B846-92FE-4A84-93CD-67BED3612131}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"TCP Query User{69CF35F1-71FB-4160-8051-39E1D7744F63}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{6E1E3D17-5559-4CCA-84A0-0C60013E0FB7}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"TCP Query User{71B4BBE0-CD77-410A-A6D4-FB9A5D1C114E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{73C6319F-DA78-42B9-8E4A-7D947064B506}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{777650E7-1DDC-4069-8CAA-6BB4C3188D47}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{A3304DBF-2D7A-447A-80A8-6C6F05EBBDC5}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{F0D8D0C2-4BC8-4F2A-9D72-27C6B30EEBD8}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"TCP Query User{F6A21F0D-F75F-46FB-8E7F-543AA3C1CF11}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"UDP Query User{47611234-2CD1-4144-9DD8-0DCA963A4952}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{49FD287A-594B-4D38-8ACF-72D8A131F50A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{85871C09-F927-45EB-9898-E6015B3A6DAC}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"UDP Query User{8BCFC60A-7DCE-4766-BC3D-1592213B6511}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"UDP Query User{96006BB2-C413-41A4-BC47-6F7415E4416B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{A4903D7D-FDBA-4AC0-948E-07B322B526A9}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"UDP Query User{B0102943-C4B9-47C4-86AF-4138FAE2F5E7}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"UDP Query User{B8F909B0-26F9-4A35-9275-051BF24081E1}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{C217CCC2-45AA-41AA-83F9-09F3895AB151}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{CD7D7E6E-2A57-46D9-8E65-CFC9586105CD}C:\users\marcus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D4CE2A37-33B7-4482-9AF8-B919404AFC89}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{343DBCC6-511C-46C7-B0B7-DD86F60843E5}" = Licensing Service Install
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6804F55C-8E8F-46B5-9DF7-428AF2D139D5}_is1" = Xiah
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}" = Rhythm Rascal
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}" = OLYMPUS Master 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
"1888 Number to Word Converter_is1" = 1888 Number to Word Converter 1.0
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Age of Empires 2.0" = Microsoft Age of Empires II
"AIM_7" = AIM 7
"AmazingMIDI" = AmazingMIDI
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Total Broadband 220V" = BTTotalBroadband220V
"C&C" = Catch and Convert
"CD - DVD Publishing Service" = CD - DVD Publishing Service
"Celemony Melodyne Plugin_is1" = Celemony Melodyne Plugin VST RTAS v1.0
"ChiliCoupon" = ChiliCoupon™ by chilicoupon.com
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"coverXP" = coverXP (remove only)
"Deadhunt (demo)_is1" = Deadhunt Demo
"DesktopActivityRecorder" = Desktop Activity Recorder 2.6
"Diablo II" = Diablo II
"DVD Region Killer" = DVD Region Killer
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 7" = FL Studio 7
"FreeStudio Free DVD Audio Ripper" = FreeStudio Free DVD Audio Ripper 1.0.3
"Graboid Video" = Graboid Video 1.73
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"I Hate This Key_is1" = I Hate This Key Deluxe Edition 5.1
"IE ChiliCoupon" = IE ChiliCoupon™ by chilicoupon.com
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
"Lambda ASIO driver" = Lexicon Lambda ASIO(remove only)
"Live 7.0.3" = Live 7.0.3
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX music maker 2005 deLuxe" = MAGIX music maker 2005 deLuxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"ManyCam" = ManyCam 2.4 (remove only)
"MbrolaTools35_is1" = Mbrola Tools 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Platypus Free Trial_is1" = Platypus 1.13
"PrintScreenDeluxe" = Print Screen Deluxe
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Reason_is1" = Reason 3.0
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Smart Toolbar Remover_is1" = Smart Toolbar Remover v2.0
"SmartUndelete_is1" = SmartUndelete
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"Switch" = Switch Sound File Converter
"Synthesia" = Synthesia (remove only)
"SystemRequirementsLab" = System Requirements Lab
"ToneGen" = NCH Tone Generator
"Toolbar Remover_is1" = Toolbar Remover 1.0
"UltraISO_is1" = UltraISO Premium V9.32
"UT2003" = Unreal Tournament 2003
"Viper" = Viper 1.5.00
"Viral Outbreak v1.00 Demo_is1" = Viral Outbreak v1.00 VSTi Demo
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube FLV to AVI converter Pro_is1" = YouTube FLV to AVI converter Pro 2.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"BitTorrent DNA" = DNA
"Diablo II" = Diablo II
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo

========== Last 10 Event Log Errors ==========

[ OSession Events ]
Error - 27/12/2008 19:10:57 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14170
seconds with 0 seconds of active time. This session ended with a crash.

Error - 15/08/2009 16:47:13 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36475
seconds with 660 seconds of active time. This session ended with a crash.

Error - 09/12/2009 20:34:35 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11609
seconds with 60 seconds of active time. This session ended with a crash.

Error - 19/02/2011 19:16:03 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21531
seconds with 1740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/12/2012 16:15:28 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 15/12/2012 16:16:09 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 16/12/2012 11:12:42 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 16/12/2012 11:13:23 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17/12/2012 07:21:30 | Computer Name = Marcus-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:30:34 on 16/12/2012 was unexpected.

Error - 17/12/2012 07:21:33 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 17/12/2012 07:22:15 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17/12/2012 08:01:04 | Computer Name = Marcus-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:44:19 on 17/12/2012 was unexpected.

Error - 17/12/2012 08:01:08 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =

Error - 17/12/2012 08:01:48 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
Hi marcus89,

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • Ask Toolbar
  • Perfect Uninstaller
Next

Please go to: VirusTotal


  • virustotal2-SWI.png

  • Click the Browse button and search for the following file: C:\Windows\is-6C4JA.exe
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Next


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code:
File::
c:\users\Marcus\Program Files\DNA\btdna.exe
C:\Program Files\Perfect Uninstaller\RkHitApi.dll
C:\Users\Marcus\Documents\Downloads\Magic ISO Maker 5.4+_KEYGEN.EXE
C:\Users\Marcus\Documents\Downloads\Perfect Uninstaller™ V6.3.2.2\PerfectUninstaller_Setup.exe
C:\Users\Marcus\Downloads\PerfectUninstaller_Setup.exe

Folder::
C:\Program Files\SearchIn1Step

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

In your next post please provide the following:
  • ComboFix log
  • VirusTotal results
  • How is the computer running, any remaining issues?
 
Hi, computer seems to be running smoothly, no more searchbabylon redirects. I couldn't get rid of the ask toolbar in the programs and features, it said I didn't have permission. The virustotal website didn't seem to yield any results, it said detection ratio 0/46 and all the results fields were blank.

And the combofix results:

ComboFix 12-12-17.02 - Marcus 18/12/2012 13:53:56.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.960 [GMT 0:00]
Running from: c:\users\Marcus\Downloads\ComboFix.exe
Command switches used :: c:\users\Marcus\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Perfect Uninstaller\RkHitApi.dll"
"c:\users\Marcus\Documents\Downloads\Magic ISO Maker 5.4+_KEYGEN.EXE"
"c:\users\Marcus\Documents\Downloads\Perfect Uninstaller™ V6.3.2.2\PerfectUninstaller_Setup.exe"
"c:\users\Marcus\Downloads\PerfectUninstaller_Setup.exe"
"c:\users\Marcus\Program Files\DNA\btdna.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SearchIn1Step
c:\program files\SearchIn1Step\home.js
c:\program files\SearchIn1Step\readme.html
c:\program files\SearchIn1Step\searchin1.exe
c:\program files\SearchIn1Step\si1opt.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 13:25 . 2012-12-13 13:25 -------- d-----w- c:\windows\ERUNT
2012-12-13 13:24 . 2012-12-13 13:24 -------- d-----w- C:\JRT
2012-12-08 10:55 . 2012-12-08 10:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 11:47 . 2012-04-09 13:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 11:47 . 2011-06-17 12:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 19:54 . 2012-06-07 19:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"IHateThisKey"="c:\program files\ByteGems.com\I Hate This Key\IHateThisKey.exe" [2008-11-08 716800]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-29 981656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:47]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_Marcus.job
- c:\users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-18 14:07
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:98,8b,c0,2a,df,b6,11,00
DUMPHIVE0.003 (REGF)
.
Completion time: 2012-12-18 14:12:29
ComboFix-quarantined-files.txt 2012-12-18 14:12
ComboFix2.txt 2012-12-15 11:29
ComboFix3.txt 2012-12-08 11:41
ComboFix4.txt 2011-12-15 23:05
.
Pre-Run: 64,199,692,288 bytes free
Post-Run: 64,086,904,832 bytes free
.
- - End Of File - - B78B06215623C31070C11F5C2473CE1C
 
Hi marcus89,

Revo Uninstaller
Uninstall programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here, if needed.


Please download Revo Uninstaller Pro and save it to your desktop.
(This version is a fully functional, 30 day free trial)
  • Double click on "RevoUninProSetup.exe" to install. Follow/allow default installation.
    Vista-W7 Users: You must right-click on "RevoUninProSetup.exe", and select "Run As Administrator" to install. If UAC prompts, allow it.
  • Double click Revo Uninstaller from the Start Menu programs list, to run it.
  • From the list of programs click on
    Ask Toolbar
  • Chose "Uninstall". When prompted click Yes.
  • Make sure the advanced option is checked... then click Next.
  • The program will run, when prompted... click Yes... then Next.
  • Once the program has searched for leftovers click Next.
  • Check ONLY the bolded items on the list then... click Next... then Yes.
  • When done click Finish.
The problem program entries should now be gone.

Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    [2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
    [2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
    [2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
    [2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
    [2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
    [2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
  • OTL.txt
  • Any remaining issues?
 
Hi, my computer seems to be running much smoother now. Based on the scan results do you think it's safe for me to use it?

All processes killed
========== OTL ==========
C:\Users\Marcus\AppData\Local\Ltomariv.bin moved successfully.
C:\Users\Marcus\AppData\Local\Usejadiruvup.dat moved successfully.
C:\Users\Marcus\AppData\Roaming\vqdlkr.dat moved successfully.
C:\Users\Marcus\AppData\Local\nSVDb4q65iE moved successfully.
C:\Users\Marcus\AppData\Local\20xYJkS83BHk4 moved successfully.
C:\ProgramData\20xYJkS83BHk4 moved successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marcus
->Temp folder emptied: 12000832 bytes
->Temporary Internet Files folder emptied: 668956864 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70056379 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6109 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 716.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12222012_155913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Hi marcus89,

my computer seems to be running much smoother now. Based on the scan results do you think it's safe for me to use it?
One more scan to be certain we got everything.

= = = = = = = = = = = = = = = = = = = =

Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
      Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
  • OTL.txt
  • Any remaining issues?
 
Hi, here is the OTL log, everything seems fine on my end, just want to make sure there's nothing left:

OTL logfile created on: 26/12/2012 22:36:27 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.91% Memory free
4.23 Gb Paging File | 2.62 Gb Available in Paging File | 62.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 61.46 Gb Free Space | 21.18% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marcus\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation)


========== Driver Services (SafeList) ==========

DRV - (SYMTDIv) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Marcus\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://playbox.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_en-GB
IE - HKCU\..\SearchScopes\{9F7C261E-CA8A-4667-8904-2F99F0A06BE3}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BLP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/13 13:25:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}

[2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/12/24 18:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/09 13:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\staged
[2012/03/17 15:41:38 | 000,021,906 | ---- | M] () (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\staged\coupons@chilicoupon.com.xpi
[2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\live-search.xml
[2012/12/13 13:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2011/12/08 21:26:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/15 18:19:32 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
[2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/12/18 14:07:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/18 14:12:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/18 14:12:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/13 13:24:43 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/04 13:11:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr

========== Files - Modified Within 30 Days ==========

[2012/12/26 22:35:04 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/26 22:35:03 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/26 22:34:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marcus.job
[2012/12/26 22:30:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 22:30:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 22:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 22:27:19 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/24 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/24 19:51:14 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2012/12/24 18:56:52 | 394,327,297 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/24 18:22:02 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marcus.job
[2012/12/24 18:22:02 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marcus.job
[2012/12/22 15:10:07 | 000,001,095 | ---- | M] () -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/12/22 15:10:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/12/18 14:07:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/15 11:47:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/15 11:47:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/15 11:37:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 10:55:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/08 10:46:10 | 000,000,138 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | M] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2012/12/04 13:11:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr

========== Files Created - No Company Name ==========

[2012/12/22 16:03:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marcus.job
[2012/12/22 16:02:17 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marcus.job
[2012/12/22 16:02:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marcus.job
[2012/12/22 15:10:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/12/15 11:37:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 10:46:08 | 000,000,138 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | C] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2011/12/15 22:34:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 22:34:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 22:34:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 22:34:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 22:34:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
[2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
[2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/08/27 12:22:59 | 000,053,760 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 07:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/07/13 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ableton
[2007/10/16 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\acccore
[2011/07/10 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Antares
[2011/11/28 01:23:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent
[2008/03/13 08:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent DNA
[2010/12/27 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CheeseSoft
[2012/04/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ChiliCoupon
[2012/07/09 07:50:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools
[2012/12/18 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DNA
[2007/12/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Grisoft
[2012/04/09 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\IE ChiliCoupon
[2010/04/17 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ImgBurn
[2010/05/03 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ManyCam
[2011/02/08 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\NCH Swift Sound
[2011/01/26 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Neuratron
[2008/05/13 09:42:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Propellerhead Software
[2007/11/29 19:20:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\RhythmRascal
[2008/09/14 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SecondLife
[2012/05/20 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Spotify
[2010/03/17 20:10:27 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Steinberg
[2012/01/07 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Synthesia
[2011/05/26 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SystemRequirementsLab
[2012/01/14 15:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Thinstall
[2009/04/07 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2008/03/04 11:41:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/04/29 20:40:25 | 000,010,222 | ---- | M] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2012/04/29 20:40:21 | 000,010,222 | ---- | C] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
Status
Not open for further replies.
Back
Top