Startsear.ch

johnbaptist · 21-09-2011 8:08pm

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
File C:\Users\gateway\AppData\Roaming\Mozilla\Firefox\Profiles\p2x24zno.default\searchplugins\startsear.xml not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll not found.
File C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gateway
->Temp folder emptied: 264752 bytes
->Temporary Internet Files folder emptied: 33882 bytes
->FireFox cache emptied: 12900653 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 651 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: gateway
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

HOSTS file reset successfully
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\gateway\Downloads\cmd.bat deleted successfully.
C:\Users\gateway\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll not found.
File\Folder C:\Users\gateway\AppData\Roaming\Mozilla\Firefox\Profiles\p2x24zno.default\searchplugins\startsear.xml not found.

OTL by OldTimer - Version 3.2.29.1 log created on 09212011_210346

Files\Folders moved on Reboot...
C:\Users\gateway\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ASJ112 · 22-09-2011 4:53pm

any problems with the PC ?

johnbaptist · 22-09-2011 6:11pm

ASJ112 wrote: »

any problems with the PC ?

No, i cant tell that there are problems. I think everything is ok.

cyberbluz · 12-10-2011 12:00am

Hi I too have this problem. Would greatly appreciate your helpif you are able to assist. I have tried the methods you advised the other guys, but it did not seem to work. I have tried rebooting and reinstalling my browsers too. but everytime I do that, startsear.ch comes back again.

Many thanks

OTL logfile created on: 10/12/2011 6:55:26 AM - Run 7
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\user\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.14% Memory free
6.50 Gb Paging File | 5.26 Gb Available in Paging File | 80.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 10.36 Gb Free Space | 10.62% Space Free | Partition Type: NTFS
Drive

| 368.10 Gb Total Space | 224.22 Gb Free Space | 60.91% Space Free | Partition Type: NTFS

Computer Name: MANFRED | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 23:58:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2009/07/22 16:14:20 | 000,210,312 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
MOD - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/05/29 11:44:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/08 22:52:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/14 09:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/08 22:34:09 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/28 18:20:40 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2009/07/16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 06:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 06:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009/06/11 05:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Razerlow.sys -- (Razerlow)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/?rd=1
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 18 01 EB 3D 88 CC 01 [binary data]
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/15 20:12:28 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2011/10/12 02:38:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9FF7864-89FB-4FF5-AB9B-1EA0AC5A3B27}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E13E280F-D0E1-49CD-888E-2F3F0AE142AC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 02:55:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/12 02:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/12 02:51:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/10/12 02:10:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\user\Desktop\HijackThis.exe
[2011/10/12 01:46:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/12 01:46:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/12 01:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/10/12 00:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/12 00:03:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/11 23:50:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/11 23:50:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/11 23:50:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/11 23:50:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/11 23:48:23 | 004,253,749 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2011/10/11 23:07:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/10 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Opera
[2011/10/10 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Apple Computer
[2011/10/09 15:28:46 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

========== Files - Modified Within 30 Days ==========

[2011/10/12 06:57:14 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 06:57:14 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 06:54:21 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/12 06:54:21 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 06:51:37 | 000,001,746 | ---- | M] () -- C:\Windows\psnetwork.ini
[2011/10/12 06:50:05 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/12 06:50:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 06:49:58 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 02:55:53 | 000,002,310 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2011/10/12 02:51:10 | 000,001,226 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2011/10/12 02:38:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/12 02:23:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000UA.job
[2011/10/12 02:23:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000Core.job
[2011/10/12 02:10:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\user\Desktop\HijackThis.exe
[2011/10/12 01:19:08 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\n3eu6ooy.exe
[2011/10/12 01:16:26 | 000,869,194 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/10/12 01:06:44 | 004,253,749 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2011/10/12 01:00:11 | 000,001,411 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 11:12:05 | 134,352,362 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/03 23:21:13 | 000,169,979 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/09/15 20:12:28 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/10/12 02:55:53 | 000,002,310 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2011/10/12 02:51:10 | 000,001,226 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2011/10/12 02:18:50 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000UA.job
[2011/10/12 02:18:49 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000Core.job
[2011/10/12 01:18:53 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\n3eu6ooy.exe
[2011/10/12 01:15:54 | 000,869,194 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/10/12 01:00:11 | 000,001,417 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/12 01:00:11 | 000,001,411 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/11 23:50:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/11 23:50:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/11 23:50:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/11 23:50:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/11 23:50:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/10 09:29:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/14 20:52:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/04/11 14:35:05 | 000,000,033 | ---- | C] () -- C:\Windows\msgtn.ini
[2010/04/11 14:29:46 | 000,000,091 | ---- | C] () -- C:\Windows\PCDNSetting.ini
[2010/04/11 14:26:50 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/04/11 14:26:50 | 000,000,060 | ---- | C] () -- C:\Windows\MediaList.ini
[2010/04/11 14:18:50 | 000,001,746 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/04/11 14:18:50 | 000,000,901 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/03/13 18:29:26 | 000,000,824 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/03/08 19:46:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/08 19:46:41 | 000,023,049 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/10/16 15:45:18 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/10/16 15:40:26 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2009/10/16 15:40:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2009/07/16 11:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 002,404,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 20:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2010/11/28 11:22:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2010/04/07 21:46:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canon
[2010/03/08 22:55:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2011/09/19 00:07:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EndNote
[2010/03/08 21:16:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Foxit
[2010/05/16 02:16:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HDRsoft
[2011/10/10 18:23:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera
[2010/07/03 23:59:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PPStream
[2010/06/18 12:10:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Razer
[2011/02/03 11:16:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sports Interactive
[2011/10/10 22:10:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2011/07/29 23:12:56 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

ASJ112 · 12-10-2011 5:35pm

I see you have run combofix.exe before, can you post its log, it should be at C:\combofix.txt

then open OTL, paste this into the custom scan/fixes box

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O37 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c

click Run fix, post the log it gives you

also do you know what this file is

[2011/10/12 01:19:08 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\n3eu6ooy.exe

cyberbluz · 13-10-2011 12:08pm

[2011/10/12 01:19:08 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\n3eu6ooy.exe
this is GMER.exe

ComboFix 11-10-13.02 - user 3/2011 Thu 19:03:26.5.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.936.65.1033.18.3327.1879 [GMT 8:00]
执行位置: c:\users\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* 成功创造新还原点
.
.
((((((((((((((((((((((((( 2011-09-13 至 2011-10-13 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-10-13 11:06 . 2011-10-13 11:06

d

w- c:\users\Default\AppData\Local\temp
2011-10-12 15:54 . 2011-10-12 22:48

d

w- c:\programdata\Spybot - Search & Destroy
2011-10-12 15:54 . 2011-10-12 15:55

d

w- c:\program files\Spybot - Search & Destroy
2011-10-12 15:37 . 2011-10-12 15:37

d

w- c:\program files\TeamViewer
2011-10-11 18:51 . 2011-10-11 18:51

d

w- c:\program files\VS Revo Group
2011-10-11 17:27 . 2011-10-11 17:27

d

w- c:\program files\Common Files\Java
2011-10-11 16:12 . 2011-10-11 16:12

d

w- c:\users\user\AppData\Roaming\Malwarebytes
2011-10-11 16:12 . 2011-10-11 16:12

d

w- c:\programdata\Malwarebytes
2011-10-11 16:03 . 2011-10-11 16:03

d

w- C:\_OTL
2011-10-10 10:23 . 2011-10-10 10:23

d

w- c:\users\user\AppData\Roaming\Apple Computer
2011-10-09 07:28 . 2011-10-09 07:28

d--h--w- c:\windows\PIF
2011-10-09 07:27 . 2011-10-08 22:11 764275 --sha-w- c:\program files\Internet Explorer\iexplore_update.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-24 16:26 . 2011-05-17 02:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 00:11 2471240 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-09 2338656]
"Internet Explorer Update"="c:\program files\Internet Explorer\iexplore_update.exe" [2011-10-08 764275]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]
R3 GarenaPEngine;GarenaPEngine;c:\users\user\AppData\Local\Temp\GSO168C.tmp [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\Drivers\Razerlow.sys [2005-04-24 13225]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1343400]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-08 691696]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-01-06 248656]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-07 269520]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-09 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-09 21968]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-09-28 12032]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
‘计划任务’ 文件夹里的内容
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 18:18]
.
2011-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-11 18:18]
.
.

而外的扫描

.
uStart Page = hxxp://www.google.com.sg/
mStart Page = hxxp://startsear.ch/?aff=1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\GSO168C.tmp"
.

LOCKED REGISTRY KEYS

.
[HKEY_USERS\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\user\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"=""
"LastSaveGame"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2010\\games\\Spain Eng.fm"
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:0000006f
"UniqueID"="25-AC80-EF4F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]
@Allowed: (Read) (RestrictedCode)
"GameDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="d:\\Program Files\\Sports Interactive\\Football Manager 2011\\"
"ScreenshotsDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\user\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="d:\\Program Files\\Sports Interactive\\Football Manager 2011\\data\\updates\\update-1120\\db\\1120\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f10
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000080
"UniqueID"="25-AC80-EF4F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000003
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000000
"FilterByClubFeatureNum"=dword:00000000
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000003
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000001
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
.
[HKEY_USERS\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11g]
@Allowed: (Read) (RestrictedCode)
"PicturesNumber"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成时间: 2011-10-13 19:07:29
ComboFix-quarantined-files.txt 2011-10-13 11:07
ComboFix2.txt 2011-10-11 17:46
ComboFix3.txt 2011-10-11 17:11
ComboFix4.txt 2011-10-11 15:56
ComboFix5.txt 2011-10-13 11:02
.
Pre-Run: 9,369,100,288 bytes free
Post-Run: 9,065,828,352 bytes free
.
- - End Of File - - 4F82BBADCE02A85E67ACF5A5B04809FD

cyberbluz · 13-10-2011 12:15pm

Here's the log, i got another problem, the homepage just changed from startsear.ch to www.goong.info

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-4144607541-3359877724-1956228894-1000_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4144607541-3359877724-1956228894-1000_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 606636 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 8255800 bytes
->Flash cache emptied: 566 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Downloads\cmd.bat deleted successfully.
C:\Users\user\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 10132011_191040
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

cyberbluz · 13-10-2011 12:20pm

Here is my latest OTL log:

OTL logfile created on: 10/13/2011 7:16:41 PM - Run 8
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\user\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 61.89% Memory free
6.50 Gb Paging File | 5.10 Gb Available in Paging File | 78.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 8.51 Gb Free Space | 8.72% Space Free | Partition Type: NTFS
Drive

| 368.10 Gb Total Space | 159.58 Gb Free Space | 43.35% Space Free | Partition Type: NTFS

Computer Name: MANFRED | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/11 23:58:39 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2011/09/10 06:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/31 00:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
PRC - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe
PRC - [2009/07/22 16:14:20 | 000,210,312 | ---- | M] (PPStream Inc) -- C:\Program Files\PPStream\PPSAP.exe
PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 09:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/08/16 17:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files\Razer\Lachesis\OSD.exe
PRC - [2007/06/05 10:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Lachesis\razerofa.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/11/10 18:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razerhid.exe
MOD - [2009/11/04 16:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lachesis\razertra.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 00:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/18 01:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/05/29 11:44:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/08 22:52:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/14 09:16:19 | 000,348,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/08 22:34:09 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/09/28 18:20:40 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lachesis.sys -- (LachesisFltr)
DRV - [2009/07/16 11:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 06:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/07/14 06:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV - [2009/06/11 05:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2005/04/24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Razerlow.sys -- (Razerlow)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4F 18 01 EB 3D 88 CC 01 [binary data]
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/09/15 20:12:28 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/cse?cx=partner-pub-0236192664760821%3A4680426847&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.goong.info%2F
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Virtual\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2011/10/13 19:10:42 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe ()
O4 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000..\Run: [PPS Accelerator] C:\Program Files\PPStream\PPSAP.exe (PPStream Inc)
O4 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9FF7864-89FB-4FF5-AB9B-1EA0AC5A3B27}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E13E280F-D0E1-49CD-888E-2F3F0AE142AC}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/13 19:07:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/13 19:07:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/12 23:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/10/12 23:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/12 23:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/12 23:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/10/12 02:55:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/12 02:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/10/12 02:51:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/10/12 02:10:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\user\Desktop\HijackThis.exe
[2011/10/12 01:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/12 01:27:09 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/12 01:27:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/12 01:27:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/12 01:25:58 | 000,908,064 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\user\Desktop\JavaSetup6u27.exe
[2011/10/12 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2011/10/12 00:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/12 00:03:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/11 23:50:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/11 23:50:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/11 23:50:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/11 23:50:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/11 23:48:23 | 004,257,160 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2011/10/11 23:07:56 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/10 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Opera
[2011/10/10 18:23:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Apple Computer
[2011/10/09 15:28:46 | 000,000,000 | -H-D | C] -- C:\Windows\PIF

========== Files - Modified Within 30 Days ==========

[2011/10/13 19:15:56 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/13 19:15:56 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/13 19:13:39 | 000,001,746 | ---- | M] () -- C:\Windows\psnetwork.ini
[2011/10/13 19:11:39 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/10/13 19:11:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/13 19:11:32 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/13 19:10:42 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/13 19:02:19 | 004,257,160 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2011/10/13 18:23:10 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000UA.job
[2011/10/13 02:34:59 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000Core.job
[2011/10/12 23:54:21 | 000,001,244 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/12 23:54:21 | 000,001,220 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk
[2011/10/12 23:37:36 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/10/12 23:31:55 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 23:31:55 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 23:28:31 | 134,726,287 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/10/12 02:55:53 | 000,002,310 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2011/10/12 02:51:10 | 000,001,226 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2011/10/12 02:10:20 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\user\Desktop\HijackThis.exe
[2011/10/12 01:26:01 | 000,908,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\user\Desktop\JavaSetup6u27.exe
[2011/10/12 01:19:08 | 000,302,592 | ---- | M] () -- C:\Users\user\Desktop\n3eu6ooy.exe
[2011/10/12 01:16:26 | 000,869,194 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/10/12 01:00:11 | 000,001,411 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/03 23:21:13 | 000,169,979 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/09/25 00:26:56 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/15 20:12:28 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

========== Files Created - No Company Name ==========

[2011/10/12 23:54:21 | 000,001,244 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/10/12 23:54:21 | 000,001,220 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk
[2011/10/12 23:37:36 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/10/12 23:37:36 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/10/12 02:55:53 | 000,002,310 | ---- | C] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2011/10/12 02:51:10 | 000,001,226 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk
[2011/10/12 02:18:50 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000UA.job
[2011/10/12 02:18:49 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4144607541-3359877724-1956228894-1000Core.job
[2011/10/12 01:18:53 | 000,302,592 | ---- | C] () -- C:\Users\user\Desktop\n3eu6ooy.exe
[2011/10/12 01:15:54 | 000,869,194 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2011/10/12 01:00:11 | 000,001,417 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/12 01:00:11 | 000,001,411 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/11 23:50:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/11 23:50:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/11 23:50:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/11 23:50:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/11 23:50:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/10 09:29:13 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/04/14 20:52:06 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/04/11 14:35:05 | 000,000,033 | ---- | C] () -- C:\Windows\msgtn.ini
[2010/04/11 14:29:46 | 000,000,091 | ---- | C] () -- C:\Windows\PCDNSetting.ini
[2010/04/11 14:26:50 | 000,000,140 | ---- | C] () -- C:\Windows\powerlist.ini
[2010/04/11 14:26:50 | 000,000,060 | ---- | C] () -- C:\Windows\MediaList.ini
[2010/04/11 14:18:50 | 000,001,746 | ---- | C] () -- C:\Windows\psnetwork.ini
[2010/04/11 14:18:50 | 000,000,901 | ---- | C] () -- C:\Windows\powerplayer.ini
[2010/03/13 18:29:26 | 000,000,824 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/03/08 19:46:44 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010/03/08 19:46:41 | 000,023,049 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/10/16 15:45:18 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/10/16 15:40:26 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2009/10/16 15:40:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2009/07/16 11:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009/07/14 12:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 12:33:53 | 002,404,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 10:05:48 | 000,609,896 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 10:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 10:05:48 | 000,104,214 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 10:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 10:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 10:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 07:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 07:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/02 20:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
< End of report >

ASJ112 · 13-10-2011 9:50pm

open OTL, paste this in the custom scan/fixes box

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info
IE - HKU\S-1-5-21-4144607541-3359877724-1956228894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goong.info

click Run Fix

Re-open OTL, paste this in the custom scan/fixes box

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
clearallrestorepoints
%systemroot%\*. /mp /s
C:\*.*

click Quick Scan, post that log

cyberbluz · 14-10-2011 12:56am

Hi, thank you for your reply. The malware was troubling me and I decided to do a clean format of my computer. The problem is now resolved (hopefully). Thanks once again.

chitownbearcub · 26-10-2011 6:00am

I'm having this same problem too. I downloaded Hijackthis and when I first try to run that program it says "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijackthis may not be able to fix this...." I'm not too smart when it comes to this stuff, but really just want to fix it. Thank you for any help!! Also, how do I copy the log?

inspector1 · 29-10-2011 2:30pm

Same issue here due to VShare Plugin...uninstalled it before i visited this forum heres the OTL log:

OTL logfile created on: 10/29/2011 2:12:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ahsan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.78% Memory free
7.96 Gb Paging File | 6.16 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.52 Gb Total Space | 812.12 Gb Free Space | 88.22% Space Free | Partition Type: NTFS
Drive

| 10.89 Gb Total Space | 1.33 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Drive E: | 455.39 Gb Total Space | 271.45 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive F: | 10.37 Gb Total Space | 1.41 Gb Free Space | 13.63% Space Free | Partition Type: NTFS

Computer Name: AHSAN-HP | User Name: Ahsan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/29 14:11:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ahsan\Desktop\OTL.exe
PRC - [2011/10/18 15:57:20 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/09/29 08:09:46 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/01 09:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/10 16:49:07 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 08:09:46 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/17 06:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 10:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/11 08:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/01 09:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/01 08:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 08:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/09 13:14:27 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/27 06:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/01/27 03:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/28 20:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/05 05:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/10/19 12:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/11 09:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/12/11 07:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/11/18 11:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/10/15 15:05:38 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111028.034\EX64.SYS -- (NAVEX15)
DRV - [2011/10/15 15:05:38 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111028.034\ENG64.SYS -- (NAVENG)
DRV - [2011/10/15 00:10:08 | 001,155,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111014.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/10/09 14:53:45 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/09 14:53:45 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/07 15:04:12 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111028.030\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPDSK/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=c1e4b29d-0229-11e1-999b-2c27d7482ff2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/08/10 05:23:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/10 05:23:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/08/10 05:23:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/10/11 21:30:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_2_3 [2011/10/29 12:55:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/09 16:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/09 17:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/29 14:03:17 | 000,000,000 | ---D | M]

[2011/10/09 15:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ahsan\AppData\Roaming\Mozilla\Extensions
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Ahsan\AppData\Roaming\Mozilla\Firefox\Profiles\fqdcxjup.default\searchplugins\startsear.xml
[2011/10/09 15:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/29 12:55:05 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_2_3
[2011/10/11 21:30:10 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
[2011/09/29 08:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/09/29 02:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/29 02:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 02:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/09/29 02:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CBF1A7E-CA96-491C-B51B-F48BB23FB087}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/29 14:11:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ahsan\Desktop\OTL.exe
[2011/10/29 13:28:06 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{B3E7197C-A67B-4CAE-9B4B-777C8E8E9827}
[2011/10/29 13:27:56 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{CE7CB949-194B-4F1A-8A5F-997508D57BC5}
[2011/10/28 14:34:28 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{4285AAA9-1868-48A2-9B4A-4BD776F8FCD1}
[2011/10/28 14:34:18 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{02A8B35B-7DD3-4206-86B4-98D4CB63A096}
[2011/10/27 15:58:02 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{5D116592-8B51-4C2B-A42C-E2312C168303}
[2011/10/27 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{A1D01AB9-7589-41F2-B9CB-2BA25745D68C}
[2011/10/26 15:43:54 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{E886DA7B-A622-4129-BEA7-A996A1E341CD}
[2011/10/26 15:43:44 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{F89AA93C-9D5C-4D9C-A8A6-48989E3C8F84}
[2011/10/26 00:35:14 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{8E601BCD-F5E0-4273-BDBE-B16C9C45976E}
[2011/10/26 00:35:04 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{8875DA55-C5D0-4302-A3BD-A4A68DAE97C3}
[2011/10/25 12:34:50 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{01BE422D-A2A2-4AD4-AD03-54E100E18949}
[2011/10/25 12:34:38 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{8906C6C3-7B26-4747-8A27-7A7B5844F2A5}
[2011/10/24 14:04:14 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{A5A791DC-2EAD-43DE-878F-4116C77B7C12}
[2011/10/24 14:04:01 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{A72BBEE3-AA1E-4113-8A82-8E52FA83B25A}
[2011/10/23 12:39:48 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{2A3E77FE-0DF6-46C6-B2A1-99E2E4EF6869}
[2011/10/23 12:39:38 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{7CF48E5F-575C-45E2-8C1C-13224203F3F5}
[2011/10/22 23:27:20 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{2F1EA214-D41F-4889-A45C-80CC9825EC22}
[2011/10/22 23:27:10 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{ABCBD015-76EC-4896-85F6-E08063EC958E}
[2011/10/22 19:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
[2011/10/22 19:09:44 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\hpqLog
[2011/10/22 19:09:24 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\WinBatch
[2011/10/22 19:02:42 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\HP Support Assistant
[2011/10/22 11:26:45 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{E540B748-170E-47BF-95AD-AD069CA1E5F2}
[2011/10/22 11:26:34 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{4A0B2073-8CE6-4A51-85AF-DEDFA9F72EDC}
[2011/10/21 20:19:11 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{B2466A4C-3AD3-4AC6-92FB-E687F736D5B9}
[2011/10/21 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{18092E46-BAA4-4C77-B28C-8FECDDCD0325}
[2011/10/20 15:57:41 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\dBpoweramp
[2011/10/20 14:50:54 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\AccurateRip
[2011/10/20 14:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dBpoweramp Music Converter
[2011/10/20 14:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Illustrate
[2011/10/20 14:24:56 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{86864E6D-4A30-4786-BA88-BD492995164B}
[2011/10/20 14:24:46 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{97280DCE-C180-47AD-A5BD-EBF6E3231CBD}
[2011/10/19 16:11:17 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{6D53F4D2-61D6-4BC8-B370-61412CBAF076}
[2011/10/19 16:11:06 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{B1DAB9B3-7491-4B4D-B52B-410F76E310C3}
[2011/10/18 15:54:27 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{AD1FB6F2-F85C-4FC2-9A3F-28FE05C0089E}
[2011/10/18 15:54:17 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{DFBC4C41-1642-4C37-AB38-5B9D4A02EDDE}
[2011/10/17 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{1B05F15D-A1B7-4386-A58E-C3927C452492}
[2011/10/17 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{F6A88F5B-C0AC-48A2-9B2B-0E3062E293D3}
[2011/10/17 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{60E41669-18A2-45CF-9AF1-F629531D8F36}
[2011/10/15 15:01:28 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{ED71F584-1D80-4595-A754-309F5B84DC80}
[2011/10/15 15:01:18 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{62C6267A-7FA0-4B01-8C60-C7C0ECFEACC7}
[2011/10/14 22:45:12 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{88B93190-8AFC-4F40-A365-7DF52BB43716}
[2011/10/14 22:45:02 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{97034728-A4E7-46CF-84C7-CD7AE923312D}
[2011/10/13 17:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{110EDAA1-EAED-47BA-8948-51393E9A62FC}
[2011/10/13 17:55:12 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{72699284-344B-4376-A4C2-58B14D8DFACB}
[2011/10/13 02:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/10/13 00:46:14 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{33F0FF4B-D263-48FB-8DDE-618002BF4A44}
[2011/10/13 00:46:04 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{A2B2F1B2-76EE-4139-A3C5-53A1EBC64F70}
[2011/10/12 12:45:52 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{17ED0645-6FDB-410C-8B6C-23BAC648664A}
[2011/10/12 12:45:42 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{9DB20674-8F2F-4BDD-B6E4-AE6684E666B6}
[2011/10/11 21:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/11 21:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/11 21:18:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/11 21:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/11 21:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/11 21:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/11 21:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/10/11 21:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/10/11 21:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/10/11 21:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/11 20:59:58 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Microsoft Help
[2011/10/11 20:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/10/11 20:59:24 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/11 17:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/10/11 17:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/10/11 17:56:33 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/10/11 17:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/10/11 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{4ABEAA6C-A0D3-437E-B112-C5C11D166AAB}
[2011/10/11 14:55:48 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{D41DAB59-8E70-4E86-922E-B2BEC003B60F}
[2011/10/10 18:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\CrashDumps
[2011/10/10 16:48:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/10/10 16:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011/10/10 16:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/10 16:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/10 16:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2011/10/10 16:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/10/10 16:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/10/10 16:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/10/10 16:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/10/10 16:19:33 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Adobe
[2011/10/10 13:46:34 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{4A9923CF-6E79-45BA-B909-A04F9CBDCF08}
[2011/10/10 13:46:24 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{497F1F00-9227-4CA4-AA0B-3EE54C067424}
[2011/10/09 21:20:50 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\Documents\UNI WORK
[2011/10/09 21:20:49 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\Documents\OTHER FILES
[2011/10/09 17:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2011/10/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Apple Computer
[2011/10/09 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Apple Computer
[2011/10/09 17:15:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/10/09 17:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/09 17:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/10/09 17:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/10/09 17:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/10/09 17:14:25 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Apple
[2011/10/09 17:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/10/09 17:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/09 17:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/10/09 17:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/10/09 17:05:21 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2011/10/09 17:05:20 | 000,000,000 | ---D | C] -- C:\Windows\FLV Player
[2011/10/09 17:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLV Player
[2011/10/09 17:04:46 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\DDMSettings
[2011/10/09 16:46:14 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\DivX
[2011/10/09 16:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/10/09 16:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011/10/09 16:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/10/09 16:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/10/09 16:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011/10/09 16:42:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/10/09 16:40:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2011/10/09 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\uTorrent
[2011/10/09 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\uTorrent
[2011/10/09 16:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/10/09 16:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011/10/09 16:36:34 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/09 16:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/09 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winrar
[2011/10/09 16:34:50 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\WinRAR
[2011/10/09 16:23:06 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{66AFB2B5-9968-4C18-900E-FD01C157C206}
[2011/10/09 16:22:56 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{1C65D05A-2695-47A8-86AA-950F12AF73B5}
[2011/10/09 16:08:19 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/10/09 16:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/09 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Skype
[2011/10/09 16:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/09 15:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Veetle
[2011/10/09 15:45:27 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/10/09 15:32:53 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{2C7371F5-8DC8-4499-A4E8-15307E2027C4}
[2011/10/09 15:30:11 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Windows Live
[2011/10/09 15:29:53 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\{C4A835CE-FCB6-43EF-8F90-2462F0AA036F}
[2011/10/09 15:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2011/10/09 15:14:10 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2011/10/09 15:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2011/10/09 15:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/10/09 15:14:06 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Winamp
[2011/10/09 15:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011/10/09 15:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Mozilla
[2011/10/09 15:12:24 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Mozilla
[2011/10/09 15:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/10/09 15:02:12 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\FlashFXP
[2011/10/09 15:01:08 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/10/09 15:01:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
[2011/10/09 15:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Handbrake
[2011/10/09 14:59:06 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\Documents\Software
[2011/10/09 14:54:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/10/09 14:53:49 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\Documents\My Received Files
[2011/10/09 13:52:55 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\HpUpdate
[2011/10/09 13:51:32 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\Tracing
[2011/10/08 01:18:18 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\_MDLogs
[2011/10/08 00:50:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/10/08 00:50:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/10/07 23:35:18 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\ATI
[2011/10/07 23:35:18 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\ATI
[2011/10/07 23:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/07 23:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/10/07 23:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/10/07 23:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/10/07 23:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/10/07 23:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/10/07 23:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/10/07 22:28:13 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\hpremote
[2011/10/07 22:27:32 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Adobe
[2011/10/07 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\PDFC
[2011/10/07 22:26:49 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/07 22:26:49 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Searches
[2011/10/07 22:26:49 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/07 22:26:49 | 000,000,000 | -H-D | C] -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/10/07 22:26:43 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Identities
[2011/10/07 22:26:42 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Contacts
[2011/10/07 22:26:41 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\VirtualStore
[2011/10/07 22:26:32 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\RemEngine
[2011/10/07 22:25:14 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Hewlett-Packard
[2011/10/07 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Hewlett-Packard
[2011/10/07 22:24:57 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Hewlett-Packard_Company
[2011/10/07 22:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP User Manuals
[2011/10/07 22:24:21 | 000,000,000 | --SD | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Videos
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Saved Games
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Pictures
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Music
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Links
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Favorites
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Downloads
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Documents
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\Desktop
[2011/10/07 22:24:21 | 000,000,000 | R--D | C] -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\AppData\Local\Temporary Internet Files
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Templates
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Start Menu
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\SendTo
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Recent
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\PrintHood
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\NetHood
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Documents\My Videos
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Documents\My Pictures
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Documents\My Music
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\My Documents
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Local Settings
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\AppData\Local\History
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Cookies
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\Application Data
[2011/10/07 22:24:21 | 000,000,000 | -HSD | C] -- C:\Users\Ahsan\AppData\Local\Application Data
[2011/10/07 22:24:21 | 000,000,000 | -H-D | C] -- C:\Users\Ahsan\AppData
[2011/10/07 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Temp
[2011/10/07 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Local\Microsoft
[2011/10/07 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Media Center Programs
[2011/10/07 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Ahsan\AppData\Roaming\Macromedia
[2011/10/07 22:22:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

========== Files - Modified Within 30 Days ==========

[2011/10/29 14:11:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ahsan\Desktop\OTL.exe
[2011/10/29 13:02:14 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/29 13:02:14 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/29 12:59:11 | 000,778,278 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/29 12:59:11 | 000,664,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/29 12:59:11 | 000,124,790 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/29 12:54:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/29 12:54:53 | 3206,209,536 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/26 14:37:04 | 001,402,878 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/10/23 12:38:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAhsan.job
[2011/10/22 19:10:46 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/10/20 14:53:37 | 000,001,218 | ---- | M] () -- C:\Users\Ahsan\Desktop\dBpoweramp Music Converter.lnk
[2011/10/20 14:50:52 | 000,013,082 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/10/20 14:50:50 | 004,022,504 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/10/20 14:50:50 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/10/20 14:50:50 | 000,017,950 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/10/20 14:50:31 | 000,033,846 | ---- | M] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2011/10/18 13:32:06 | 004,869,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/11 22:08:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/11 21:19:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 17:59:29 | 000,172,035 | ---- | M] () -- C:\Windows\hpoins47.dat
[2011/10/10 16:32:03 | 000,001,077 | ---- | M] () -- C:\Users\Ahsan\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2011/10/09 17:30:17 | 000,004,602 | ---- | M] () -- C:\Users\Ahsan\Desktop\FlashFXP.lnk
[2011/10/09 17:14:31 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/09 17:05:21 | 000,001,912 | ---- | M] () -- C:\Users\Ahsan\Desktop\FLV Player.lnk
[2011/10/09 16:46:22 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/10/09 16:46:22 | 000,001,613 | ---- | M] () -- C:\Users\Ahsan\Desktop\DivX Movies.lnk
[2011/10/09 16:46:12 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/10/09 16:40:21 | 000,000,969 | ---- | M] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/10/09 16:40:21 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/10/09 16:37:30 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/09 16:19:55 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/09 16:08:19 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/09 15:14:27 | 000,001,005 | ---- | M] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/10/09 15:14:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/10/09 15:12:00 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/09 15:01:08 | 000,001,021 | ---- | M] () -- C:\Users\Ahsan\Desktop\Handbrake.lnk
[2011/10/09 14:54:32 | 000,001,999 | ---- | M] () -- C:\Users\Ahsan\Desktop\My Received Files.lnk
[2011/10/09 13:49:17 | 000,001,055 | ---- | M] () -- C:\Users\Ahsan\Desktop\Music.lnk
[2011/10/09 13:49:05 | 000,001,083 | ---- | M] () -- C:\Users\Ahsan\Desktop\Documents.lnk
[2011/10/09 13:14:27 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/10/09 13:14:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/10/09 13:14:27 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/10/08 06:21:40 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/10/08 06:21:40 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/10/08 00:57:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/08 00:57:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/08 00:08:24 | 000,001,439 | ---- | M] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/07 23:56:53 | 000,763,706 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/07 23:54:28 | 000,000,355 | ---- | M] () -- C:\Users\Ahsan\Desktop\Computer.lnk
[2011/10/07 23:32:14 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/10/07 22:24:39 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_G5460uk_Y53316J_0U_QCZC132_E11WE2MRW604_4A_I2ABF_SFoxconn_V1.00_B7.10_T110714_W73-1_L409_M4001_J1000_7Intel_86A7_93.10_#111007_N10EC8168;18145390_Z_G80860102_Ohp DVD A DH16ABLH_DHWP26A8.MRK
[2011/10/07 22:24:39 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_G5460uk_Y53316J_0U_QCZC132_E11WE2MRW604_4A_I2ABF_SFoxconn_V1.00_B7.10_T110714_W73-1_L409_M4001_J1000_7Intel_86A7_93.10_#111007_N10EC8168;18145390_Z_G80860102_Ohp DVD A DH16ABLH_DHWP26A8.MRK
[2011/10/07 22:22:15 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat

========== Files Created - No Company Name ==========

[2011/10/22 19:14:38 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForAhsan.job
[2011/10/22 19:10:46 | 000,002,181 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2011/10/20 14:53:37 | 000,001,218 | ---- | C] () -- C:\Users\Ahsan\Desktop\dBpoweramp Music Converter.lnk
[2011/10/20 14:50:52 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.bmp
[2011/10/20 14:50:52 | 000,013,082 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/10/20 14:50:50 | 000,033,846 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.bmp
[2011/10/20 14:50:50 | 000,017,950 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2011/10/20 14:50:49 | 004,022,504 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/10/11 22:08:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/11 21:19:09 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/11 17:55:29 | 000,172,035 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/10/11 17:55:29 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2011/10/10 16:32:03 | 000,001,077 | ---- | C] () -- C:\Users\Ahsan\Desktop\Adobe Photoshop CS5 (64 Bit).lnk
[2011/10/10 16:24:58 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2011/10/10 16:24:45 | 000,001,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2011/10/10 16:24:04 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011/10/10 16:23:59 | 000,001,264 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2011/10/10 16:23:02 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2011/10/10 16:23:00 | 000,001,521 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011/10/10 16:22:48 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011/10/09 17:30:17 | 000,004,602 | ---- | C] () -- C:\Users\Ahsan\Desktop\FlashFXP.lnk
[2011/10/09 17:14:31 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/10/09 17:14:24 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/09 17:05:21 | 000,001,912 | ---- | C] () -- C:\Users\Ahsan\Desktop\FLV Player.lnk
[2011/10/09 16:46:22 | 000,001,613 | ---- | C] () -- C:\Users\Ahsan\Desktop\DivX Movies.lnk
[2011/10/09 16:46:12 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/10/09 16:46:03 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/10/09 16:40:21 | 000,000,969 | ---- | C] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/10/09 16:40:21 | 000,000,945 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/10/09 16:37:30 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/10/09 15:14:27 | 000,001,005 | ---- | C] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2011/10/09 15:14:27 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011/10/09 15:12:00 | 000,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/09 15:12:00 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/09 15:01:08 | 000,001,021 | ---- | C] () -- C:\Users\Ahsan\Desktop\Handbrake.lnk
[2011/10/09 14:54:32 | 000,001,999 | ---- | C] () -- C:\Users\Ahsan\Desktop\My Received Files.lnk
[2011/10/09 13:49:17 | 000,001,055 | ---- | C] () -- C:\Users\Ahsan\Desktop\Music.lnk
[2011/10/09 13:49:05 | 000,001,083 | ---- | C] () -- C:\Users\Ahsan\Desktop\Documents.lnk
[2011/10/08 00:57:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/10/08 00:57:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/10/08 00:52:12 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/10/07 23:54:28 | 000,000,355 | ---- | C] () -- C:\Users\Ahsan\Desktop\Computer.lnk
[2011/10/07 23:32:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/07 23:29:25 | 000,019,462 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/10/07 23:29:25 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/10/07 23:29:25 | 000,001,035 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/10/07 22:27:27 | 000,001,439 | ---- | C] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/07 22:26:55 | 000,001,411 | ---- | C] () -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/10/07 22:26:50 | 000,001,445 | ---- | C] () -- C:\Users\Ahsan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/07 22:24:59 | 000,002,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
[2011/10/07 22:24:41 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warranty.lnk
[2011/10/07 22:24:39 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_G5460uk_Y53316J_0U_QCZC132_E11WE2MRW604_4A_I2ABF_SFoxconn_V1.00_B7.10_T110714_W73-1_L409_M4001_J1000_7Intel_86A7_93.10_#111007_N10EC8168;18145390_Z_G80860102_Ohp DVD A DH16ABLH_DHWP26A8.MRK
[2011/10/07 22:24:39 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_G5460uk_Y53316J_0U_QCZC132_E11WE2MRW604_4A_I2ABF_SFoxconn_V1.00_B7.10_T110714_W73-1_L409_M4001_J1000_7Intel_86A7_93.10_#111007_N10EC8168;18145390_Z_G80860102_Ohp DVD A DH16ABLH_DHWP26A8.MRK
[2011/10/07 22:24:21 | 000,000,290 | ---- | C] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/07 22:24:21 | 000,000,272 | ---- | C] () -- C:\Users\Ahsan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/10/07 22:22:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/08/10 05:17:09 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/08/10 05:03:54 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/10 05:03:51 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/10 05:03:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/03/04 05:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/02/11 18:15:43 | 000,763,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/10/20 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\Ahsan\AppData\Roaming\dBpoweramp
[2011/10/09 17:26:59 | 000,000,000 | ---D | M] -- C:\Users\Ahsan\AppData\Roaming\FlashFXP
[2011/10/25 02:03:45 | 000,000,000 | ---D | M] -- C:\Users\Ahsan\AppData\Roaming\uTorrent
[2011/10/22 19:09:24 | 000,000,000 | ---D | M] -- C:\Users\Ahsan\AppData\Roaming\WinBatch
[2011/10/08 01:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ahsan\AppData\Roaming\_MDLogs
[2009/07/14 06:08:49 | 000,011,058 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

inspector1 · 29-10-2011 2:33pm

Extras:

OTL Extras logfile created on: 10/29/2011 2:12:07 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ahsan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.98 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.78% Memory free
7.96 Gb Paging File | 6.16 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.52 Gb Total Space | 812.12 Gb Free Space | 88.22% Space Free | Partition Type: NTFS
Drive

| 10.89 Gb Total Space | 1.33 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
Drive E: | 455.39 Gb Total Space | 271.45 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive F: | 10.37 Gb Total Space | 1.41 Gb Free Space | 13.63% Space Free | Partition Type: NTFS

Computer Name: AHSAN-HP | User Name: Ahsan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19CAB44F-2F88-BCB1-873C-0AAA40E2CE71}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{734B340D-D3C0-824A-E26A-BBB78E12A16A}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4CA5A58-2759-7FCF-4F19-952E05FBA493}" = ATI AVIVO64 Codecs
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{068A2E6A-96CD-9FAB-8D3E-8CC3F5FC62CC}" = CCC Help English
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FAD5D8B-56E2-1C4D-E84E-ED162C32D4C5}" = Catalyst Control Center Graphics Light
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{4B8C04D7-47E2-AB0B-B573-65893836AD10}" = ccc-core-static
"{54FB1D26-CB8F-2B7C-1B22-344AA1896FE1}" = Catalyst Control Center Graphics Full Existing
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{60D0F028-7458-98F9-AF92-F9F83AF4F568}" = Catalyst Control Center InstallProxy
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8C9BD943-2017-7E76-D945-DF02DF919D96}" = Catalyst Control Center Core Implementation
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B794F825-BBA6-C4BB-79C4-CC657CA130AA}" = Catalyst Control Center Graphics Previews Vista
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BBC25C82-FE8E-9A34-07B9-F182879E44CD}" = Catalyst Control Center Localization All
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CE186519-9D34-3BA5-4CAB-8C3457D18F65}" = Catalyst Control Center Graphics Full New
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup" = DivX Setup
"FLV Player2.0.25" = FLV Player
"HandBrake" = HandBrake 0.9.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"MusicStationNetstaller" = MusicStation
"NIS" = Norton Internet Security
"PDF Complete" = PDF Complete Special Edition
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2011 9:31:16 AM | Computer Name = Ahsan-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/13/2011 2:00:00 PM | Computer Name = Ahsan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time
stamp: 0x4bbc56b6 Faulting module name: atioglxx.dll, version: 6.14.10.9252, time
stamp: 0x4b22aad4 Exception code: 0xc0000005 Fault offset: 0x006597d2 Faulting process
id: 0x1454 Faulting application start time: 0x01cc89d09e2ab13e Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe Faulting module
path: C:\Windows\system32\atioglxx.dll Report Id: 2adba1a2-f5c5-11e0-b309-2c27d7482ff2

Error - 10/13/2011 4:30:46 PM | Computer Name = Ahsan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time
stamp: 0x4bbc56b6 Faulting module name: atioglxx.dll, version: 6.14.10.9252, time
stamp: 0x4b22aad4 Exception code: 0xc0000005 Fault offset: 0x006597d2 Faulting process
id: 0x17ac Faulting application start time: 0x01cc89d298e2f107 Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe Faulting module
path: C:\Windows\system32\atioglxx.dll Report Id: 3ad72b80-f5da-11e0-b309-2c27d7482ff2

Error - 10/14/2011 10:49:21 AM | Computer Name = Ahsan-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/14/2011 6:02:13 PM | Computer Name = Ahsan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time
stamp: 0x4bbc56b6 Faulting module name: atioglxx.dll, version: 6.14.10.9252, time
stamp: 0x4b22aad4 Exception code: 0xc0000005 Fault offset: 0x006597d2 Faulting process
id: 0xb68 Faulting application start time: 0x01cc8abba5a1f8b0 Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe Faulting module
path: C:\Windows\system32\atioglxx.dll Report Id: 2b9e59e2-f6b0-11e0-912f-2c27d7482ff2

Error - 10/14/2011 6:25:23 PM | Computer Name = Ahsan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time
stamp: 0x4bbc56b6 Faulting module name: atioglxx.dll, version: 6.14.10.9252, time
stamp: 0x4b22aad4 Exception code: 0xc0000005 Fault offset: 0x006597d2 Faulting process
id: 0x1570 Faulting application start time: 0x01cc8abeeca70545 Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe Faulting module
path: C:\Windows\system32\atioglxx.dll Report Id: 68133c4f-f6b3-11e0-912f-2c27d7482ff2

Error - 10/14/2011 8:20:49 PM | Computer Name = Ahsan-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/14/2011 9:17:47 PM | Computer Name = Ahsan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time
stamp: 0x4bbc56b6 Faulting module name: atioglxx.dll, version: 6.14.10.9252, time
stamp: 0x4b22aad4 Exception code: 0xc0000005 Fault offset: 0x006597d2 Faulting process
id: 0xc80 Faulting application start time: 0x01cc8ad3b1b033cc Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe Faulting module
path: C:\Windows\system32\atioglxx.dll Report Id: 7d7f3796-f6cb-11e0-912f-2c27d7482ff2

Error - 10/14/2011 11:06:46 PM | Computer Name = Ahsan-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 12.0.0.0, time
stamp: 0x4bbc56b6 Faulting module name: atioglxx.dll, version: 6.14.10.9252, time
stamp: 0x4b22aad4 Exception code: 0xc0000005 Fault offset: 0x006597d2 Faulting process
id: 0x278 Faulting application start time: 0x01cc8ae455e1ea17 Faulting application
path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe Faulting module
path: C:\Windows\system32\atioglxx.dll Report Id: b6f10b93-f6da-11e0-912f-2c27d7482ff2

Error - 10/15/2011 9:43:23 AM | Computer Name = Ahsan-HP | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/11/2011 12:58:46 PM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/11/2011 12:59:02 PM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/11/2011 4:17:55 PM | Computer Name = Ahsan-HP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/12/2011 7:46:10 AM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/17/2011 8:21:06 AM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/19/2011 8:33:55 AM | Computer Name = Ahsan-HP | Source = bowser | ID = 8003
Description =

Error - 10/22/2011 1:33:28 PM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/23/2011 7:40:12 AM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/24/2011 9:04:33 AM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

Error - 10/24/2011 1:35:45 PM | Computer Name = Ahsan-HP | Source = DCOM | ID = 10016
Description =

< End of report >

ASJ112 · 29-10-2011 9:56pm

open OTL paste this in the custom scan/fixes box

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=1&src=sp&cf=c1e4b29d-0229-11e1-999b-2c27d7482ff2&q="
[2011/07/11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Ahsan\AppData\Roaming\Mozilla\Firefox\Profiles\fqdcxjup.default\searchplugins\startsear.xml

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\startsear.* /s

click Run Fix, post the log it gives you

inspector1 · 30-10-2011 1:23am

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://startsear.ch/?aff=1&src=sp&cf=c1e4b29d-0229-11e1-999b-2c27d7482ff2&q=" removed from keyword.URL
C:\Users\Ahsan\AppData\Roaming\Mozilla\Firefox\Profiles\fqdcxjup.default\searchplugins\startsear.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Ahsan
->Temp folder emptied: 445353433 bytes
->Temporary Internet Files folder emptied: 653352227 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 521188666 bytes
->Flash cache emptied: 60636 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33994187 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 10885417488 bytes

Total Files Cleaned = 11,959.00 mb

[EMPTYFLASH]

User: Ahsan
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: Ahsan
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ahsan\Desktop\cmd.bat deleted successfully.
C:\Users\Ahsan\Desktop\cmd.txt deleted successfully.
C:\_OTL\MovedFiles\10302011_011649\C_Users\Ahsan\AppData\Roaming\Mozilla\Firefox\Profiles\fqdcxjup.default\searchplugins\startsear.xml moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 10302011_011649

Files\Folders moved on Reboot...
C:\Users\Ahsan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ahsan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BPTIWGQ2\feed-ads_com[1].htm moved successfully.
C:\Users\Ahsan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B7GSF1UD\startsear_ch[1].htm moved successfully.
C:\Users\Ahsan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4OIXZ5VO\SearchFeeds[1].htm moved successfully.
C:\Users\Ahsan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Ahsan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

ASJ112 · 30-10-2011 10:10am

hows it running ?

download and install malwarebytes

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

run a quick scan, post that log here

inspector1 · 30-10-2011 1:39pm

Seems to be ok judging by the logs

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8046

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30/10/2011 12:37:27
mbam-log-2011-10-30 (12-37-27).txt

Scan type: Quick scan
Objects scanned: 173378
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ASJ112 · 30-10-2011 3:36pm

open OTL click the CleanUp button, and let it run

Then you are all done

inspector1 · 30-10-2011 5:31pm

thanks for your help much appreciated!

chitownbearcub · 05-11-2011 5:52pm

ASJ I really need your help. I'm not good at all of this lingo and stuff. I've read people posting these huge logs and I don't know how to do it. I downloaded Hijacker. Maybe I can share my screen on skype? I just need any help I can get. I got this stupid malware from that vplugin.

ASJ112 · 06-11-2011 12:05am

can you do this

Download OTL to your Desktop

http://oldtimer.geekstogo.com/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

chitownbearcub · 06-11-2011 4:48am

Every time I run the scan it scans for like 5 seconds and at the top it says "not responding"

chitownbearcub · 06-11-2011 5:00am

Even though it said not responding I left it open and I got some kind of OTL Notepad. Here it is:

OTL logfile created on: 11/5/2011 8:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.13% Memory free
5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.83 Gb Total Space | 159.64 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
Drive

| 15.00 Gb Total Space | 14.91 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/05 20:47:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL(1).exe
PRC - [2011/09/02 23:01:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 02:59:14 | 000,274,216 | ---- | M] (Conduit Ltd.) -- C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/01/01 14:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/22 09:24:44 | 000,077,312 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko6.dll
MOD - [2011/09/02 23:01:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/09/11 08:36:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/03 19:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009/07/13 15:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 31 BC B9 BD 87 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/20 09:22:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/21 23:42:23 | 000,000,000 | ---D | M]

[2011/09/09 18:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2011/10/18 09:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\extensions
[2011/09/09 19:07:07 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2011/09/25 15:10:26 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/18 09:24:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/10/25 19:00:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\extensions\avg@toolbar
[2011/07/11 11:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\searchplugins\startsear.xml
[2011/10/25 19:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/25 19:00:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q63RPEWL.DEFAULT\EXTENSIONS\ILLIMITUX@ILLIMITUX.NET.XPI
[2011/09/02 23:01:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/19 09:14:50 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/02 16:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={E8CBCF51-CE72-4C65-9701-221543E547D9}&mid=c0a1615c317147d1bd35d16836990059-a703fd90e39aa1faaf917027bacd4b38e0f9f9e9&lang=en&ds=AVG&pr=fr&d=2011-10-25 18:40:07&v=8.0.0.34&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: vidoox Stream = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagmifbnhpnddcaepegedhglojpjkieo\3.0_0\
CHR - Extension: uTorrentBar = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: Mega Ad Remover = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggjacccdhiibnkdglbgadhkakkggfnc\1.1_0\
CHR - Extension: Illimitux = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: ICE Quick Stream = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.0_1\

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ConduitHelper] C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe (Conduit Ltd.)
O4 - HKCU..\Run: [googletalk] C:\Users\Michael\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1C34B62-F3E1-41B9-A5EE-813DA32C2870}: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/25 21:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/25 21:39:42 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/10/25 18:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/25 18:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/25 18:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/25 18:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/25 18:34:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/25 18:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/25 18:31:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Systweak
[2011/10/24 09:07:03 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\vlc
[2011/10/24 09:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/10/10 21:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard

========== Files - Modified Within 30 Days ==========

[2011/11/05 20:52:42 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/05 20:52:42 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/05 20:52:19 | 000,659,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/05 20:52:19 | 000,120,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/05 20:45:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/05 20:45:27 | 2414,325,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/05 17:08:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2157374478-101397406-1047961440-1000UA.job
[2011/11/04 23:08:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2157374478-101397406-1047961440-1000Core.job
[2011/10/27 20:09:56 | 000,002,413 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk
[2011/10/25 21:39:42 | 000,002,973 | ---- | M] () -- C:\Users\Michael\Desktop\HiJackThis.lnk
[2011/10/15 10:15:58 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/10/25 21:39:42 | 000,002,973 | ---- | C] () -- C:\Users\Michael\Desktop\HiJackThis.lnk
[2011/09/09 15:12:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:33:53 | 000,409,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 19:05:48 | 000,659,818 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 19:05:48 | 000,120,714 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/18 19:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/05/06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

========== LOP Check ==========

[2011/09/09 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sling Media
[2011/10/25 18:33:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Systweak
[2011/10/25 19:01:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2009/07/13 21:53:46 | 000,006,134 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

chitownbearcub · 06-11-2011 5:02am

And here is the other notepad called Extras:

OTL Extras logfile created on: 11/5/2011 8:47:15 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Michael\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.13% Memory free
5.99 Gb Paging File | 5.25 Gb Available in Paging File | 87.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.83 Gb Total Space | 159.64 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
Drive

| 15.00 Gb Total Space | 14.91 Gb Free Space | 99.40% Space Free | Partition Type: NTFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX330_series" = Canon MX330 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A66DBCC6-8802-3D15-9FDF-9552742C08B0}" = Google Talk Plugin
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"PROPLUSR" = Microsoft Office Professional Plus 2007
"The Viking Software_is1" = The Viking Software
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Veetle TV" = Veetle TV

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2011 10:39:47 PM | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.202, time
stamp: 0x4e84cf5b Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time
stamp: 0x4a2752ff Exception code: 0xc0000005 Fault offset: 0x000173e3 Faulting process
id: 0xdb8 Faulting application start time: 0x01cc8ed186ea2527 Faulting application
path: C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: c5f9d754-fac4-11e0-9e8f-0021707de9aa

Error - 10/24/2011 12:32:40 PM | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.5.0.124, time stamp:
0x4e96a02b Faulting module name: Flash11c.ocx, version: 11.0.1.152, time stamp:
0x4e7d1782 Exception code: 0xc0000005 Fault offset: 0x001b143e Faulting process id:
0x15e0 Faulting application start time: 0x01cc920f9743635f Faulting application path:
C:\Program Files\Skype\Phone\Skype.exe Faulting module path: C:\Windows\system32\Macromed\Flash\Flash11c.ocx
Report
Id: c9b982e5-fe5d-11e0-9e8f-0021707de9aa

Error - 10/26/2011 12:32:28 AM | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ConduitHelper.exe, version: 1.0.5.0, time
stamp: 0x4e5e05f1 Faulting module name: mshtml.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4e869892 Exception code: 0xc0000005 Fault offset: 0x72e8de71 Faulting process
id: 0xa08 Faulting application start time: 0x01cc93984280f07a Faulting application
path: C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe Faulting module path:
mshtml.dll Report Id: 8251a570-ff8b-11e0-87d6-0021707de9aa

Error - 10/26/2011 12:40:43 AM | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = The program HiJackThis.exe version 2.0.0.4 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8f8 Start
Time: 01cc939950034568 Termination Time: 7 Application Path: C:\Program Files\Trend
Micro\HiJackThis\HiJackThis.exe Report Id: a26cb60e-ff8c-11e0-87d6-0021707de9aa

Error - 10/26/2011 2:33:19 AM | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.202, time
stamp: 0x4e84cf5b Faulting module name: ntdll.dll, version: 6.1.7600.16695, time
stamp: 0x4cc7ab44 Exception code: 0xc0000374 Fault offset: 0x000c35e3 Faulting process
id: 0xe1c Faulting application start time: 0x01cc939bc0b06849 Faulting application
path: C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 641d14dc-ff9c-11e0-87d6-0021707de9aa

Error - 10/26/2011 12:23:07 PM | Computer Name = Michael-PC | Source = System Restore | ID = 8193
Description =

Error - 10/26/2011 12:23:07 PM | Computer Name = Michael-PC | Source = VSS | ID = 12289
Description =

Error - 10/28/2011 3:20:32 AM | Computer Name = Michael-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 14.0.835.202, time
stamp: 0x4e84cf5b Faulting module name: MSVCR80.dll, version: 8.0.50727.4927, time
stamp: 0x4a2752ff Exception code: 0xc0000005 Fault offset: 0x000173bd Faulting process
id: 0xefc Faulting application start time: 0x01cc953ebef4fe5f Faulting application
path: C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Report
Id: 5193e9f1-0135-11e1-87d6-0021707de9aa

Error - 11/5/2011 11:43:07 PM | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = The program OTL (1).exe version 3.2.31.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e90 Start
Time: 01cc9c3611b4290b Termination Time: 9 Application Path: C:\Users\Michael\Downloads\OTL
(1).exe Report Id: 6bc58d24-0829-11e1-b9a9-0021707de9aa

Error - 11/5/2011 11:43:58 PM | Computer Name = Michael-PC | Source = Application Hang | ID = 1002
Description = The program OTL (1).exe version 3.2.31.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1440 Start
Time: 01cc9c36380ed650 Termination Time: 18 Application Path: C:\Users\Michael\Downloads\OTL
(1).exe Report Id: 8a0c1610-0829-11e1-b9a9-0021707de9aa

[ System Events ]
Error - 11/5/2011 2:42:11 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 3:59:57 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 4:53:06 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 4:53:46 PM | Computer Name = Michael-PC | Source = bowser | ID = 8003
Description =

Error - 11/5/2011 6:34:16 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 6:53:13 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 7:53:05 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 11:38:53 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 11/5/2011 11:45:33 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 11/5/2011 11:45:33 PM | Computer Name = Michael-PC | Source = atikmdag | ID = 43029
Description = Display is not active

< End of report >

ASJ112 · 06-11-2011 11:26am

do you recognise these chrome extensions in bold ?

CHR - Extension: vidoox Stream = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bagmifbnhpnddcaepegedhglojpjkieo\3.0_0\
CHR - Extension: Mega Ad Remover = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hggjacccdhiibnkdglbgadhkakkggfnc\1.1_0\
CHR - Extension: Illimitux = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mamnihopcnbfnbfnnneplcohmnkkpipb\1.0_0\
CHR - Extension: ICE Quick Stream = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\4.0_1\

Open OTL, copy and paste this into the Custom Scan/Fixes box at the bottom

:OTL
[2011/07/11 11:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\searchplugins\startsear.xml

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
C:\startsear.* /s
ipconfig /flushdns /c

Click Run Fix, post the log it gives you

chitownbearcub · 06-11-2011 4:51pm

Yes I know all of those chrome extensions.

All processes killed
========== OTL ==========
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\searchplugins\startsear.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Michael
->Temp folder emptied: 633705736 bytes
->Temporary Internet Files folder emptied: 39800852 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 358961441 bytes
->Google Chrome cache emptied: 380380941 bytes
->Flash cache emptied: 100824 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45570863 bytes
RecycleBin emptied: 52932722 bytes

Total Files Cleaned = 1,442.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michael
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Michael
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

========== FILES ==========
C:\_OTL\MovedFiles\11062011_074450\C_Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\q63rpewl.default\searchplugins\startsear.xml moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michael\Downloads\cmd.bat deleted successfully.
C:\Users\Michael\Downloads\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 11062011_074450

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

chitownbearcub · 06-11-2011 5:20pm

Thought I would also let you know that when I open chrome that http://startsear.ch/?aff=1 still pops up as the search engine

ASJ112 · 06-11-2011 5:23pm

download and install malwarebytes

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

update it, run a quick scan, post that log here

chitownbearcub · 06-11-2011 7:11pm

mbam-log2011:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8097

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/6/2011 9:56:52 AM
mbam-log-2011-11-06 (09-56-52).txt

Scan type: Quick scan
Objects scanned: 151283
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ASJ112 · 06-11-2011 8:43pm

nothing is showing in your logs which is weird

try this, open Chrome, click the Wrench button at the top right, click Options, under the Basics tab go down to Search and then select Google or whatever else is there

That should change the search engine away from the bad one.

Startsear.ch

Comments