Sweetpacks & other stuff

[EmpressPhoenix]

Not sure how I got Sweetpacks, but it's annoying as all heck. Also, during the asw scan, it showed utorrent or scanning it but I cannot find that anywhere on my computer. Not in my program files or add/remove programs or anything. Not sure if that's something or not. Also, ran spybot the other night to post here, but computer derped so didn't get the files. it detected a few things it could not fix..but this sca
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 1.6.0_45
Run by Phoenix at 21:36:25 on 2013-07-02
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.3262.1557 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Furcadia\furc_on.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Furcadia\Furcadia.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\dmwu.exe
C:\Windows\System32\jmdp\stij.exe
C:\Program Files\SkypeAutoAnswer\AutoAnswer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN10050045552776410&UM=2&UP=SP7A9AAE07-8879-4A87-AF5D-A270EDA89B8F
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5FA32070-E33B-11E2-8337-001E682AA689}
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
uURLSearchHooks: {90b49673-5506-483e-b92b-ca0265bd9ca8} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.2.0.5\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SearchProtect] c:\users\phoenix\appdata\roaming\searchprotect\bin\cltmng.exe
uRunOnce: [SpybotDeletingB5299] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
uRunOnce: [SpybotDeletingD7233] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
uRunOnce: [SpybotDeletingB1253] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
uRunOnce: [SpybotDeletingD7190] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
uRunOnce: [SpybotDeletingB7470] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
uRunOnce: [SpybotDeletingD3935] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
uRunOnce: [SpybotDeletingB3608] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
uRunOnce: [SpybotDeletingD9148] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
uRunOnce: [SpybotDeletingB8942] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
uRunOnce: [SpybotDeletingD4376] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
uRunOnce: [SpybotDeletingB9361] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
uRunOnce: [SpybotDeletingD4637] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
uRunOnce: [SpybotDeletingB5160] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
uRunOnce: [SpybotDeletingD9852] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
uRunOnce: [SpybotDeletingB7921] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
uRunOnce: [SpybotDeletingD5412] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
uRunOnce: [SpybotDeletingB3459] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
uRunOnce: [SpybotDeletingD9859] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
uRunOnce: [SpybotDeletingB7049] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
uRunOnce: [SpybotDeletingD4699] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
uRunOnce: [SpybotDeletingB5428] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
uRunOnce: [SpybotDeletingD9190] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
uRunOnce: [SpybotDeletingB926] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
uRunOnce: [SpybotDeletingD4296] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
uRunOnce: [SpybotDeletingB6145] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
uRunOnce: [SpybotDeletingD275] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
uRunOnce: [SpybotDeletingB1729] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
uRunOnce: [SpybotDeletingD1293] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
uRunOnce: [SpybotDeletingB4960] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
uRunOnce: [SpybotDeletingD6968] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
uRunOnce: [SpybotDeletingB9276] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
uRunOnce: [SpybotDeletingD4045] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
uRunOnce: [SpybotDeletingB2028] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
uRunOnce: [SpybotDeletingD6160] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
uRunOnce: [SpybotDeletingB9306] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
uRunOnce: [SpybotDeletingD3802] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
uRunOnce: [SpybotDeletingB7536] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
uRunOnce: [SpybotDeletingD9713] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
uRunOnce: [SpybotDeletingB5542] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
uRunOnce: [SpybotDeletingD5440] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
uRunOnce: [SpybotDeletingB2779] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
uRunOnce: [SpybotDeletingD7173] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
uRunOnce: [SpybotDeletingB3122] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
uRunOnce: [SpybotDeletingD4924] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
uRunOnce: [SpybotDeletingB1170] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
uRunOnce: [SpybotDeletingD9060] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
uRunOnce: [SpybotDeletingB9757] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
uRunOnce: [SpybotDeletingD2747] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
uRunOnce: [SpybotDeletingB7855] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
uRunOnce: [SpybotDeletingD1510] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
uRunOnce: [SpybotDeletingB4217] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
uRunOnce: [SpybotDeletingD6137] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
uRunOnce: [SpybotDeletingB314] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
uRunOnce: [SpybotDeletingD433] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
uRunOnce: [SpybotDeletingB8188] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
uRunOnce: [SpybotDeletingD6635] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
uRunOnce: [SpybotDeletingB8996] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
uRunOnce: [SpybotDeletingD451] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
uRunOnce: [SpybotDeletingB6449] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
uRunOnce: [SpybotDeletingD7215] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
uRunOnce: [SpybotDeletingB412] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
uRunOnce: [SpybotDeletingD3417] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
uRunOnce: [SpybotDeletingB1570] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
uRunOnce: [SpybotDeletingD5700] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
uRunOnce: [SpybotDeletingB534] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
uRunOnce: [SpybotDeletingD1010] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
uRunOnce: [SpybotDeletingB6227] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
uRunOnce: [SpybotDeletingD3155] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
uRunOnce: [SpybotDeletingB2170] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
uRunOnce: [SpybotDeletingD5595] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
uRunOnce: [SpybotDeletingB3129] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
uRunOnce: [SpybotDeletingD253] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
uRunOnce: [SpybotDeletingB8926] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
uRunOnce: [SpybotDeletingD593] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
uRunOnce: [SpybotDeletingB5983] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
uRunOnce: [SpybotDeletingD77] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
uRunOnce: [SpybotDeletingB2866] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
uRunOnce: [SpybotDeletingD5049] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
uRunOnce: [SpybotDeletingB6306] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
uRunOnce: [SpybotDeletingD4258] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
uRunOnce: [SpybotDeletingB641] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
uRunOnce: [SpybotDeletingD1185] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
uRunOnce: [SpybotDeletingB6585] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
uRunOnce: [SpybotDeletingD5826] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
uRunOnce: [SpybotDeletingB1479] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
uRunOnce: [SpybotDeletingD5913] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
uRunOnce: [SpybotDeletingB3567] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
uRunOnce: [SpybotDeletingD3447] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
uRunOnce: [SpybotDeletingB7281] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
uRunOnce: [SpybotDeletingD770] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
uRunOnce: [SpybotDeletingB1497] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
uRunOnce: [SpybotDeletingD9512] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
uRunOnce: [SpybotDeletingB6992] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
uRunOnce: [SpybotDeletingD8790] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
uRunOnce: [SpybotDeletingB2805] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
uRunOnce: [SpybotDeletingD383] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
uRunOnce: [SpybotDeletingB838] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
uRunOnce: [SpybotDeletingD1645] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
uRunOnce: [SpybotDeletingB1362] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
uRunOnce: [SpybotDeletingD4097] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
uRunOnce: [SpybotDeletingB8348] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
uRunOnce: [SpybotDeletingD5847] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRunOnce: [SpybotDeletingA3039] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
mRunOnce: [SpybotDeletingC1226] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\ClearHist.exe"
mRunOnce: [SpybotDeletingA1346] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
mRunOnce: [SpybotDeletingC3427] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgcommon.dll"
mRunOnce: [SpybotDeletingA4726] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
mRunOnce: [SpybotDeletingC1632] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgconfig.dll"
mRunOnce: [SpybotDeletingA1898] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
mRunOnce: [SpybotDeletingC4408] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelperApp.exe"
mRunOnce: [SpybotDeletingA1157] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
mRunOnce: [SpybotDeletingC5928] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mghooking.dll"
mRunOnce: [SpybotDeletingA2556] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
mRunOnce: [SpybotDeletingC5883] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mglogger.dll"
mRunOnce: [SpybotDeletingA9464] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
mRunOnce: [SpybotDeletingC8159] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgsimcommon.dll"
mRunOnce: [SpybotDeletingA7117] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
mRunOnce: [SpybotDeletingC1565] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarProxy.dll"
mRunOnce: [SpybotDeletingA4227] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
mRunOnce: [SpybotDeletingC4800] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgxml_wrapper.dll"
mRunOnce: [SpybotDeletingA671] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
mRunOnce: [SpybotDeletingC2208] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\default.xml"
mRunOnce: [SpybotDeletingA7486] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
mRunOnce: [SpybotDeletingC7603] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll"
mRunOnce: [SpybotDeletingA5440] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
mRunOnce: [SpybotDeletingC9490] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll"
mRunOnce: [SpybotDeletingA1630] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
mRunOnce: [SpybotDeletingC4396] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\about.html"
mRunOnce: [SpybotDeletingA9821] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
mRunOnce: [SpybotDeletingC2297] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\affid.dat"
mRunOnce: [SpybotDeletingA3047] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
mRunOnce: [SpybotDeletingC7444] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\basis.xml"
mRunOnce: [SpybotDeletingA1321] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
mRunOnce: [SpybotDeletingC2547] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\bing.png"
mRunOnce: [SpybotDeletingA216] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
mRunOnce: [SpybotDeletingC5159] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\clear-history.png"
mRunOnce: [SpybotDeletingA5574] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
mRunOnce: [SpybotDeletingC907] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier.js"
mRunOnce: [SpybotDeletingA4558] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
mRunOnce: [SpybotDeletingC6576] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim.gif"
mRunOnce: [SpybotDeletingA659] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
mRunOnce: [SpybotDeletingC7654] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\content-notifier-anim-over.gif"
mRunOnce: [SpybotDeletingA2039] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
mRunOnce: [SpybotDeletingC6281] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dating.png"
mRunOnce: [SpybotDeletingA6457] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
mRunOnce: [SpybotDeletingC6032] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\dictionary.png"
mRunOnce: [SpybotDeletingA9048] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
mRunOnce: [SpybotDeletingC8622] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\e_cards.png"
mRunOnce: [SpybotDeletingA2977] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
mRunOnce: [SpybotDeletingC1233] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon.png"
mRunOnce: [SpybotDeletingA8076] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
mRunOnce: [SpybotDeletingC1142] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\eye_icon_over.png"
mRunOnce: [SpybotDeletingA4499] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
mRunOnce: [SpybotDeletingC6406] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\find.png"
mRunOnce: [SpybotDeletingA4903] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
mRunOnce: [SpybotDeletingC983] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\free_stuff.png"
mRunOnce: [SpybotDeletingA741] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
mRunOnce: [SpybotDeletingC4612] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\games.png"
mRunOnce: [SpybotDeletingA3952] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
mRunOnce: [SpybotDeletingC9314] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\glitter.png"
mRunOnce: [SpybotDeletingA7949] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
mRunOnce: [SpybotDeletingC9890] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\google.png"
mRunOnce: [SpybotDeletingA5954] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
mRunOnce: [SpybotDeletingC7572] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\help.png"
mRunOnce: [SpybotDeletingA529] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
mRunOnce: [SpybotDeletingC5226] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\highlight.png"
mRunOnce: [SpybotDeletingA7462] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
mRunOnce: [SpybotDeletingC3124] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\locales.xml"
mRunOnce: [SpybotDeletingA7028] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
mRunOnce: [SpybotDeletingC9516] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_16x16.png"
mRunOnce: [SpybotDeletingA1665] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
mRunOnce: [SpybotDeletingC9588] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_21x18.png"
mRunOnce: [SpybotDeletingA8159] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
mRunOnce: [SpybotDeletingC2910] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_32x32.png"
mRunOnce: [SpybotDeletingA8782] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
mRunOnce: [SpybotDeletingC9060] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\logo_about.png"
mRunOnce: [SpybotDeletingA9645] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
mRunOnce: [SpybotDeletingC3611] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\more-search-providers.png"
mRunOnce: [SpybotDeletingA1172] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
mRunOnce: [SpybotDeletingC1135] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\music.png"
mRunOnce: [SpybotDeletingA6013] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
mRunOnce: [SpybotDeletingC3112] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\news.png"
mRunOnce: [SpybotDeletingA5464] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
mRunOnce: [SpybotDeletingC2990] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\options.html"
mRunOnce: [SpybotDeletingA551] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
mRunOnce: [SpybotDeletingC3958] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\photos.png"
mRunOnce: [SpybotDeletingA2339] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
mRunOnce: [SpybotDeletingC6704] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\search-current-site.png"
mRunOnce: [SpybotDeletingA4589] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
mRunOnce: [SpybotDeletingC5225] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\shopping.png"
mRunOnce: [SpybotDeletingA8708] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
mRunOnce: [SpybotDeletingC8297] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileySmile.png"
mRunOnce: [SpybotDeletingA1656] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
mRunOnce: [SpybotDeletingC6396] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\SmileyWink.png"
mRunOnce: [SpybotDeletingA5894] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
mRunOnce: [SpybotDeletingC1833] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\sweetim_text.png"
mRunOnce: [SpybotDeletingA1878] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
mRunOnce: [SpybotDeletingC3637] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\toolbar.xml"
mRunOnce: [SpybotDeletingA5996] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
mRunOnce: [SpybotDeletingC8738] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\video.png"
mRunOnce: [SpybotDeletingA5336] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
mRunOnce: [SpybotDeletingC2019] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\web-search.png"
mRunOnce: [SpybotDeletingA6736] command.com /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
mRunOnce: [SpybotDeletingC230] cmd.exe /c del "c:\program files\sweetim\toolbars\internet explorer\resources\yahoo.png"
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\phoenix\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{54A4859D-93EA-43A8-AD0A-3FEF4C6863ED} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://start.sweetpacks.com/?barid={5FA32070-E33B-11E2-8337-001E682AA689}&crg=3.5000006.10045&st=23|http://www.aywas.org/news/
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\users\phoenix\appdata\roaming\mozilla\firefox\profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com\plugins\npActiveGS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-13 22:09; {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyVEs2DdX&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 5cf6908d000000000000001f3a513170
FF - user.js: extensions.incredibar_i.instlDay - 15673
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.142:50:40
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyVEs2DdX
FF - user.js: extensions.incredibar_i.upn2n - 92262534126543597
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 1
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-13 37664]
R2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2012-11-29 1167152]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2013-5-27 27136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]
S3 TunngleService;TunngleService;c:\program files\tunngle\TnglCtrl.exe [2013-5-27 746392]
S4 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-8-12 1153368]
S4 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-27 1015984]
.
=============== Created Last 30 ================
.
2013-07-02 17:24:28 -------- d-----w- c:\program files\SkypeAutoAnswer
2013-07-02 14:29:50 -------- d-----w- c:\users\phoenix\appdata\local\CRE
2013-07-02 14:29:05 -------- d-----w- c:\users\phoenix\appdata\roaming\SearchProtect
2013-06-21 12:12:22 -------- d-----w- c:\users\phoenix\appdata\roaming\runic games
2013-06-19 00:57:48 -------- d-----w- c:\users\phoenix\appdata\local\GOG.com
2013-06-19 00:57:35 -------- d-----w- c:\program files\GOG.com
2013-06-14 03:10:01 -------- d-----w- c:\program files\Sun
.
==================== Find3M ====================
.
2013-06-18 10:10:09 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-18 10:10:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-27 22:20:41 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-27 08:58:04 1167152 ----a-w- c:\windows\system32\dmwu.exe
2013-05-27 08:55:06 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
.
============= FINISH: 21:36:54.56 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-03 04:47:43
-----------------------------
04:47:43.811 OS Version: Windows 6.0.6001 Service Pack 1
04:47:43.811 Number of processors: 2 586 0x6802
04:47:43.812 ComputerName: DJIBOUTI UserName: Phoenix
04:47:48.715 Initialize success
04:48:41.136 AVAST engine defs: 13070200
04:48:50.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
04:48:50.238 Disk 0 Vendor: WDC_WD5000LPVT-00G33T0 01.01A01 Size: 476940MB BusType: 3
04:48:50.472 Disk 0 MBR read successfully
04:48:50.488 Disk 0 MBR scan
04:48:50.518 Disk 0 unknown MBR code
04:48:50.553 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 465484 MB offset 63
04:48:50.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11452 MB offset 953313165
04:48:50.672 Disk 0 scanning sectors +976768065
04:48:51.024 Disk 0 scanning C:\Windows\system32\drivers
04:49:20.732 Service scanning
04:50:29.564 Modules scanning
04:50:37.017 Disk 0 trace - called modules:
04:50:37.054 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ndis.sys nvmfdx32.sys dxgkrnl.sys nvlddmkm.sys
04:50:37.057 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85341740]
04:50:37.057 3 CLASSPNP.SYS[8a5a1745] -> nt!IofCallDriver -> [0x83f971c8]
04:50:37.058 5 acpi.sys[806166a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x83f98ba0]
04:50:40.298 AVAST engine scan C:\Windows
04:50:48.822 AVAST engine scan C:\Windows\system32
04:54:57.923 AVAST engine scan C:\Windows\system32\drivers
04:55:40.822 AVAST engine scan C:\Users\Phoenix
06:29:13.659 AVAST engine scan C:\ProgramData
06:41:03.829 Scan finished successfully
09:54:26.556 Disk 0 MBR has been saved successfully to "C:\Users\Phoenix\Desktop\MBR.dat"
09:54:26.615 The log file has been saved successfully to "C:\Users\Phoenix\Desktop\aswMBR.txt"

Win32.Downloader.gen: [SBI $BCCEBCBD] Program directory (Directory, nothing done)
C:\Users\Phoenix\AppData\Roaming\SearchProtect\

FastClick: Tracking cookie (Internet Explorer: Phoenix) (Cookie, nothing done)


MediaPlex: Tracking cookie (Internet Explorer: Phoenix) (Cookie, nothing done)


DoubleClick: Tracking cookie (Internet Explorer: Phoenix) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

 

[ken545]

:welcome:

Most times you get things like Sweetpacks by downloading a program and not reading what your getting, a lot of this garbage is bundled with some legit programs, during the install your need to read read read before clicking on Next


Go here and download AdwCleaner to your desktop

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please download Junkware Removal Tool to your desktop.

• Shutdown your antivirus to avoid any conflicts.
• Double click JRT.exe to run the tool
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next reply

Please download Malwarebytes Anti-Malware to your desktop.

• Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan as shown below.
  
  
  
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

I need to see
1. Adwcleaner log
2. Junkware removal log
3. Malwarebytes log

 

[EmpressPhoenix]

Thank you for your reply. I was beginning to worry.

# AdwCleaner v2.305 - Logfile created 07/14/2013 at 18:34:07
# Updated 11/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 1 (32 bits)
# User : Phoenix - DJIBOUTI
# Boot Mode : Normal
# Running from : C:\Users\Phoenix\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Windows\system32\jmdp
Deleted on reboot : C:\Windows\system32\Zynga
Deleted on reboot : C:\Windows\system32\Zynga
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js
File Deleted : C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jZip.lnk
File Deleted : C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Phoenix\Desktop\jZip.lnk
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Phoenix\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Phoenix\AppData\Local\Conduit
Folder Deleted : C:\Users\Phoenix\AppData\Local\jZip
Folder Deleted : C:\Users\Phoenix\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Phoenix\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Phoenix\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Phoenix\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Phoenix\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Phoenix\AppData\Roaming\SearchProtect
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\WNLT

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287804
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18639

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3289075&octid=CT3289075&SearchSource=61&CUI=UN10050045552776410&UM=2&UP=SP7A9AAE07-8879-4A87-AF5D-A270EDA89B8F --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={5FA32070-E33B-11E2-8337-001E682AA689} --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\prefs.js

C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\user.js ... Deleted !

Deleted : user_pref("CT2612669_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3287804_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3289075_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289075&CUI=UN33133571[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289075");
Deleted : user_pref("browser.search.defaultenginename", "SweetIM Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl_v6 Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "SweetIM Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?barid={5FA32070-E33B-11E2-8337-0[...]
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10643");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "9FE8072D79CEEEE09BAAC0A2B20B9533");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "5cf6908d000000000000001f3a513170");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15673");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.142:50:40");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyVEs2DdX&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyVEs2DdX");
Deleted : user_pref("extensions.incredibar.upn2n", "92262534126543597");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.142:50:40");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "5cf6908d000000000000001f3a513170");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15673");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyVEs2DdX&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyVEs2DdX");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92262534126543597");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.142:50:40");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3287804");
Deleted : user_pref("smartbar.machineId", "+PX/FK26FMBU54E5VGQVPJTHLBN/GY0/9KKYRDQZ8F4WVAE1VQL2UI6BCWIAKUSLLBV[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.conduit.com/ResultsEx[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.aywas.org/news/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

-\\ Opera v12.11.1661.0

File : C:\Users\Phoenix\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [398 octets] - [14/07/2013 15:23:05]
AdwCleaner[S2].txt - [18100 octets] - [14/07/2013 18:34:07]

########## EOF - C:\AdwCleaner[S2].txt - [18161 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.0.9 (07.12.2013:2)
OS: Windows Vista (TM) Home Basic x86
Ran by Phoenix on Sun 07/14/2013 at 18:56:50.28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CD7C5EC1-2A04-46FE-B268-FB8D75872430}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CD7C5EC1-2A04-46FE-B268-FB8D75872430}



~~~ Files

Successfully deleted: [File] "C:\Windows\system32\dmwu.exe"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Phoenix\appdata\local\{754E9E12-F80E-4871-9FD1-126073BF48A9}
Successfully deleted: [Empty Folder] C:\Users\Phoenix\appdata\local\{D83F4B25-B55B-4A8E-BE63-55F9B3388765}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{7d4f1959-3f72-49d5-8e59-f02f8aa6815d}
Emptied folder: C:\Users\Phoenix\AppData\Roaming\mozilla\firefox\profiles\1w5oxnrp.default\minidumps [126 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/14/2013 at 19:00:10.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.14.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Phoenix :: DJIBOUTI [administrator]

7/14/2013 7:11:59 PM
mbam-log-2013-07-14 (19-11-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210784
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Phoenix\Downloads\windows live messenger setup.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

(end)

 

[ken545]

:bigthumb:

Sometimes we get so busy that a thread now and then may fall through the cracks, very sorry about that but I am linked to you now

Things any better ?


OTL by OldTimer

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the "Scan All Users" checkbox.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

[EmpressPhoenix]

Yes. Sweetpacks stuff is gone!

OTL logfile created on: 7/15/2013 5:40:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phoenix\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.19 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 74.45% Memory free
6.60 Gb Paging File | 5.87 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.58 Gb Total Space | 200.39 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.83% Space Free | Partition Type: NTFS
Drive F: | 454.58 Gb Total Space | 257.14 Gb Free Space | 56.57% Space Free | Partition Type: NTFS
Drive G: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.90% Space Free | Partition Type: NTFS

Computer Name: DJIBOUTI | User Name: Phoenix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Phoenix\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Furcadia\furc_on.exe (Dragon's Eye Productions, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
PRC - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TunngleService) -- C:\Program Files\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AffinegyService) -- C:\Program Files\TWC\DigiDo\AffinegyService.exe (Affinegy, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (tap0901t) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (SymIMMP) -- C:\Windows\System32\drivers\SymIM.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIM.sys (Symantec Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{1D006497-C638-413B-B6A4-ABEA308EB006}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt




IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes\{1D006497-C638-413B-B6A4-ABEA308EB006}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psdt
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aywas.org/news/"
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2
FF - prefs.js..extensions.enabledAddons: activegs%40freetoolsassociation.com:3.6.1307
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0045-ABCDEFFEDCBA%7D:6.0.45
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.7
FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.0.8
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Phoenix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Phoenix\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Phoenix\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Phoenix\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Phoenix\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/07/02 09:29:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/25 16:29:59 | 000,000,000 | ---D | M]

[2012/06/30 20:09:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Extensions
[2013/07/09 12:02:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions
[2013/07/09 12:02:04 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012/06/30 20:37:11 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
[2013/02/25 08:51:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2013/03/29 21:13:27 | 000,000,000 | ---D | M] (ActiveGS) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\activegs@freetoolsassociation.com
[2013/02/05 02:48:15 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\djziggy@gmail.com
[2012/06/30 20:40:30 | 000,613,946 | ---- | M] () (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{021bfe80-a015-11de-8a39-0800200c9a66}.xpi
[2013/07/03 12:32:27 | 000,534,371 | ---- | M] () (No name found) -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/07/03 14:22:34 | 000,001,793 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\Bing.xml
[2013/07/02 09:30:31 | 000,001,110 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Profiles\1w5oxnrp.default\searchplugins\utorrentcontrolv6-customized-web-search.xml
[2013/06/13 22:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/13 22:09:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
[2013/03/10 05:49:11 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/12/20 02:32:06 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/10 05:49:10 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/05/27 09:49:55 | 000,448,610 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15406 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Phoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2425050757-3223518249-3769056943-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54A4859D-93EA-43A8-AD0A-3FEF4C6863ED}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Phoenix\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/29 04:15:36 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/03/09 18:11:17 | 000,000,074 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - G:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell - "" = AutoRun
O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/15 17:38:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe
[2013/07/15 14:47:21 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\Desktop\CDL
[2013/07/14 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\Malwarebytes
[2013/07/14 19:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/14 19:10:38 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/14 19:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/14 19:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/14 19:09:54 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phoenix\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/14 18:56:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/14 18:55:51 | 000,559,441 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Phoenix\Desktop\JRT.exe
[2013/07/03 00:13:10 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\SkypePM
[2013/07/03 00:09:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/07/03 00:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/07/03 00:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/07/02 12:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypeAutoAnswer
[2013/07/02 12:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\SkypeAutoAnswer
[2013/07/02 09:29:50 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Local\CRE
[2013/07/01 23:26:19 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Phoenix\Desktop\dds.scr
[2013/07/01 23:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/06/21 07:12:22 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Roaming\runic games
[2013/06/18 19:59:46 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\Documents\GOG.com Downloads
[2013/06/18 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Phoenix\AppData\Local\GOG.com
[2013/06/18 19:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013/06/18 19:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\GOG.com
[2013/06/17 17:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

========== Files - Modified Within 30 Days ==========

[2013/07/15 17:38:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Phoenix\Desktop\OTL.exe
[2013/07/15 17:16:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/15 16:54:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000UA.job
[2013/07/15 16:10:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 16:10:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 14:47:21 | 000,041,861 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.001
[2013/07/15 13:50:27 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/15 00:16:38 | 002,090,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/15 00:16:38 | 000,633,434 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/15 00:10:22 | 000,000,214 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2013/07/15 00:10:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/15 00:10:11 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/15 00:10:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/15 00:09:59 | 3421,396,992 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/14 23:54:18 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000Core.job
[2013/07/14 20:11:10 | 000,030,208 | ---- | M] () -- C:\Users\Phoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/14 19:10:39 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 19:09:58 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phoenix\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/14 18:56:14 | 000,559,441 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Phoenix\Desktop\JRT.exe
[2013/07/14 15:21:45 | 000,662,345 | ---- | M] () -- C:\Users\Phoenix\Desktop\AdwCleaner.exe
[2013/07/03 14:31:00 | 000,000,733 | ---- | M] () -- C:\Users\Phoenix\Desktop\SkypePortable.exe - Shortcut.lnk
[2013/07/03 10:00:24 | 000,000,803 | ---- | M] () -- C:\Users\Phoenix\Desktop\attach.zip
[2013/07/03 09:54:26 | 000,000,512 | ---- | M] () -- C:\Users\Phoenix\Desktop\MBR.dat
[2013/07/02 21:30:00 | 000,004,879 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/02 12:24:28 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\SkypeAutoAnswer.lnk
[2013/07/02 08:40:00 | 000,484,992 | ---- | M] () -- C:\Users\Phoenix\Desktop\MineCraftNEW.exe
[2013/07/01 23:36:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Phoenix\Desktop\aswMBR.exe
[2013/07/01 23:26:22 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Phoenix\Desktop\dds.scr
[2013/07/01 23:21:12 | 000,000,714 | ---- | M] () -- C:\Users\Phoenix\Desktop\ERUNT.lnk
[2013/07/01 23:19:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Phoenix\Desktop\erunt-setup.exe
[2013/06/21 07:19:25 | 000,041,861 | ---- | M] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.dat
[2013/06/21 07:12:16 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight.lnk
[2013/06/19 19:08:03 | 000,315,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/06/18 05:10:09 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/18 05:10:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/17 17:50:40 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2013/07/14 19:10:39 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 15:21:33 | 000,662,345 | ---- | C] () -- C:\Users\Phoenix\Desktop\AdwCleaner.exe
[2013/07/13 23:49:17 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000UA.job
[2013/07/13 23:49:15 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2425050757-3223518249-3769056943-1000Core.job
[2013/07/03 14:31:00 | 000,000,733 | ---- | C] () -- C:\Users\Phoenix\Desktop\SkypePortable.exe - Shortcut.lnk
[2013/07/03 10:00:24 | 000,000,803 | ---- | C] () -- C:\Users\Phoenix\Desktop\attach.zip
[2013/07/03 09:54:26 | 000,000,512 | ---- | C] () -- C:\Users\Phoenix\Desktop\MBR.dat
[2013/07/03 00:09:10 | 000,002,377 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/02 21:29:39 | 000,004,879 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/02 12:24:28 | 000,000,863 | ---- | C] () -- C:\Users\Public\Desktop\SkypeAutoAnswer.lnk
[2013/07/02 08:39:56 | 000,484,992 | ---- | C] () -- C:\Users\Phoenix\Desktop\MineCraftNEW.exe
[2013/07/01 23:21:12 | 000,000,714 | ---- | C] () -- C:\Users\Phoenix\Desktop\ERUNT.lnk
[2013/06/21 07:12:16 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight.lnk
[2013/06/17 17:50:40 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/29 03:50:18 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012/10/18 18:41:23 | 000,000,952 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/10/02 00:04:36 | 000,000,542 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\wklnhst.dat
[2012/09/16 15:53:33 | 000,030,208 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/09 00:06:45 | 000,007,944 | ---- | C] () -- C:\Users\Phoenix\AppData\Local\d3d9caps.dat
[2012/06/29 21:18:39 | 000,041,861 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.001
[2012/06/29 21:16:00 | 000,041,861 | ---- | C] () -- C:\Users\Phoenix\AppData\Roaming\nvModes.dat
[2012/06/29 12:19:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/06/29 12:19:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/06/29 05:16:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2012/06/29 05:11:58 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/06/29 04:30:03 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 7/15/2013 5:40:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Phoenix\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.19 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 74.45% Memory free
6.60 Gb Paging File | 5.87 Gb Available in Paging File | 88.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.58 Gb Total Space | 200.39 Gb Free Space | 44.08% Space Free | Partition Type: NTFS
Drive D: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.83% Space Free | Partition Type: NTFS
Drive F: | 454.58 Gb Total Space | 257.14 Gb Free Space | 56.57% Space Free | Partition Type: NTFS
Drive G: | 11.18 Gb Total Space | 2.11 Gb Free Space | 18.90% Space Free | Partition Type: NTFS

Computer Name: DJIBOUTI | User Name: Phoenix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01687783-2772-48FC-8CC3-4D89F5B67A2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0732DD12-1AB9-4EF0-9AFD-121894C3B45A}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{25566255-B92F-439E-AC19-96F96A8B85A9}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{304C490E-CB16-44FB-94C7-52474A9E55FE}" = protocol=17 | dir=in | app=c:\program files\twc\digido\digido.exe |
"{43BB93BE-BFEB-444F-B91E-DF7873F46FF3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{4C442032-0851-4E04-A8A0-2F15E594E3F7}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{55885F82-A7F1-4005-9BD4-7F4FDE810A93}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{625BC8B9-5A19-4361-9331-FA7C0360F0B8}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{627F4A80-4F47-4E3D-9682-34A297B93D90}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{71855A7C-E690-4322-903C-E39917BA24A7}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{71E8DCE7-B83F-4985-995A-BB98D4FC6425}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{749D35D4-5243-49A2-96AF-B93ACA4B5838}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7550F804-68CE-4A7C-94D0-7068DE800435}" = protocol=17 | dir=in | app=c:\program files\twc\digido\digido.exe |
"{79B876FC-F79A-4598-AB3A-3C276AFAFBD1}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7B2FDC6D-94D7-4A18-BFF8-EB6DFA83B20F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7F1CAA7E-630A-438E-B31B-E2D1438C3325}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{7F857DD5-587D-4C07-A1EC-73117B5A3D36}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{81395C6B-CDCE-4E00-A1A8-46A84B911C5A}" = protocol=6 | dir=in | app=c:\program files\twc\digido\digido.exe |
"{8716181D-2D44-4286-9143-5E832497A1D0}" = protocol=6 | dir=in | app=c:\program files\twc\digido\digido.exe |
"{8915B9AB-DD5C-499B-BEA1-474D3BCE780D}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{8F142F54-4ECC-46C9-BE91-ED1887459603}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A40B63D1-0114-4210-A87C-EF29DAD92675}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe |
"{B0E46038-C6F6-44FB-A9BC-F359493688BF}" = protocol=17 | dir=in | app=c:\users\phoenix\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{B5300067-991E-4932-A597-B17929B934B9}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe |
"{B7D80C69-F547-4741-87D2-23116E276B8F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{C18BDADD-7C69-4D9B-BA5A-ACF156DF214E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CA569E3C-883D-47AE-B324-76689B467E55}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CAD66A92-5FE3-4E0B-9360-419233F9AE5A}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{CFF9362C-3C1A-4181-ABF4-4EF7BA7B433A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D32397F0-D869-405E-A4E0-1E131CFE999B}" = dir=in | app=c:\program files\twc\digido\digido.exe |
"{D8B6E76D-1CAC-4F35-978C-832F4004EC43}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E16578F1-C9D4-4245-8F60-B964974E14A2}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{E8395569-5858-452B-8137-C3F4AA8AF1BD}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EEE01CCB-1980-4B70-AA9B-C0C9C0CF63FD}" = protocol=6 | dir=in | app=c:\users\phoenix\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F8801A7F-DFCC-4C90-A3B1-6351FEB62894}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FD825796-B701-419C-AB67-CC5A04FA11F9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{FEC9A0A6-98C5-4C8A-981E-79B7B29FC4B0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{02289D55-4E95-45CA-830B-47384100B8CE}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{2A34255E-8ECB-4F5D-AE08-021971B59C53}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2A56B09F-F179-4382-B05E-324523CAF749}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2B9F2503-C42B-4D79-B725-15B2E4DFB12D}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |
"TCP Query User{8FB2B311-87AE-4777-8622-CD4281FE0E1B}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A05E216B-5D25-427B-8183-387D84970DE4}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{A0B83AC2-2412-4374-A7CA-C2E59125A324}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{C0753ABC-478B-4C7B-88AE-F552C2865FF3}C:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe |
"TCP Query User{E485D79B-594D-4CBC-8344-871DDDDF715F}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{FCCBE696-C865-4F1D-8380-ED2723309645}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{FD4D8B49-B335-4378-BF54-9EE85B97A051}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{36ED8AF5-39D5-4F6C-B0EF-C518B8376E6B}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{373B216C-93BE-4399-899A-8BA79F62EAE4}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{3D27B7E5-E53B-4E4D-B8CF-319A6C2841C3}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{5C018A19-95A1-4585-B940-7A475DA7FDB2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{5DE01926-8263-4526-B852-7E93E9641726}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{822D1E8F-B3C3-4EA3-ADE1-C15660A6C9B1}C:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\phoenix\downloads\skypeportable\app\skype\phone\skype.exe |
"UDP Query User{A3BD1DA8-66A7-4AA7-ACC6-608EC8ADDDC7}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{ADCBECE3-B8CA-429C-9187-963912E2F20B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B2689B77-EB10-4B0D-B646-BB544764B960}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{E9FB7C77-334D-4915-8494-6BA4AADA2910}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{F6EC9C22-8717-4324-9A1C-1674D50E8512}C:\program files\java\jre1.6.0_02\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_02\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160450}" = Java(TM) SE Development Kit 6 Update 45
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42D10994-A566-495D-A5E7-D0C6B5C6B35C}" = HP Product Detection
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.5.7
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EC658D-A1C6-40CA-8E86-E05821BAACE7}" = Java DB 10.6.2.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = DigiDo
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"Furcadia" = Furcadia
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.11.1661" = Opera 12.11
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SkypeAutoAnswer" = SkypeAutoAnswer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Torchlight_is1" = Torchlight
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 2.0.7
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2425050757-3223518249-3769056943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Battle for Wesnoth 1.10.5" = Battle for Wesnoth 1.10.5
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2013 8:25:19 PM | Computer Name = Djibouti | Source = WinMgmt | ID = 10
Description =

Error - 7/14/2013 8:30:23 PM | Computer Name = Djibouti | Source = LoadPerf | ID = 3012
Description =

Error - 7/14/2013 8:30:23 PM | Computer Name = Djibouti | Source = LoadPerf | ID = 3011
Description =

Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = WinMgmt | ID = 10
Description =

Error - 7/15/2013 1:16:35 AM | Computer Name = Djibouti | Source = LoadPerf | ID = 3012
Description =

Error - 7/15/2013 1:16:35 AM | Computer Name = Djibouti | Source = LoadPerf | ID = 3011
Description =

Error - 7/15/2013 2:49:45 PM | Computer Name = Djibouti | Source = Application Error | ID = 1000
Description = Faulting application Skype.exe, version 6.0.0.126, time stamp 0x509ce778,
faulting module Flash9d.ocx, version 9.0.47.0, time stamp 0x466daac0, exception
code 0xc0000005, fault offset 0x00123790, process id 0x1f4, application start time
0x01ce818b9576f51c.

Error - 7/15/2013 3:48:48 PM | Computer Name = Djibouti | Source = Windows Search Service | ID = 3013
Description =

Error - 7/15/2013 3:48:51 PM | Computer Name = Djibouti | Source = Windows Search Service | ID = 3013
Description =

Error - 7/15/2013 3:49:32 PM | Computer Name = Djibouti | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 7/15/2013 1:10:10 AM | Computer Name = Djibouti | Source = HTTP | ID = 15016
Description =

Error - 7/15/2013 1:11:24 AM | Computer Name = Djibouti | Source = DCOM | ID = 10005
Description =

Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
Description =

Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7009
Description =

Error - 7/15/2013 1:11:45 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
Description =

Error - 7/15/2013 1:11:47 AM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7034
Description =

Error - 7/15/2013 5:27:51 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7009
Description =

Error - 7/15/2013 5:27:51 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
Description =

Error - 7/15/2013 6:11:11 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7009
Description =

Error - 7/15/2013 6:11:11 PM | Computer Name = Djibouti | Source = Service Control Manager | ID = 7000
Description =


< End of report >

 

[ken545]

Great

Open OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell - "" = AutoRun
  O33 - MountPoints2\{0bf803ca-0c23-11e2-913f-001e682aa689}\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
  O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell - "" = AutoRun
  O33 - MountPoints2\{ed786e00-c1dc-11e1-8af6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
  O33 - MountPoints2\E\Shell - "" = AutoRun
  O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
  O33 - MountPoints2\H\Shell - "" = AutoRun
  O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\ToolLauncher-Bootstrap.exe
  
  
  :Services
  
  :Reg
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top. <--Not run Scan
• Let the program run unhindered, reboot when it is done
• Then post the results of the log it produces

 

[EmpressPhoenix]

Yeah. Bit of an issue here now.

I ran OTL like you said. It got to [emptytemp] and then sat there for a bit. Then the program did a "Not Responding" sort of thing. I figured it was just busy doing whatever it was doing, so I left it alone for a bit. I don't know if an hour was long enough but, an hour of "Not Responding" leads me to believe something isn't right.
Perhaps I should of just left it not responding for a long time, but at that point I was a bit impatient. Force shut down my comp with the power button..then proceeded to have issues loading it up. It took forever, and I had to shut down a few times just to get it back on.

A bit scarey, since I do not have the funds atm and probably will not for a while to afford a new computer.

What do I do?

 

[ken545]

Just reboot a few times and see if it makes a difference

 

[EmpressPhoenix]

Ok. You may have to elaborate for me. You said reboot a few times and see if there is any difference. In an difference to what exactly?

 

[ken545]

Good Morning,

The way you worded your statement I thought you where having problems starting up your system and sometimes just rebooting it a few times will straighten it out. How is your system behaving now ?

 

[EmpressPhoenix]

I was. After running the program it seemed to cause boot up problems, and I didn't get to finish running OTL cause, like I said..the program itself stopped responding. Not sure what else to do and I am kind of afraid to run it again.

System seems to be fine now though.

 

[ken545]

Thats fine, no need to run it again so dont worry about it. Any other issues, everything ok ?

 

[EmpressPhoenix]

Other than some life issues lol, which I do not think you can help with. And, even if you could, not was this forum is for. Things seem to be working fine. For now anyway. If I have anymore problems, I'll come back and post again.

Thanks for the reply and I appreciate it! Love this place and always trying to "advertise" it to people though..most people I know are like "oh..I don't know..I don't want to download all this stuff I am unsure of." which I understand, but I tell them, TRUST me..site's amazing.

 

[ken545]

Thanks for your praise of this site, been with them quite a few years and it one of the better malware removal forums.

You can take the tools we used to clean your computer along with there logs and just drag them to the trash.


We need to update your Java to keep you more secure

1. Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.
   
2. Go to the update Tab and update it
3. Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )
   
4. Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here






Malwarebytes is the free version and yours to keep

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[EmpressPhoenix]

Updated Java

One small issue, not sure you can help me since it's not malware related, I do not think.

Having problems staying logged into certain websites. They give the option of always staying logged in, and I did not have problems with these sites before.

Now? Everytime I leave I am logged out. The problem started the other day when I was on a forum I help moderate. It kept logging me out so, as a precaution I deleted cookies and everything (since that's affected that in the past..). It didn't help. And, after doing that, another website keeps logging me out as well. I updated Firefox thinking that could be the problem...and it didn't help.

Might you have any idea what could be causing this? I was thinking of downgrading Firefox to see if that helps, since I know someones updating has bugges and causes problems or at least has for me in the past (Firefox)

 

[ken545]

What browsers are you using that cause this ? IE, Firefox, both of them of just one ?


Open up Firefox and click on Tools/Options and go to the Privacy Tab and go to History and make sure Firefox will remember History is selected

 

[EmpressPhoenix]

I mostly use firefox. I deplore IE. I do have Opera and use it once in a great while.

The interesting thing is, as of last night, this happens on opera as well. Some websites keep the login info when I select "log me in each time I visit" or what not, and others don't. It's confusing and somewhat frustrating.

I checked that option in Firefox many times, and did again just in case. The option is set to remember history.

 

[ken545]

When you updated Firefox you should know have Version 22.0, you can find that by going to Help > About and if not update it again.

Then open Firefox and go to Help > Troubleshooting Info and click on Reset Firefox, this will set it back to factory defaults


Why dont you try downloading and installing Chrome, you dont have to make it your default but lets see if it happens there to.

https://www.google.com/intl/en/chrome/browser/

 

[EmpressPhoenix]

I am using google chrome right now, and it's doing the same thing

I am really..confused. What could be causing this?

 

[ken545]

I could be wrong but dont believe malware is causing this, but lets run this tool and check further



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.