Solved WIN xp bogs down; ok in safe mode

JAK · 2012/12/16

system log 4

Read File: File "C:\WINDOWS\Temp\ZLT01d46.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT020df.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT02cb2.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT03280.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT03973.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT039af.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT03d2a.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT05ebc.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT0694d.TMP" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Temp\ZLT0798a.TMP" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\ntuser.pol" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\wiaservc.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\office\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Owc\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\10.0.4504.0__31bf3856ad364e35\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Debug\UserMode\gptext.log" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\iefax.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\muweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\swflash.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\cons5cWebUpdate2dWin2k.ico0.ico" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.rtm.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet.mof.uninstall" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\caspol.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ieexec.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\l_except.nlp" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\XPThemes.manifest" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regasm.exe.config" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU1.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\SetupENU2.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\SmartNav.htm" is compressed (flags = 1)
Read File: File "C:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\data.tmp" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\hs.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\settings.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\users.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\toolbar.cfg" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\VTShared\UnicodeMgr.dll" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Silverlight\mssl.lck" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\Oberon Games\Paradise Quest\System.prefs" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\Oberon Games\Vesuvia\System.prefs" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\data.tmp" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\hs.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\settings.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TheLostIncaProphecy\users.dat" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\toolbar.cfg" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_encyc_search_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_shopping_search_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_SearchEngines_weather_icon_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___oryte_com_content_icons_clock_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___oryte_com_content_icons_fax_16_png.png" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_BankImages_RadioSkins_StarFleet_slider_bg_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___oryte_com_content_icons_unitconverter_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\CacheIcons\http___storage_conduit_com_36_239_CT2392836_Images_633629754211018750_gif.gif" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\Dialogs\settings.js" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1\Dialogs\version.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Local Settings\Application Data\VTShared\UnicodeMgr.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Desktop\Accessories\Accessibility\desktop.ini" is compressed (flags = 1)
Read File: File "C:\Documents and Settings\OWNER\Desktop\Accessories\Entertainment\desktop.ini" is compressed (flags = 1)
Done!
Scan finished
=======================================

JAK · 2012/12/16

mbam log

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

12/16/2012 1:59:28 PM
mbam-log-2012-12-16 (13-59-28).txt

Scan type: Quick Scan
Objects scanned: 94221
Time elapsed: 8 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2012/12/16

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

JAK · 2012/12/16

RKreport 1

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Scan -- Date : 12/16/2012 19:27:10

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\OWNER\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : Microsoft (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft Help\Microsoft\lgzlzgeta.dll ",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : Google (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Google\rkisymc.dll ",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : Microsoft (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft Help\Microsoft\lgzlzgeta.dll ",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : Google (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Google\rkisymc.dll ",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1547161642-839522115-1417001333-500_Classes[...]\Run : Microsoft (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft Help\Microsoft\lgzlzgeta.dll ",CreateInstance) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1547161642-839522115-1417001333-500_Classes[...]\Run : Google (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Google\rkisymc.dll ",DllRegisterServerW) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (C:\Documents and Settings\OWNER\Desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x80574B29 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xEE3DAC4C)
SSDT[128] : NtOpenThread @ 0x80590C64 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xEE3DAD3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400BB-23JHA1 +++++
--- User ---
[MBR] 947b8ee8752e8c15ae6cd98ee4328368
[BSP] a13f515b3a8843de90fe29fe2c7d6fa8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12162012_02d1927.txt >>
RKreport[1]_S_12162012_02d1927.txt

JAK · 2012/12/16

RKreport 2

RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : OWNER [Admin rights]
Mode : Remove -- Date : 12/16/2012 19:27:43

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DTUpdate.exe -- C:\Documents and Settings\OWNER\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : Microsoft (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft Help\Microsoft\lgzlzgeta.dll ",CreateInstance) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19_Classes[...]\Run : Google (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Google\rkisymc.dll ",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : Microsoft (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft Help\Microsoft\lgzlzgeta.dll ",CreateInstance) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20_Classes[...]\Run : Google (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Google\rkisymc.dll ",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1547161642-839522115-1417001333-500_Classes[...]\Run : Microsoft (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft Help\Microsoft\lgzlzgeta.dll ",CreateInstance) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1547161642-839522115-1417001333-500_Classes[...]\Run : Google (rundll32.exe "C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Google\rkisymc.dll ",DllRegisterServerW) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\RunOnce : Z1 (C:\Documents and Settings\OWNER\Desktop\mbar-1.01.0.1011\mbar\mbar.exe /cleanup /s) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[122] : NtOpenProcess @ 0x80574B29 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xEE3DAC4C)
SSDT[128] : NtOpenThread @ 0x80590C64 -> HOOKED (\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xEE3DAD3C)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400BB-23JHA1 +++++
--- User ---
[MBR] 947b8ee8752e8c15ae6cd98ee4328368
[BSP] a13f515b3a8843de90fe29fe2c7d6fa8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12162012_02d1927.txt >>
RKreport[1]_S_12162012_02d1927.txt ; RKreport[2]_D_12162012_02d1927.txt

broni · 2012/12/16

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

JAK · 2012/12/16

combofix log

ComboFix 12-12-17.01 - OWNER 12/16/2012 22:08:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.538 [GMT -6:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\7D48DC2D.TMP
c:\documents and settings\All Users\Application Data\TEMP\F662888F.TMP
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\update.exe
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\bootstrap.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\chrome.manifest
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\defaults\preferences\prefs.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\harness-options.json
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\icon.png
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\icon64.png
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\install.rdf
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\locale\en-GB.json
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\locale\eo.json
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\locale\fr-FR.json
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\locales.json
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\page-mod.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\request.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\addon-kit\lib\windows.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\data\content-proxy.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-content-symbiont.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-message-manager.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\data\test-trusted-document.html
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\data\worker.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\api-utils.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\base.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\byte-streams.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\channel.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\collection.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\loader.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\symbiont.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\content\worker.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cortex.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\cuddlefish.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\dom\events.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\environment.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\errors.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\core.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\event\target.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\events\assembler.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\file.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\functional.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\globals!.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\hidden-frame.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\light-traits.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\list.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\match-pattern.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\memory.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\message-manager.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\namespace.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\observer-service.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\plain-text-console.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\preferences-service.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\process.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\querystring.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\runtime.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\sandbox.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\self!.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\system.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\events.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\observer.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\tab.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\tabs\utils.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\text-streams.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\timer.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traceback.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\traits\core.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\unload.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\url.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\data.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\object.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\registry.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\utils\thumbnail.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\uuid.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window-utils.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\window\utils.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\dom.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\loader.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\observer.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\windows\tabs.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xhr.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xpcom.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\api-utils\lib\xul-app.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js
c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\dealcabby@jetpack\resources\dealcabby\lib\main.js.old
c:\documents and settings\OWNER\Application Data\PriceGong
c:\documents and settings\OWNER\Application Data\PriceGong\Data\1.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\a.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\b.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\c.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\d.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\e.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\f.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\g.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\h.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\i.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\J.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\k.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\l.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\m.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\n.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\o.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\p.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\q.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\r.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\s.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\t.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\u.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\v.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\w.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\x.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\y.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\z.xml
c:\documents and settings\OWNER\Local Settings\Application Data\dealcabby
c:\documents and settings\OWNER\Local Settings\Application Data\dealcabby\license.txt
c:\documents and settings\OWNER\Local Settings\Application Data\dealcabby\sqlite3.exe
c:\documents and settings\OWNER\Local Settings\Application Data\dealcabby\uninst.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 00:40 . 2012-12-17 00:40 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-16 23:33 . 2012-12-16 23:33 -------- dc----w- C:\TDSSKiller_Quarantine
2012-12-16 19:21 . 2008-04-14 06:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-12-16 19:21 . 2008-04-14 06:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-12-11 23:27 . 2012-12-11 23:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Grey Alien Games
2012-12-04 10:49 . 2012-12-04 10:49 -------- d-----w- c:\program files\Microsoft
2012-11-30 03:25 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-30 03:25 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-30 03:25 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-30 03:25 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-30 03:25 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-30 03:25 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-30 03:25 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-30 03:25 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-30 03:24 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-30 03:24 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-27 21:59 . 2012-11-27 21:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-23 17:09 . 2012-12-17 04:17 -------- d-----w- c:\documents and settings\OWNER\Application Data\DefaultTab
2012-11-23 17:08 . 2012-11-23 17:08 -------- d-----w- c:\program files\Freeze.com
2012-11-23 17:08 . 2012-12-01 12:01 -------- d-----w- c:\program files\Yontoo
2012-11-23 17:08 . 2012-11-23 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-11-23 17:08 . 2012-11-23 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-11-23 17:08 . 2012-12-02 23:08 -------- d-----w- c:\documents and settings\OWNER\Application Data\Yahoo!
2012-11-23 17:07 . 2012-11-23 17:08 -------- d-----w- c:\program files\Yahoo!
2012-11-23 16:52 . 2012-11-23 16:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\DriverCure
2012-11-23 16:52 . 2012-11-23 16:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\PC Utility Kit
2012-11-23 16:52 . 2012-12-02 23:00 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Utility Kit
2012-11-22 18:12 . 2012-11-30 03:24 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-11-22 18:12 . 2012-11-30 03:24 -------- d-----w- c:\program files\AVAST Software
2012-11-17 12:23 . 2012-11-17 12:23 -------- d-----w- c:\documents and settings\OWNER\Application Data\My Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 21:49 . 2012-03-29 20:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:49 . 2011-05-19 21:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
1999-10-31 03:54 . 2009-04-03 23:42 561152 -c--a-w- c:\program files\Convert.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-14 . 1FE91344A9D38D3E3E713F0521B05955 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f} "= "c:\program files\TranslatorBar_1\prxtbTra2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2011-05-09 09:49 176936 ----a-w- c:\program files\TranslatorBar_1\prxtbTra2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f} "= "c:\program files\TranslatorBar_1\prxtbTra2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} "= "c:\program files\TranslatorBar_1\prxtbTra2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2 "= "shell32" [X]
"nltide_3 "= "advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoSMHelp "= 1 (0x1)
"StartMenuLogoff "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 21:11 342312 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 20:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-05 21:14 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-11-22 18:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\iWin Games\\iWinGames.exe "=
"c:\\Program Files\\iWin Games\\WebUpdater.exe "=
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/3/2009 9:05 PM 40464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/29/2012 9:25 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/29/2012 9:25 PM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/29/2012 9:25 PM 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 9:17 AM 176848]
S0 Lbd;Lbd; [x]
S1 SABKUTIL;SABKUTIL; [x]
S2 gupdate1c9cad0f3b9b694;Google Update Service (gupdate1c9cad0f3b9b694);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 8:49 PM 133104]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/16/2012 6:40 PM 35144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:49]
.
2012-12-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-30 23:50]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 02:49]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 02:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_4112_1&babsrc=KW_ss&mntrId=7818ce3400000000000000096b2ffbb7&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7818ce3400000000000000096b2ffbb7&q=
FF - user.js: extensions.BabylonToolbar.id - 7818ce3400000000000000096b2ffbb7
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15627
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.79:17
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110803&tt=031012_IKAN_4112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - 9377cdcc-0de9-40f9-8df5-ca2ace0b9809
FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline,YontooNewOffers
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
SafeBoot-13787102.sys
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-GamingWonderland Browser Plugin Loader - c:\progra~1\GAMING~2\bar\1.bin\gtbrmon.exe
MSConfigStartUp-GamingWonderland Search Scope Monitor - c:\progra~1\GAMING~2\bar\1.bin\gtsrchmn.exe
MSConfigStartUp-MapsGalaxy Search Scope Monitor - c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe
MSConfigStartUp-MapsGalaxy_39 Browser Plugin Loader - c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe
AddRemove-DealCabby - c:\documents and settings\OWNER\Local Settings\Application Data\dealcabby\uninst.exe
AddRemove-DefaultTab - c:\documents and settings\OWNER\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 22:20
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-839522115-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,41,b2,2c,fc,45,3c,4a,81,62,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,1f,3c,c4,0f,40,55,46,99,f4,b6,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,41,b2,2c,fc,45,3c,4a,81,62,a9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-12-16 22:25:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-17 04:25
.
Pre-Run: 13,041,901,568 bytes free
Post-Run: 13,997,662,208 bytes free
.
- - End Of File - - CC88381C6E0E738533FAD183CC2B2F5B

broni · 2012/12/16

Looks good but...

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
Click to expand...

Re-run Combofix, allow Recovery Console installation and post new log.

JAK · 2012/12/16

I gave permission to add rec con but it said it couldn't and asked to go on with scan anyway; which I did. Re-running now..... apparently it just dl it from microsoft.

JAK · 2012/12/16

2nd combofix log

ComboFix 12-12-17.01 - OWNER 12/16/2012 23:08:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.651 [GMT -6:00]
Running from: c:\documents and settings\OWNER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\OWNER\Application Data\PriceGong
c:\documents and settings\OWNER\Application Data\PriceGong\Data\1.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\a.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\b.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\c.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\d.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\e.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\f.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\g.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\h.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\i.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\j.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\k.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\l.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\m.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\n.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\o.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\p.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\q.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\r.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\s.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\t.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\u.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\v.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\w.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\x.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\y.xml
c:\documents and settings\OWNER\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-11-17 to 2012-12-17 )))))))))))))))))))))))))))))))
.
.
2012-12-17 00:40 . 2012-12-17 00:40 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-12-16 23:33 . 2012-12-16 23:33 -------- dc----w- C:\TDSSKiller_Quarantine
2012-12-16 19:21 . 2008-04-14 06:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-12-16 19:21 . 2008-04-14 06:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-12-11 23:27 . 2012-12-11 23:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Grey Alien Games
2012-12-04 10:49 . 2012-12-04 10:49 -------- d-----w- c:\program files\Microsoft
2012-11-30 03:25 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-30 03:25 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-30 03:25 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-30 03:25 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-30 03:25 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-30 03:25 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-30 03:25 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-30 03:25 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-30 03:24 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-30 03:24 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-27 21:59 . 2012-11-27 21:59 -------- d-----w- c:\windows\system32\wbem\Repository
2012-11-23 17:09 . 2012-12-17 04:17 -------- d-----w- c:\documents and settings\OWNER\Application Data\DefaultTab
2012-11-23 17:08 . 2012-11-23 17:08 -------- d-----w- c:\program files\Freeze.com
2012-11-23 17:08 . 2012-12-01 12:01 -------- d-----w- c:\program files\Yontoo
2012-11-23 17:08 . 2012-11-23 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-11-23 17:08 . 2012-11-23 17:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2012-11-23 17:08 . 2012-12-02 23:08 -------- d-----w- c:\documents and settings\OWNER\Application Data\Yahoo!
2012-11-23 17:07 . 2012-11-23 17:08 -------- d-----w- c:\program files\Yahoo!
2012-11-23 16:52 . 2012-11-23 16:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\DriverCure
2012-11-23 16:52 . 2012-11-23 16:52 -------- d-----w- c:\documents and settings\OWNER\Application Data\PC Utility Kit
2012-11-23 16:52 . 2012-12-02 23:00 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Utility Kit
2012-11-22 18:12 . 2012-11-30 03:24 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-11-22 18:12 . 2012-11-30 03:24 -------- d-----w- c:\program files\AVAST Software
2012-11-17 12:23 . 2012-11-17 12:23 -------- d-----w- c:\documents and settings\OWNER\Application Data\My Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 21:49 . 2012-03-29 20:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 21:49 . 2011-05-19 21:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
1999-10-31 03:54 . 2009-04-03 23:42 561152 -c--a-w- c:\program files\Convert.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-14 . 1FE91344A9D38D3E3E713F0521B05955 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f} "= "c:\program files\TranslatorBar_1\prxtbTra2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2011-05-09 09:49 176936 ----a-w- c:\program files\TranslatorBar_1\prxtbTra2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f} "= "c:\program files\TranslatorBar_1\prxtbTra2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F} "= "c:\program files\TranslatorBar_1\prxtbTra2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2 "= "shell32" [X]
"nltide_3 "= "advpack.dll" [2009-03-08 128512]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)
"NoSMMyPictures "= 1 (0x1)
"NoSMHelp "= 1 (0x1)
"StartMenuLogoff "= 1 (0x1)
"NoSMConfigurePrograms "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 21:11 342312 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2009-09-10 20:53 1312080 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-05 21:14 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-11-22 18:15 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\iWin Games\\iWinGames.exe "=
"c:\\Program Files\\iWin Games\\WebUpdater.exe "=
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [4/3/2009 9:05 PM 40464]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/29/2012 9:25 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/29/2012 9:25 PM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 12:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 11:48 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/29/2012 9:25 PM 21256]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 9:17 AM 176848]
S0 Lbd;Lbd; [x]
S1 SABKUTIL;SABKUTIL; [x]
S2 gupdate1c9cad0f3b9b694;Google Update Service (gupdate1c9cad0f3b9b694);c:\program files\Google\Update\GoogleUpdate.exe [5/1/2009 8:49 PM 133104]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [12/16/2012 6:40 PM 35144]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 21:49]
.
2012-12-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-30 23:50]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 02:49]
.
2012-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-02 02:49]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_4112_1&babsrc=KW_ss&mntrId=7818ce3400000000000000096b2ffbb7&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=7818ce3400000000000000096b2ffbb7&q=
FF - user.js: extensions.BabylonToolbar.id - 7818ce3400000000000000096b2ffbb7
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15627
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.0.7
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.0.7
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.0.79:17
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110803&tt=031012_IKAN_4112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - 9377cdcc-0de9-40f9-8df5-ca2ace0b9809
FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline,YontooNewOffers
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-16 23:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1547161642-839522115-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,41,b2,2c,fc,45,3c,4a,81,62,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,75,1f,3c,c4,0f,40,55,46,99,f4,b6,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d2,41,b2,2c,fc,45,3c,4a,81,62,a9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker5 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2012-12-16 23:17:13
ComboFix-quarantined-files.txt 2012-12-17 05:17
ComboFix2.txt 2012-12-17 04:25
.
Pre-Run: 13,930,389,504 bytes free
Post-Run: 14,003,273,728 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - BE7A54BD3BAB2B338D5CA39CE0C82DE9

JAK · 2012/12/17

Everything seems to be operating normally.

broni · 2012/12/17

Very good

How is computer doing?

==========================

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

===================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

JAK · 2012/12/17

adwcleaner log

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 20:40:04
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OWNER - S50
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OWNER\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\ConduitCommon
Deleted on reboot : C:\Documents and Settings\OWNER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
File Deleted : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\iWin
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\CT1166249
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\{8e41e543-e069-4197-8608-e8b4c2f75747}
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\wecarereminder@bryan
Folder Deleted : C:\Documents and Settings\OWNER\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\OWNER\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\OWNER\Local Settings\Application Data\TranslatorBar_1
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\GamingWonderland
Folder Deleted : C:\Program Files\TranslatorBar_1
Folder Deleted : C:\Program Files\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0A75B66-3014-41DB-9EA6-24C937E24212}
Key Deleted : HKCU\Software\TranslatorBar_1
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0A75B66-3014-41DB-9EA6-24C937E24212}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E381C331-A053-462B-AA34-E22E6C21AA2B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1166249
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2392836
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3AC4AAFA-89FD-4005-AB52-6545F79DA6B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEAB2D38-EED5-46C2-A06B-50CF3BB43768}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TranslatorBar_1 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E0A75B66-3014-41DB-9EA6-24C937E24212}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TranslatorBar_1 Toolbar
Key Deleted : HKLM\Software\TranslatorBar_1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\prefs.js

C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\user.js ... Deleted !

Deleted : user_pref( "browser.search.defaultenginename ", "Search the web (Babylon) ");
Deleted : user_pref( "browser.search.order.1 ", "Search the web (Babylon) ");
Deleted : user_pref( "extensions.BabylonToolbar.admin ", false);
Deleted : user_pref( "extensions.BabylonToolbar.aflt ", "babsst ");
Deleted : user_pref( "extensions.BabylonToolbar.appId ", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB} ");
Deleted : user_pref( "extensions.BabylonToolbar.autoRvrt ", "false ");
Deleted : user_pref( "extensions.BabylonToolbar.dfltLng ", "en ");
Deleted : user_pref( "extensions.BabylonToolbar.excTlbr ", false);
Deleted : user_pref( "extensions.BabylonToolbar.id ", "7818ce3400000000000000096b2ffbb7 ");
Deleted : user_pref( "extensions.BabylonToolbar.instlDay ", "15627 ");
Deleted : user_pref( "extensions.BabylonToolbar.instlRef ", "sst ");
Deleted : user_pref( "extensions.BabylonToolbar.prdct ", "BabylonToolbar ");
Deleted : user_pref( "extensions.BabylonToolbar.prtnrId ", "babylon ");
Deleted : user_pref( "extensions.BabylonToolbar.tlbrId ", "tb9 ");
Deleted : user_pref( "extensions.BabylonToolbar.tlbrSrchUrl ", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref( "extensions.BabylonToolbar.vrsn ", "1.8.0.7 ");
Deleted : user_pref( "extensions.BabylonToolbar.vrsni ", "1.8.0.7 ");
Deleted : user_pref( "extensions.BabylonToolbar_i.babExt ", " ");
Deleted : user_pref( "extensions.BabylonToolbar_i.babTrack ", "affID=110803&tt=031012_IKAN_4112_1 ");
Deleted : user_pref( "extensions.BabylonToolbar_i.newTab ", false);
Deleted : user_pref( "extensions.BabylonToolbar_i.smplGrp ", "none ");
Deleted : user_pref( "extensions.BabylonToolbar_i.srcExt ", "ss ");
Deleted : user_pref( "extensions.BabylonToolbar_i.vrsnTs ", "1.8.0.79:17:31 ");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\OWNER\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_4112_1&babsrc=HP_ss&mntrId[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_411[...]
Deleted [l.245] : homepage = "hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_4112_1&babsrc=HP_ss&mntrId=78[...]
Deleted [l.512] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=110803&tt=031012_IKAN_4112_1[...]

*************************

AdwCleaner[S1].txt - [11418 octets] - [17/12/2012 20:40:04]

########## EOF - C:\AdwCleaner[S1].txt - [11479 octets] ##########

JAK · 2012/12/17

OTL log

OTL logfile created on: 12/17/2012 8:47:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 612.23 Mb Available Physical Memory | 60.32% Memory free
3.88 Gb Paging File | 3.64 Gb Available in Paging File | 93.85% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.04 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

Computer Name: S50 | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/17 20:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\My Documents\Downloads\OTL.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/07 14:07:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/08 09:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2008/12/05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/22 14:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/17 13:15:49 | 002,040,320 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12121702\algo.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/12/11 15:49:26 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/07 14:07:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/08 09:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2008/12/05 15:11:54 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/22 14:12:34 | 001,333,016 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/16 18:40:18 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/08/04 14:08:34 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/04 14:08:34 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2008/06/07 13:53:04 | 000,130,688 | ---- | M] (Paragon Software Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008/06/07 13:53:04 | 000,033,072 | ---- | M] (Paragon Software Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2008/06/07 13:53:02 | 000,040,464 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z7xdm035YYus&ptnrS=Z7xdm035YYus&ptb=841F3606-89C4-4804-B3D5-D07D92AD50F9&psa=&ind=2012042213&st=sb&n=77ed53e5&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{BA935423-E985-434E-B821-9B9B08993A8B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F0 3F 98 63 DC CD 01 [binary data]
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z7xdm035YYus&ptnrS=Z7xdm035YYus&ptb=841F3606-89C4-4804-B3D5-D07D92AD50F9&psa=&ind=2012042213&st=sb&n=77ed53e5&searchfor={searchTerms}
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\..\SearchScopes\{B35AC358-B8D1-41FD-980A-30D61554411D}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121147,19622,0,8,6477
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\..\SearchScopes\{BA935423-E985-434E-B821-9B9B08993A8B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SAVJ_enUS511
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: " "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/ "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1474
FF - prefs.js..extensions.enabledItems: wecarereminder@bryan:4.0.11.11
FF - prefs.js..extensions.enabledItems: gtffxtbr@GamingWonderland.com:1.9.0.30361
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: 39ffxtbr@MapsGalaxy_39.com:1.44.0.37081
FF - prefs.js..extensions.enabledItems: {8e41e543-e069-4197-8608-e8b4c2f75747}:3.13.0.6
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\Documents and Settings\All Users\Application Data\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2011/04/14 19:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gtffxtbr@GamingWonderland.com: C:\Program Files\GamingWonderland\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/11/30 17:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/29 21:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/17 08:44:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/17 08:44:53 | 000,000,000 | ---D | M]

[2009/04/03 20:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2012/12/17 20:40:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions
[2012/07/12 14:41:19 | 000,000,000 | ---D | M] (MapsGalaxy) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\39ffxtbr@MapsGalaxy_39.com
[2012/04/22 11:39:06 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\gtffxtbr@GamingWonderland.com
[2007/07/27 06:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\hhkgkteukz@hhkgkteukz.org.xpi
[2012/12/17 17:14:23 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/12/17 08:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/03/30 16:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2009/03/03 09:51:42 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: DealCabby = C:\Documents and Settings\OWNER\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lenicmgjbmpgagkhghjmkikfoljdcbhi\4.0_0\

O1 HOSTS File: ([2012/12/16 23:14:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238635888656 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238715092234 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44989D3C-CD8C-4F65-B35C-1082BBDBB7FE}: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/17 20:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diskeeper Corporation
[2012/12/17 20:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2012/12/17 20:40:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\OWNER\Recent
[2012/12/17 16:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2012/12/17 11:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/17 08:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/12/17 08:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/16 23:24:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/16 23:05:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/16 22:04:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/12/16 22:04:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/12/16 22:04:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012/12/16 22:04:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/12/16 22:02:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/16 22:02:02 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/12/16 22:01:14 | 005,011,996 | R--- | C] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2012/12/16 18:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\mbar-1.01.0.1011
[2012/12/16 17:33:21 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/16 16:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\virus helps
[2012/12/04 04:49:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2012/12/04 04:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/12/02 12:22:06 | 002,002,944 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\OWNER\Desktop\HousecallLauncher.exe
[2012/12/02 12:05:39 | 002,406,064 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\OWNER\My Documents\HousecallLauncher64.exe
[2012/11/29 21:25:28 | 000,361,032 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys
[2012/11/29 21:25:28 | 000,021,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys
[2012/11/29 21:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/11/29 21:25:25 | 000,054,232 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys
[2012/11/29 21:25:25 | 000,035,928 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys
[2012/11/29 21:25:24 | 000,738,504 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys
[2012/11/29 21:25:24 | 000,097,608 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswmon2.sys
[2012/11/29 21:25:24 | 000,089,752 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswmon.sys
[2012/11/29 21:25:22 | 000,025,256 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aavmker4.sys
[2012/11/29 21:24:35 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/11/29 21:24:34 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\System32\aswBoot.exe
[2012/11/25 15:17:37 | 000,000,000 | -HSD | C] -- C:\windows\CSC
[2012/11/23 11:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HiJackThis
[2012/11/23 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
[2012/11/23 11:08:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\NetAssistant
[2012/11/23 11:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2012/11/23 11:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/11/23 11:08:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Yahoo!
[2012/11/23 11:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/11/23 10:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\DriverCure
[2012/11/23 10:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\PC Utility Kit
[2012/11/23 10:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/11/22 12:23:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Google
[2012/11/22 12:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/22 12:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/03 17:42:27 | 000,561,152 | ---- | C] (Joshua F. Madison) -- C:\Program Files\Convert.exe
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/17 20:46:15 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/12/17 20:42:04 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/17 20:42:04 | 000,000,314 | -H-- | M] () -- C:\windows\tasks\avast! Emergency Update.job
[2012/12/17 20:41:56 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/17 20:31:53 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/17 09:16:16 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Mozilla Firefox.lnk
[2012/12/17 08:45:02 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\OWNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/17 03:18:29 | 000,293,272 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/17 03:02:08 | 000,001,393 | ---- | M] () -- C:\windows\imsins.BAK
[2012/12/16 23:14:52 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/12/16 22:01:35 | 005,011,996 | R--- | M] (Swearware) -- C:\Documents and Settings\OWNER\Desktop\ComboFix.exe
[2012/12/16 18:40:18 | 000,035,144 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012/12/16 17:34:56 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/12/16 16:45:31 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\MBR.dat
[2012/12/09 18:14:07 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2012/12/02 15:22:40 | 000,217,951 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
[2012/12/02 15:22:39 | 000,179,552 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
[2012/12/02 12:22:23 | 002,002,944 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\OWNER\Desktop\HousecallLauncher.exe
[2012/12/02 12:05:42 | 002,406,064 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\OWNER\My Documents\HousecallLauncher64.exe
[2012/11/29 21:25:28 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/29 21:25:24 | 000,002,625 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2012/11/22 11:22:59 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\housecall.guid.cache
[4 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/17 09:16:16 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Mozilla Firefox.lnk
[2012/12/17 08:45:02 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/16 22:04:30 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/12/16 22:04:30 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/12/16 22:04:30 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/12/16 22:04:30 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/12/16 22:04:30 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/12/16 18:40:18 | 000,035,144 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2012/12/16 16:45:31 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\MBR.dat
[2012/11/29 21:25:28 | 000,001,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/29 21:25:24 | 000,000,314 | -H-- | C] () -- C:\windows\tasks\avast! Emergency Update.job
[2012/11/25 16:00:28 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2012/11/22 11:45:36 | 000,217,951 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
[2012/11/22 11:45:24 | 000,179,552 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
[2012/11/22 11:22:59 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\housecall.guid.cache
[2012/10/14 08:17:57 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\store-pp.jbs
[2012/09/13 15:34:25 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/09/12 20:04:07 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012/02/16 15:01:54 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012/01/19 16:12:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\{152A5584-AF87-4D40-800F-C31CA2C156E5}
[2011/09/25 15:45:22 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2009/04/20 10:09:58 | 000,000,420 | RHS- | C] () -- C:\Documents and Settings\OWNER\ntuser.pol
[2009/04/01 20:38:02 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\OWNER\NTUSER.bak

========== ZeroAccess Check ==========

[2009/04/01 20:49:49 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 04:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/17 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2012/12/17 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/12/17 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2011/09/03 13:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/12/17 20:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2012/12/17 16:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/04/26 14:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/04/26 14:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009/11/08 13:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/09/25 21:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2012/12/02 17:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2011/01/15 09:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2011/10/03 16:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2009/10/20 16:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Product
[2009/10/20 16:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickClick
[2012/06/16 10:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\rokapublish
[2010/03/07 13:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio
[2012/06/16 11:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Runes of Avalon 2
[2011/09/25 18:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecretsOfOlympus
[2012/12/17 16:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/27 18:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2010/04/27 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UClick
[2012/07/22 09:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/05/01 20:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/04/03 20:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/25 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/29 18:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\7Wonders
[2012/08/26 06:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ActionWorks
[2009/08/29 19:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Ancient Quest of Saqqarah__iwin
[2009/11/15 15:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Angkor
[2011/11/24 06:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Awem
[2010/07/04 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Babylonia
[2010/04/30 16:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Beep Industries
[2010/03/07 13:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Boomzap
[2012/08/25 12:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Camel101
[2011/02/24 16:52:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\CannyGames
[2012/11/23 10:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\DriverCure
[2009/11/13 22:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\EnchantedCavern
[2012/07/17 17:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\EnchantedCavern2
[2009/04/26 19:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Eyeblaster
[2009/10/05 20:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FairyTale
[2012/11/03 15:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FixCleaner
[2009/07/12 15:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\FlowPlay
[2011/06/16 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Friday's games
[2009/10/25 18:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Goodsol
[2011/10/12 16:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\GreenSauceGames
[2011/06/05 15:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\iMaxGen
[2012/10/22 19:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\JaiboGames
[2009/07/19 07:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\JewelMatch2
[2011/12/14 16:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Kutawaves Games
[2009/09/19 05:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LTOA
[2009/11/01 12:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Magic Match
[2012/11/19 17:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\MumboJumbo
[2012/11/17 06:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\My Games
[2012/11/23 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\PC Utility Kit
[2012/01/08 06:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Playboom Entertainment
[2011/01/15 09:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\PlayFirst
[2009/07/24 11:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Purple Patch Games
[2011/07/16 11:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\ReelDealSlotQuest_TheMuseumEscape
[2012/08/04 15:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\rokapublish
[2012/10/06 11:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Rumbic Studio
[2009/08/01 20:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Sahmon Games
[2011/08/04 14:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Sammsoft
[2012/02/03 08:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\SpinTop Games
[2009/10/24 17:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\SulusGames
[2012/11/22 12:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\System
[2009/10/18 18:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\TimeQuest
[2010/04/27 19:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\UClick
[2012/10/06 04:57:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\unikgame
[2009/06/06 16:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\URSE Games
[2011/05/27 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\VTExtra
[2012/04/08 19:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\WiiSports101in1
[2012/07/22 09:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\WildTangent
[2011/09/25 15:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\www.playpublic.com

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP6255023

< End of report >

JAK · 2012/12/17

Extras log

OTL Extras logfile created on: 12/17/2012 8:47:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\OWNER\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.98 Mb Total Physical Memory | 612.23 Mb Available Physical Memory | 60.32% Memory free
3.88 Gb Paging File | 3.64 Gb Available in Paging File | 93.85% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 13.04 Gb Free Space | 35.00% Space Free | Partition Type: NTFS

Computer Name: S50 | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero Burning ROM Help
"{09041881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Student with Encarta Premium 2009
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1E61E6E5-33BD-4E0D-B82C-48B974E30961}_is1" = HiJackThis version 2.0.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Drive Backup™ 9 Professional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{593D4F8A-5F11-4901-A74A-6E7971E45790}" = Diskeeper 2009 Pro Premier
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine
"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper
"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = CWA Reminder by We-Care.com v4.0.19.3
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{C82185E8-C27B-4EF4-2009-4444BC2C2B6D}" = Microsoft Streets & Trips 2009
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f2f51b61-c420-4098-b9ed-87ac6de3a7b3}" = Nero 9 Trial
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
"10talismans" = 10 Talismans
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"am-jewelofatlantis" = Jewel of Atlantis
"am-paradisequest" = Paradise Quest
"am-rainforestadventure" = Rainforest Adventure
"am-secretsofolympus" = Secrets of Olympus
"am-slotquestthemuseumescape" = Slot Quest - The Museum Escape
"Angkor" = Angkor (remove only)
"Around the World in 80 Days" = Around the World in 80 Days (remove only)
"avast" = avast! Free Antivirus
"BFG-7 Artifacts" = 7 Artifacts
"BFGC" = Big Fish Games: Game Manager
"BFG-Secrets of Olympus" = Secrets of Olympus
"BFG-Temple of Jewels" = Temple of Jewels
"Call of Atlantis" = Call of Atlantis (remove only)
"Clickotrickz_is1" = Clickotrickz
"Cradle of Egypt: Collector's Edition" = Cradle of Egypt: Collector's Edition (remove only)
"Cradle Of Persia" = Cradle Of Persia (remove only)
"Cradle Of Rome" = Cradle Of Rome (remove only)
"Cradle of Rome 2: Premium Edition" = Cradle of Rome 2: Premium Edition (remove only)
"Enchanted Cavern" = Enchanted Cavern (remove only)
"Enchanted Cavern 2" = Enchanted Cavern 2 (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fitz_is1" = Fitz
"GameHouse" = GameHouse
"GamingWonderlandbar Uninstall" = GamingWonderland Toolbar
"Heroes of Hellas" = Heroes of Hellas (remove only)
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"iWinArcade" = iWin Games (remove only)
"Jewel Quest" = Jewel Quest (remove only)
"Jewel Quest II" = Jewel Quest II (remove only)
"Jewel Quest III" = Jewel Quest III (remove only)
"Jewel Quest Mysteries: Curse of the Emerald Tear" = Jewel Quest Mysteries: Curse of the Emerald Tear (remove only)
"Jewel Quest Mysteries: The Oracle of Ur - Collector's Edition" = Jewel Quest Mysteries: The Oracle of Ur - Collector's Edition (remove only)
"Jewel Quest Mysteries: The Seventh Gate Collector's Edition" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition (remove only)
"Jewel Quest The Sleepless Star" = Jewel Quest The Sleepless Star (remove only)
"Jewel Quest: Heritage" = Jewel Quest: Heritage (remove only)
"Jewel Quest: The Sapphire Dragon -- Collector's Edition" = Jewel Quest: The Sapphire Dragon -- Collector's Edition (remove only)
"Lamp of Aladdin" = Lamp of Aladdin (remove only)
"Linez_is1" = Linez
"Linkz_is1" = Linkz
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapsGalaxy_39bar Uninstall" = MapsGalaxy Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystic Palace" = Mystic Palace
"Mystika" = Mystika
"NTREGOPT_is1" = NTREGOPT 1.1j
"OpenAL" = OpenAL
"PROSet" = Intel(R) Network Connections Drivers
"RealArcade" = RealArcade
"RegSupreme_is1" = RegSupreme
"Rise of Atlantis" = Rise of Atlantis (remove only)
"Season Match" = Season Match (remove only)
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"Tibet Quest" = Tibet Quest (remove only)
"Treasures of Montezuma 2" = Treasures of Montezuma 2 (remove only)
"Triadz_is1" = Triadz
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 0.9.8a
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Woodville Chronicles" = Woodville Chronicles
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-839522115-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant 3.8.3" = Freeze.com NetAssistant

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/9/2012 10:01:07 AM | Computer Name = S50 | Source = ESENT | ID = 455
Description = wuaueng.dll (3508) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/9/2012 12:20:54 PM | Computer Name = S50 | Source = ESENT | ID = 489
Description = wuauclt (3412) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/9/2012 12:20:54 PM | Computer Name = S50 | Source = ESENT | ID = 455
Description = wuaueng.dll (3412) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/9/2012 12:21:07 PM | Computer Name = S50 | Source = ESENT | ID = 489
Description = wuauclt (3412) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/9/2012 12:21:07 PM | Computer Name = S50 | Source = ESENT | ID = 455
Description = wuaueng.dll (3412) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 12/9/2012 2:06:38 PM | Computer Name = S50 | Source = ESENT | ID = 490
Description = wuauclt (2900) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 12/9/2012 2:06:52 PM | Computer Name = S50 | Source = ESENT | ID = 489
Description = wuauclt (2900) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log "
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 12/16/2012 7:32:45 PM | Computer Name = S50 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 12/16/2012 7:32:46 PM | Computer Name = S50 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 12/16/2012 7:35:43 PM | Computer Name = S50 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 12/16/2012 5:32:38 PM | Computer Name = S50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/16/2012 5:32:38 PM | Computer Name = S50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service BITS with arguments
" " in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 12/16/2012 5:32:38 PM | Computer Name = S50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 12/16/2012 6:06:40 PM | Computer Name = S50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2012 7:20:02 PM | Computer Name = S50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2012 7:20:37 PM | Computer Name = S50 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/16/2012 7:35:09 PM | Computer Name = S50 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file '06248820.sys' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 12/16/2012 8:32:13 PM | Computer Name = S50 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 12/17/2012 5:01:52 AM | Computer Name = S50 | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB2686509).

Error - 12/17/2012 11:45:16 AM | Computer Name = S50 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'System.dll' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

< End of report >

broni · 2012/12/17

You didn't say:

How is computer doing?
Click to expand...

=====================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}:  "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z7xdm035YYus&ptnrS=Z7xdm035YYus&ptb=841F3606-89C4-4804-B3D5-D07D92AD50F9&psa=&ind=2012042213&st=sb&n=77ed53e5&searchfor={searchTerms}
IE - HKU\S-1-5-21-1547161642-839522115-1417001333-500\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}:  "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z7xdm035YYus&ptnrS=Z7xdm035YYus&ptb=841F3606-89C4-4804-B3D5-D07D92AD50F9&psa=&ind=2012042213&st=sb&n=77ed53e5&searchfor={searchTerms}
[2007/07/27 06:00:00 | 000,004,816 | ---- | M] () (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\hhkgkteukz@hhkgkteukz.org.xpi
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6255023

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

JAK · 2012/12/17

Yes, I said everything seems to be running peachy right now. Amazing difference.

broni · 2012/12/17

Cool
Go on...

JAK · 2012/12/17

OTL log

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ not found.
Registry key HKEY_USERS\S-1-5-21-1547161642-839522115-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}\ not found.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\ibiewnsb.default\extensions\hhkgkteukz@hhkgkteukz.org.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP6255023 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 660 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1212 bytes

User: OWNER
->Temp folder emptied: 8783621 bytes
->Temporary Internet Files folder emptied: 3872615 bytes
->Java cache emptied: 34471582 bytes
->FireFox cache emptied: 74163661 bytes
->Google Chrome cache emptied: 7824290 bytes
->Flash cache emptied: 138034 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45288 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 734 bytes

Total Files Cleaned = 126.00 mb

[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: OWNER
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: OWNER
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12172012_212754

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

JAK · 2012/12/17

checkup log
Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
RegSupreme
Java(TM) 6 Update 26
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````

Log in or Sign up

Solved WIN xp bogs down; ok in safe mode

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved WIN xp bogs down; ok in safe mode

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

broni Moderator Malware Analyst

JAK Well-Known Member Thread Starter

JAK Well-Known Member Thread Starter

Share This Page

Useful Searches