dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1875
share rss forum feed

vzDE

join:2006-11-23
Newark, DE

1 edit

[RESOLVED]Spamming issue - Logs Included

downloadallLogs.txt 71,804 bytes
My brother-in-law's desktop seems to be sending spam. I noticed his homepage was a crapware shopping web site which MBAM seems to have cleaned, not sure about the spam to people on his e-mail contacts list. I installed for my benefit (as I prefer it) Google Chrome, but only after all the cleaning was complete. One disturbing thing I noticed after I closed the browser for the last time...a dialog box popped up for only a few seconds. All I could make out was it seemed to be some kind of update for Wild Tangent, ugh!

Could not copy and paste, exceeds post size limit. Log attached.

Thanks for the help.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

Re: Spamming issue - Logs Included

Let's open that for easier analysis

Malwarebytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.31.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ron :: RON-PC [administrator]

5/31/2012 11:23:30 AM
mbam-log-2012-05-31 (11-23-30).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 401733
Time elapsed: 1 hour(s), 31 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 162
HKLM\SYSTEM\CurrentControlSet\Services\CouponAlert_2pService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\RadioRage_4jService (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b38049-323f-443d-9732-f454e5b15b72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{d7ce22af-ccb3-423f-84d5-4d77152181f3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{004EB151-885B-4A9E-A22D-CA98DD998D75} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponAlert_2pbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3a421c8f-e238-4aeb-8874-b8b5f2cc4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A421C8F-E238-4AEB-8874-B8B5F2CC4772} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{48909954-14fb-4971-a7b3-47e7af10b38a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{60e91567-ef8a-4520-bce2-83aba5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{60E91567-EF8A-4520-BCE2-83ABA5256799} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3c35ad63-af1d-4e21-b484-b6651a8efcf9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{5848763c-2668-44ca-adbe-2999a6ee2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{1f0a2185-da7e-4614-91c0-dd5f4a76cb1b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{16fe2505-f2a0-4782-b035-af0e5188c02c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{79583de9-d0c2-44ef-ae0d-cbfa16c2a785} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1116A14B-F6A3-4FD9-A00E-FF8CF270EE48} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16FE2505-F2A0-4782-B035-AF0E5188C02C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7717f4b3-397f-4ce5-9192-6effde3ac999} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{4d8eacbc-e293-4462-b91e-42ea5b54b743} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3276e8a8-a233-449b-a7eb-fcee21246018} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A0636D37-97D0-4DC4-95A6-93AABA07437F} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{cf9d6d4e-5496-438e-ba24-5a580a59f5a3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF9D6D4E-5496-438E-BA24-5A580A59F5A3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{def07acd-bcea-4269-933a-4087d20842bb} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{411b1946-3277-4a7f-9f60-745266360613} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ebaf2b4f-510a-47c7-86ba-e7d94d1162f6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{860AF5D1-0735-409D-8E5F-E3E99356D7E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{84576f6e-0660-4b4f-8918-bc6c975044d4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{60fc9013-4a5a-4306-9695-fce0a6617f22} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{D244EAC5-A0F5-4859-A1F8-18ABC0AC3A00} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{86d02bcf-0e0e-444f-8a8d-2d5c4a9e6578} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2d205adf-c992-4eda-99c3-096e13f38ab4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{20bcce5a-c687-46ff-8dd2-ad8235f5f2b4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{041278C7-DF92-486D-AE85-921BDFC75A43} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{0bdf6c42-132c-45f5-92de-dc13f40c6dab} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a4116f8c-a634-4536-b9ef-6b9ebcc5bae1} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{65D8E17B-312E-4E12-913B-A841A8631143} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0BDF6C42-132C-45F5-92DE-DC13F40C6DAB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{95B3F577-D54A-4831-B2B4-8AACEEDA85CF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{457a4cb8-0391-409d-98b4-c4ccb2849670} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7924fd2b-877c-4395-a063-a88ab887ea6d} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{36A7148B-639E-423C-90BB-30B6E1A40BD7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{c2df3856-676c-41dc-a73b-facbdf8e81e9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8542e415-0e53-4261-8be4-0d1598229d90} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{56965DCF-718F-4148-BECF-5A2B466F4556} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C2DF3856-676C-41DC-A73B-FACBDF8E81E9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ebbc4e43-292a-40df-88e3-3262b7521460} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8867ac9b-4426-44a2-a693-c95850d3405c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{53ca18e7-5223-4358-9fd9-97c62c66c5bd} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{61DAB0AD-AD23-4E40-84AC-7C6CE64D4EB3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8867AC9B-4426-44A2-A693-C95850D3405C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{23b0ae65-17d2-4491-98e5-b1aa6228dda2} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{f69fe1be-09c3-460c-ac89-8ccd9d3df1cc} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ecef0d95-32fa-48d3-8a2d-d6453b5b7361} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4a50e810-71eb-43a8-a665-19ed8ccd1630} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3C8E293A-99C8-45E1-93A3-77DAB6BB7928} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6562e272-88e1-4dff-8ff8-fe1a05323d36} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{d0e90465-cf35-480d-b520-e1e3bde802f5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6D32BB6F-7969-48BF-836A-C14CDFC72D72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{7e7abf2a-8c44-4562-895d-dbca3cddd1a9} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{e23760be-23a3-4cef-9304-66af079f53db} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{597494da-c59f-4edf-b2d1-ce137e2db9e4} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{516434A0-985D-4312-843C-C92B3E19FC2D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{68122f44-3a4a-4edb-b28f-0c0e07f89bd0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4dd9eb5d-8657-4856-a804-535841b09d73} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{A93A372A-0AD5-4939-A228-7F4152124EA6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{d740ad89-baf4-47d5-9b5e-343d30f07a7a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0978c5fa-83c0-4118-a54f-99dacceecb8c} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{2FDB59A0-4024-4CED-94CF-B01E217DE4E5} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{434fa5e9-253e-4bd0-adb6-7ce4cea114ca} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9e18e695-c9af-4369-8cc3-93141c2928af} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{057DDEC7-1C8A-4C24-A896-92485CC45459} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{00a2b7c6-7487-4b99-9f6c-1fdf57fe130b} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{11d4b723-18ca-48c6-ba13-965488f19a70} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{53855564-cf81-410c-9c1c-321c7e067816} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1fdad7f1-b87c-4e79-9150-de235ff80b3a} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{30AE6757-B1D4-4CD5-8FEC-A9B6A545EF64} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{53855564-CF81-410C-9C1C-321C7E067816} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{60b34f47-3fdd-46f8-ab6c-aaabea55c3d6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{569a9014-22e3-4f11-a243-ca4e3d95aded} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{38C1B7DA-9876-4DEA-B740-19C4F57CE8E8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{ca41198f-c3c5-47d8-99e1-1ab199e81723} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\RadioRage_4j.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncher (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncher.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncherSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CouponAlert_2p.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@CouponAlert_2p.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: CÃb4¾CA¯pÎûVôoÆ -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3462C343-BE19-4143-AF70-CEFB56F46FC6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{7b9f8c21-46ec-4c0b-8683-e755ef84577a} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3462c343-be19-4143-af70-cefb56f46fc6} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
HKCU\Environment|EVAPP (Rogue.Antivir2010) -> Data: C:\Program Files\AV -> Quarantined and deleted successfully.
HKCU\Environment|EVUNINST (Rogue.Antivir2010) -> Data: C:\Program Files\Common Files\Uninstall\AV\Uninstall.lnk -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|2pffxtbr@CouponAlert_2p.com (PUP.MyWebSearch) -> Data: C:\Program Files\CouponAlert_2p\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 13
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Installr\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponAlert_2p\bar (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponAlert_2p\bar\1.bin (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponAlert_2p\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\ThirdPartyInstallers (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\gen1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\IE9Mesg (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Message (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 80
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\RadioRage_4j\bar\1.bin\4jbarsvc.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jSrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2phighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2phkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2phtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2phtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2phttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2preghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2ptpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2puabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jmlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jauxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jbrmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jbrstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jdatact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jdlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jdyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jfeedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jhighin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jhkstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jhtml.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jhtmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jhttpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jidle.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jieovr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jimpipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jmedint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jmsg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jPlugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jradio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jregfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jreghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jregiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jscript.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jskin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jskplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jSrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4jtpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\4juabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\RadioRage_4j\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Ron\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\00C33890.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Ron\AppData\LocalLow\RadioRage_4jEI\Installr\Cache\0C9C56E7.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\2psknlcr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\installKeys.js (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\T8RES.DLL (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\1.bin\chrome\2pffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\gen1\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\IE9Mesg\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Message\COMMON.T8S (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\CouponAlert_2p\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL

OTL logfile created on: 5/31/2012 1:23:20 PM - Run 4
OTL by OldTimer - Version 3.2.44.0 Folder = J:\VirusFighters\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.58% Memory free
5.95 Gb Paging File | 4.99 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 191.43 Gb Free Space | 66.83% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.58 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive J: | 15.01 Gb Total Space | 12.84 Gb Free Space | 85.55% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/05/31 09:34:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- J:\VirusFighters\OTL\OTL.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012/05/04 18:56:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 14:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/20 22:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/20 22:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/09/27 02:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 06:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/10 08:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 08:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 07:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 08:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 12:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 12:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&ind=2012021914&ptnrS=ZXxdm039YYus&si=radiopi&n=77ed049a&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&si=radiopi
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&ind=2012021914&ptnrS=ZXxdm039YYus&si=radiopi&n=77ed049a&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=5A255C6001CABBF5016D549C&install_time=2010-03-04T23:49:35Z&src_id=11076&camp_id=-3&tb_version=2.5.9000.490
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/home/?search={searchTerms}&loc=search_box
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\firefox\ File not found
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin [2012/05/31 13:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/09 16:38:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/09 16:38:49 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/01/20 13:12:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ShopAtHome.com Toolbar) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files\ShopAtHome\tbcore3U.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (RadioRage) - {78BA36C9-6036-482B-B48D-ECCA6F964B84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8}: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\horizon.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\horizon.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/05/31 12:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/05/18 07:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/18 07:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/09 16:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012/05/09 16:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2012/05/09 16:35:41 | 000,716,288 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpwwiax9.dll
[2012/05/09 16:35:41 | 000,372,736 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hppldcoi.dll
[2012/05/09 16:35:40 | 000,315,392 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwvst01.dll
[2012/05/09 15:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012/05/09 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\HP
[2012/05/09 15:48:10 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Local\HP
[2012/05/09 15:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012/05/09 15:44:28 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Yahoo!
[2012/05/09 15:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/05/09 15:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2012/05/09 15:40:50 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2012/05/09 15:31:50 | 000,452,408 | ---- | C] (Hewlett-Packard) -- C:\Windows\System32\hpzids01.dll
[2012/05/09 15:31:46 | 000,122,880 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\System32\hpf3l092.dll
[2012/05/09 15:30:23 | 000,593,920 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\hpwtscl5.dll
[2012/05/09 15:30:23 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2012/05/09 03:11:33 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 03:11:33 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 03:11:32 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 03:11:32 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 03:11:32 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/09 03:11:25 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 03:11:24 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 03:11:24 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/05/31 13:26:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/31 13:22:19 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/31 13:22:19 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/31 13:20:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/31 13:15:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 13:15:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/31 13:15:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/31 13:15:48 | 3085,373,440 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/31 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/31 11:20:21 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/30 21:05:52 | 000,000,398 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Ron.job
[2012/05/18 07:50:37 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/11 13:01:04 | 001,935,239 | ---- | M] () -- C:\Users\Ron\Desktop\Madelaine Hassell 5.10.12.JPG
[2012/05/11 07:44:04 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/05/11 07:44:04 | 000,001,854 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/05/10 03:29:20 | 000,326,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 17:32:00 | 000,207,281 | ---- | M] () -- C:\Windows\hpwins28.dat
[2012/05/09 16:37:48 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/05/09 15:48:06 | 000,207,523 | ---- | M] () -- C:\Windows\hpwins28.dat.temp
[2012/05/04 18:56:14 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/04 18:56:14 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/05/31 11:20:21 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/18 07:50:37 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/11 13:01:04 | 001,935,239 | ---- | C] () -- C:\Users\Ron\Desktop\Madelaine Hassell 5.10.12.JPG
[2012/05/09 16:38:10 | 000,000,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/05/09 16:37:48 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/05/09 16:32:05 | 000,207,281 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/05/09 15:55:03 | 000,207,523 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/05/09 15:55:03 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/01/26 12:46:51 | 000,000,288 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\.backup.dm

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/14 17:08:40 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\BSD
[2011/01/15 12:34:59 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\DriverCure
[2011/02/19 23:23:52 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\funkitron
[2011/02/20 20:39:52 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\iWin
[2009/03/10 11:25:25 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\PictureMover
[2011/04/16 11:50:31 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\Sling Media
[2011/03/01 12:42:59 | 000,000,000 | ---D | M] -- C:\Users\Ron\AppData\Roaming\StreamTorrent
[2012/05/31 13:14:38 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

No OTL extras

Security Check

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 7
[color=red]Java version out of date![/color]
Adobe Reader 9 [color=red]Adobe Reader out of date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
SecurityCheck SecurityCheck.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0 %
[u]````````````````````End of Log``````````````````````[/u]

ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0ab92e4290d4ef41a5ff1a6e04d3cf2b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 07:01:10
# local_time=2012-05-31 03:01:10 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 74463101 74463101 0 0
# compatibility_mode=5892 16776638 100 100 73696214 175094907 0 0
# compatibility_mode=8192 67108863 100 0 74466539 74466539 0 0
# scanned=188267
# found=3
# cleaned=3
# scan_time=3490
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll Win32/Toolbar.MyWebSearch.Q application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE

I see MBAM did its usual excellent job. Yuk, what a mess.

I want to check for rootkits before we go any further. It's more of an exploratory run rather than looking for anything specific.

Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found.

You find link(s) and instructions here:
»Security Cleanup FAQ »Rootkit Detection Applications
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


vzDE

join:2006-11-23
Newark, DE

1 edit

Thanks for the help. Went over to the in-law's house today, disabled Avast and Windows Defender and ran Sophos as admin with internet unplugged.
Only one file popped up in the upper panel but it wasn't readily identified and no deletion was recommended. Thus, no reboot occured automatically but I did reboot manually before copying the Sophos log.

Sophos log

Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc
Started logging on 6/5/2012 at 10:39:08 AM
User "Ron" on computer "RON-PC"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QWS2XLTM\r3ap1n.ver.5.app.3ie33cpgj6dhi.ver.46.app.62dhh6thj8cb3.ver.31.app.66c9i6pj32d33.ver.17.app.68ohh6com6c1h.ver.8.app.6ae32cgp68pb6.ver.19.app.6cdj26sq3cdb6.ver[1].8
Info: Starting disk scan of D: (NTFS).
Info: Starting disk scan of J: (FAT).
Stopped logging on 6/5/2012 at 11:22:33 AM

My brother-in-law states PC seems to be running much better since my running the pre-required tests recommended at start of forum. No further instances of spam being sent.

Will await your reply and once again thanks.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE

There are still some items that need removing but I want to know if there is an Add/Remove Programs entry for them.

I need the OTL Extras log to check for the uninstallers. It's only produced on the first run, but we can force it.

Start OTL, in the Extra Registry section, select 'Use Safelist', the run the scan.

Post both the new OTL log and the Extras log in this thread (attach as needed)
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum


vzDE

join:2006-11-23
Newark, DE

downloadOTL.Txt 82,632 bytesdownloadExtras.Txt 52,610 bytes
Thanks for waiting, just got back to the in-law's house. Due to file size otl.txt and extras.txt are attached.


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL logfile created on: 6/14/2012 11:56:06 AM - Run 7
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Ron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 53.90% Memory free
5.96 Gb Paging File | 4.74 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 194.93 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.58 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive J: | 15.01 Gb Total Space | 12.84 Gb Free Space | 85.51% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/05/31 09:34:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
PRC - [2011/11/28 14:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/31 18:19:32 | 004,050,944 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll
MOD - [2012/05/31 18:19:32 | 000,100,864 | ---- | M] () -- C:\Users\Ron\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2012/05/04 18:56:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/11/28 14:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/18 14:38:43 | 000,129,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/01/20 22:25:11 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008/01/20 22:24:20 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\AFE2.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011/11/28 13:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 13:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 13:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 13:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 13:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 13:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/11 00:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2008/09/27 02:51:00 | 007,478,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/09/26 06:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/09/10 08:48:20 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/09/10 08:46:22 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/09/04 07:34:34 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/08/01 08:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/07/21 12:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/07/21 12:12:22 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 05:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/20 22:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/20 22:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/20 22:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/20 22:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/20 22:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/20 22:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/20 22:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/20 22:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/20 22:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/20 22:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/20 22:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/20 22:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/20 22:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/20 22:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/20 22:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/20 22:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2006/11/02 05:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 04:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 04:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006/11/02 04:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 04:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&ind=2012021914&ptnrS=ZXxdm039YYus&si=radiopi&n=77ed049a&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZXxdm039YYus&ptb=24DEA250-F94D-4F89-85CF-084826AC4C2C&ind=2012021914&ptnrS=ZXxdm039YYus&si=radiopi&n=77ed049a&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{256DBC0A-6867-4511-B430-96D26BA7A778}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=5A255C6001CABBF5016D549C&install_time=2010-03-04T23:49:35Z&src_id=11076&camp_id=-3&tb_version=2.5.9000.490
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKCU\..\SearchScopes\{AA2BE316-DC4D-4562-BB53-A9DCF6897679}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/home/?search={searchTerms}&loc=search_box
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\firefox\ File not found
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ron\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin [2012/05/31 13:15:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/09 16:38:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/09 16:38:49 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ron\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/01/20 13:12:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (RadioRage) - {78BA36C9-6036-482B-B48D-ECCA6F964B84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0674107A-2CD4-4F44-868E-9E5F828F0DC8}: DhcpNameServer = 192.168.1.1 71.242.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\horizon.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\horizon.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/06/14 10:56:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2012/06/13 03:01:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 03:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 03:01:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/13 03:01:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 03:01:13 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/13 03:01:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 03:01:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/12 22:54:23 | 002,045,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/05 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/06/05 10:38:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/31 15:13:55 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/31 15:08:57 | 000,000,000 | ---D | C] -- C:\Users\Ron\AppData\Roaming\QuickScan
[2012/05/31 12:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/05/18 07:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/18 07:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/06/14 11:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/14 11:28:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 11:28:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 11:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/14 11:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000UA.job
[2012/06/14 10:36:02 | 000,604,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/14 10:36:01 | 000,103,968 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/13 20:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/13 15:18:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000Core.job
[2012/06/13 03:28:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/13 03:27:57 | 000,326,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 03:26:03 | 3085,414,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 19:04:52 | 002,640,568 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0168.JPG
[2012/06/11 21:21:25 | 000,002,034 | ---- | M] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2012/06/11 21:21:25 | 000,001,996 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/09 12:11:38 | 002,702,844 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0164.JPG
[2012/06/09 11:32:42 | 002,510,414 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0156.JPG
[2012/06/09 10:56:44 | 002,491,171 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0149.JPG
[2012/06/09 10:52:28 | 001,934,715 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0145.JPG
[2012/06/09 10:52:08 | 002,073,360 | ---- | M] () -- C:\Users\Ron\Desktop\IMG_0144.JPG
[2012/05/31 15:24:31 | 000,002,034 | ---- | M] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/05/31 09:34:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ron\Desktop\OTL.exe
[2012/05/17 18:45:37 | 001,800,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/17 18:31:16 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/05/17 18:24:45 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/15 15:51:08 | 002,045,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/06/12 21:24:55 | 002,640,568 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0168.JPG
[2012/06/10 20:19:22 | 001,934,715 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0145.JPG
[2012/06/10 20:17:28 | 002,510,414 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0156.JPG
[2012/06/10 20:15:54 | 002,491,171 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0149.JPG
[2012/06/10 20:14:34 | 002,702,844 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0164.JPG
[2012/06/10 20:11:00 | 002,073,360 | ---- | C] () -- C:\Users\Ron\Desktop\IMG_0144.JPG
[2012/05/31 15:24:31 | 000,002,034 | ---- | C] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/05/31 15:13:57 | 000,002,034 | ---- | C] () -- C:\Users\Ron\Desktop\Google Chrome.lnk
[2012/05/31 15:13:57 | 000,001,996 | ---- | C] () -- C:\Users\Ron\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/31 15:13:24 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000UA.job
[2012/05/31 15:13:23 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-758517520-4224873453-800305309-1000Core.job
[2012/05/09 16:32:05 | 000,207,281 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012/05/09 15:55:03 | 000,207,523 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/05/09 15:55:03 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/01/26 12:46:51 | 000,000,288 | ---- | C] () -- C:\Users\Ron\AppData\Roaming\.backup.dm

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Premium,Mod
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

OTL Extras logfile created on: 6/14/2012 11:56:06 AM - Run 7
OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\Ron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 53.90% Memory free
5.96 Gb Paging File | 4.74 Gb Available in Paging File | 79.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.43 Gb Total Space | 194.93 Gb Free Space | 68.05% Space Free | Partition Type: NTFS
Drive D: | 11.66 Gb Total Space | 1.58 Gb Free Space | 13.51% Space Free | Partition Type: NTFS
Drive J: | 15.01 Gb Total Space | 12.84 Gb Free Space | 85.51% Space Free | Partition Type: FAT32

Computer Name: RON-PC | User Name: Ron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-758517520-4224873453-800305309-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-758517520-4224873453-800305309-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009BAC30-DED2-47E0-A1FD-D5FFDD4BC0A4}" = rport=139 | protocol=6 | dir=out | app=system |
"{12BC1C90-92BC-4FBE-A3E8-BDACB7720922}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1D03213B-E8DA-4966-9601-FFB28E4C6134}" = lport=445 | protocol=6 | dir=in | app=system |
"{20F9E85A-D479-4771-A377-1C2600C0A7C5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23717150-DB57-4E5A-9264-661CC674D4EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{2FA104BF-686C-42BB-A96E-1EB368BE163A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3176F239-F6C1-4526-8E65-CEB4150BE83D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{334E105B-5F7E-43DE-813B-85F6DF781D96}" = lport=2869 | protocol=6 | dir=in | app=system |
"{40562FDA-C22F-42B0-8350-2033EB444F71}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41991003-9551-4CF4-AC47-62F196709FE6}" = rport=445 | protocol=6 | dir=out | app=system |
"{5DE73741-5AE7-4C3B-8559-7CA2B7A6E681}" = lport=10243 | protocol=6 | dir=in | app=system |
"{674CE4E8-D77A-4141-A77D-C15003C7D6FD}" = lport=137 | protocol=17 | dir=in | app=system |
"{67F28240-C59B-45F4-ABE2-E0536918523C}" = rport=137 | protocol=17 | dir=out | app=system |
"{7800D0FF-147C-4A74-878D-5776DEA423AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{84FBE3E1-3AA3-4C42-A660-D96C6EEB63D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{914FF7BA-1AB0-4A8D-A3A5-DE21D0325C6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7157FCF-FC5C-4C52-BCEB-2CE7DB5F28C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C8390940-0A3C-4346-B03D-1452087767F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1883401-D35D-4DDF-8A3C-1588A2F1625C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E47FB57B-EADB-4208-9DF6-9125AB62F1F6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B2C171-DFE1-4149-A219-F3D954C8413C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{09115D7D-93B9-45C7-B3A3-4C061EB3DF38}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{14A1C168-D169-4E3E-9939-45BF058048E1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{16295E9A-10FD-44A0-A305-77B68836F304}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{1855F1AD-A3E2-493D-8B4B-A3AD7214942A}" = dir=in | app=e:\setup\hpznui01.exe |
"{187C8F01-8CC7-445D-8CF4-3EBF853777A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{1AF35E71-7A1D-47ED-B4B6-460CEF55A015}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{23A5EE76-A761-4C46-B7B2-9D5C5308D19F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{2E04A711-6400-4852-A9A6-EF334E9D5A83}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{3A6EDA17-6893-41CC-BC2E-519145F48B7B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{3ACDC5F9-444C-42CB-841D-56395D59A419}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3C8BFCC2-1720-4A8F-A9CA-B3063DBE95FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3ED01A3F-7DAA-4BA2-B9A9-3C8F4314B558}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{4C7CE8BA-787D-4A55-8BC6-F9EEA9A0FA75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50381C56-3C26-4DE6-B5E9-2AD213D208A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{536FF840-4829-4DFE-8BCF-B59569857E28}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{5526BB26-B29E-4012-9FB1-6FF7F3CEAAF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57003204-5661-4A44-86BC-D82B784CB343}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{57F41B62-C301-4A56-834B-41DE02A74945}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DEFBEC8-250F-459D-8F09-57748C541C60}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{5E32E0A0-E8CF-405D-9D67-66122ECA3607}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{5E6E4FC4-64FF-4761-AFFB-1448093B08DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{60C44C34-05B8-4720-9DAA-C699D2584AEE}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{68DE31BA-8AB7-493A-806A-2DC46FC04D7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A31F05F-4F4F-4E6E-819A-362C3716679D}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6DDAB1AF-DAD1-4442-BFFB-BD77930482A4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6E457987-3D3C-4651-BAD4-88ED98E99C56}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{70601D97-D0F8-4371-9261-49D20066F3D7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{75C4DF0A-863F-4B6C-835E-0567D0E949C3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7682CC10-F410-4A12-A27D-8E4A5C3CC390}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D89D8CA-7F5C-4106-A98D-A08BE42114E2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7D9C1CE4-9741-4790-B99A-88B8053472F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FB5C4B4-3DDD-4301-B6E1-9D4A3BFC7A9D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{820F5079-39A4-4743-80FF-4C4963E6D19F}" = protocol=6 | dir=out | app=system |
"{83728A66-CE6A-400B-AEFF-B2F717C6CAEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87DACD06-5F67-4878-A3BE-703FFE2FED87}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{896C66E8-1205-48BD-8B96-0DF63D971F0C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8C4B5994-824D-438A-821F-FADC61F1841A}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{A2120952-E198-451B-B3E4-83CE239808EE}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A77DF239-FCB2-4747-824F-C0C65F26846F}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{A89355CA-092A-40E7-BF13-14030092BEF9}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{ADC7EBF4-9567-4C50-BFE2-6A57FC71ED24}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AEAC3628-FF8C-4895-ABA9-582E825148EE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{AF0B70C6-77B5-4927-B0E9-DC3242DF4C29}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B8523CDC-0B05-40AB-ABAF-83F6498BFEF3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{CA9CC10D-8953-4E5B-90FE-AD26BB8761BE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D210531B-7FF1-4FD2-A537-E33040717145}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D545FF71-560A-4E7E-BBA7-A85E5354E059}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D58968CA-279B-4792-BC30-E497960C4849}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9B1730D-B92F-4426-A016-676A07AB942F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DF13D418-B70B-4098-BD3B-822C6C737280}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0EB8AA7-DF40-4EE4-AB3C-44E5E5B5DD68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC995787-7E55-4D53-A97A-B2A6C9578E4A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{FD0C3760-113D-4A18-9B86-74EA012D0856}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"TCP Query User{15FD9A94-0B4B-4FBD-840A-97681AABE978}C:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe" = protocol=6 | dir=in | app=c:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe |
"TCP Query User{1729F97C-EA1A-4AD2-97E3-15D451381CB9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{AC0BC883-581F-4353-969F-D151A07FFC20}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E4297AB1-CB67-4E44-A056-B4051CE57CBE}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{9E3F47C9-41EF-4759-8CA2-CFDFFCB7F409}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{DCC47CF1-ED33-4BCA-BD3E-60221086FA99}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F9B8B3CC-2436-48C6-9E97-CE8D4261E924}C:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe" = protocol=17 | dir=in | app=c:\program files\wildgames\bicycle texas hold em\bicyclepoker.exe |
"UDP Query User{FCD6E6F1-7653-427B-85CE-C44F72231574}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13BBBB38-22D8-4BF1-80CA-7D54152C2980}" = WebSlingPlayer ActiveX
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{19506BDB-4EA7-491F-E8AB-E97109FDB296}" = muvee Reveal
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{38058455-8C21-4C2F-B2F6-14ED166039CB}" = HP Total Care Setup
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{49EB3B4F-E42C-4F0A-8C28-4205F891DF85}" = TouchCopy 09
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4FAB5122-775E-4418-B8D9-E2873BC93570}" = Microsoft Live Search Toolbar
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5BD0CB24-11AF-4BA8-A198-38D25257C656}" = LightScribe Template Labeler
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6423EF83-6E1D-4D22-A36F-689CD19FD4D2}" = Juno Preloader
"{64B9E2F5-558E-4C56-B419-A1679518F6E7}" = HP Customer Experience Enhancements
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A2016015-8323-4AF8-8B3E-F56239D7D59D}" = HP Demo
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{7395D650-AE5D-4D68-B8FE-D3FA6B51467F}" = Driver Detective
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"PC-Doctor for Windows" = Hardware Diagnostic Tools
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"StreamTorrent 1.0" = StreamTorrent 1.0
"TTB000001.TTB000001Toolbar" = CouponBar
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"WTA-91ea5710-b151-4306-9838-73b5b330b7cd" = Bicycle Texas Hold 'em

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/28/2012 10:33:16 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:16 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:16 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:53 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:54 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 10:33:55 AM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/28/2012 7:54:34 PM | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 11:16:38 AM | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 1:17:29 PM | Computer Name = Ron-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 3:24:41 PM | Computer Name = Ron-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 5/31/2012 1:17:29 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/5/2012 11:38:29 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/5/2012 11:38:29 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/5/2012 11:38:29 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/9/2012 7:36:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 7:36:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/9/2012 7:36:57 PM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 6/13/2012 3:29:04 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2012 3:29:04 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/13/2012 3:29:04 AM | Computer Name = Ron-PC | Source = Service Control Manager | ID = 7026
Description =

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE

Thanks, No malware showing in the logs. THere are a few items to cleanup, but that's it.

First:
Use Add/Remove Programs to uninstall Shop at Home. The entry in appears as "SelectRebatesUninstall" or ShopAtHome.com Toolbar

* Adware and Privacy Concerns

Second:
Wild Tangent comes pre-installed on a lot of computer for the games. While there are mild adware and privacy concerns, it's not great enough, at this time, to recommend removal. I'll leave that up to you.

If you elect to remove, there is a master removal entry in Add/Remove Programs. Use that first, then check to see that any others have been removed.

Third:
Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
IE - HKLM\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = »search.mywebsearch.com/mywebsear···chTerms}
IE - HKCU\..\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}: "URL" = »search.mywebsearch.com/mywebsear···chTerms}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = »search.alot.com/web?q={searchTer···9000.490
O3 - HKLM\..\Toolbar: (RadioRage) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (RadioRage) - {78BA36C9-6036-482B-B48D-ECCA6F964B84} - C:\Program Files\RadioRage_4j\bar\1.bin\4jbar.dll File not found
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\firefox\ File not found
FF - HKLM\Software\MozillaPlugins\@RadioRage_4j.com/Plugin: C:\Program Files\RadioRage_4j\bar\1.bin\NP4jStub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin [2012/05/31 13:15:37 | 000,000,000 | ---D | M]
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

vzDE

join:2006-11-23
Newark, DE

Ran OTL again, here's the log.
No jog file after reboot.
Thanks for all the help.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{78ba36c9-6036-482b-b48d-ecca6f964b84} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78ba36c9-6036-482b-b48d-ecca6f964b84}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{78BA36C9-6036-482B-B48D-ECCA6F964B84} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@RadioRage_4j.com/Plugin\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4jffxtbr@RadioRage_4j.com: C:\Program Files\RadioRage_4j\bar\1.bin not found.
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
File C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kate
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ron
->Temp folder emptied: 1843350 bytes
->Temporary Internet Files folder emptied: 519555388 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 65569398 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 11156 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24351231 bytes
RecycleBin emptied: 493 bytes

Total Files Cleaned = 583.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kate
->Flash cache emptied: 0 bytes

User: Public

User: Ron
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.44.0 log created on 06142012_164305

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE

Thanks,

Let's cleanup, then see how his computer is running.

Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

vzDE

join:2006-11-23
Newark, DE

Thanks for all the help, computer seems to be running fine.