Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Help with HijackThis please.........

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Sat Apr 21, 2012 5:56 pm    Post subject: Help with HijackThis please......... Reply with quote

Hello, I just started having trouble with my computer freezing. The camera doesn't want to work now either when I use oovoo or skype. I don't know much about the computer except surfing the web.

I have a Dell XPS M1330 with Vista. Can you help me?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:45:37 PM, on 4/21/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Desktop\Hijackthis\HijackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Norton PC Checkup Application Launcher - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe

--
End of file - 8308 bytes
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Mon Apr 23, 2012 2:21 am    Post subject: Reply with quote

Hi Diann,
Your last two topics were closed because you failed to reply within 3 days.
If for some reason you feel you can't reply within 3 days just let me know, this will avoid this topic being closed to.
Continue with the steps below from your last topic.

Create a new System Restore point
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Quote:
Inbox Toolbar
Java(TM) 6 Update 25
McAfee Security Scan Plus
PC Tools Spyware Doctor with AntiVirus 9.0

Next.

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt
Vista or Win 7, 32 bit: SQW7-Vista_x32.TXT

---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL

Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt

Next.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. (Right click and choose "Run as administrator" in Vista/Win7)
  • Copy and paste the content of the following codebox into the main textfield:
    Code:

    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech

  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply
  • OTL fix log.
  • SystemLook.txt.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Mon Apr 23, 2012 2:18 pm    Post subject: Reply with quote

Hello, yes I am having within the 3 days as my father is in the hospital on life support so I might have to leave at any time.

When I download the OTL.exe it opens right up to the fix it page and not where I can save it on desktop.

When I click on the Run Fix and then the computer says it needs to reboot but then the screen goes blank forever. How long does this take as it was 1/2 hour and nothing so I restarted it but no note pad came up.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Tue Apr 24, 2012 1:09 am    Post subject: Reply with quote

Hi Diann,
Quote:
yes I am having within the 3 days as my father is in the hospital on life support so I might have to leave at any time.

Sorry to hear about your father, that's where your priorities should be right now.
As mentioned if possible, just let me know if you will not be able to reply for an extended period of time.
Quote:
When I click on the Run Fix and then the computer says it needs to reboot but then the screen goes blank forever. How long does this take as it was 1/2 hour and nothing so I restarted it but no note pad came up.
The fix should only have taken a few minutes, just continue with the instructions to run SystemLook.

  • Double-click SystemLook.exe to run it. (Right click and choose "Run as administrator" in Vista/Win7)
  • Copy and paste the content of the following codebox into the main textfield:
    Code:

    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech

  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply
  • SystemLook.txt.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Tue Apr 24, 2012 1:19 pm    Post subject: Reply with quote

When I go to download the SystemLook. It asks to save file, it downloads it but doesn't ask where I want to save it. I did doubleclick on it and nothing came up in the box except at the bottom where it says. LOOK and EXIT.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Wed Apr 25, 2012 1:34 am    Post subject: Reply with quote

Hi Diann,
Quote:
When I go to download the SystemLook. It asks to save file, it downloads it but doesn't ask where I want to save it.

Where did you save SystemLook to?
Which browser did you use to download it?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Wed Apr 25, 2012 4:29 pm    Post subject: Reply with quote

hello, I didn't save it anywhere as it didn't give me anything but the downloads box and I double clicked on it there.

I am on Mozilla Firefox. It's the only one I have ever used.
Should I try Internet Explorer?
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Thu Apr 26, 2012 1:32 am    Post subject: Reply with quote

Hi Diann,
Quote:
I am on Mozilla Firefox. It's the only one I have ever used.

At the top of the Firefox browser click on Tools > Options > General.
Under Downloads select Always ask me where to save files, then click Ok.

Now download SystemLook again and click Save file.
Chose your desktop as the location then click Save, SystemLook.exe should now be on your desktop.
Quote:
I did doubleclick on it and nothing came up in the box except at the bottom where it says. LOOK and EXIT.

That's what you should be seeing, a white box with LOOK and EXIT at the bottom.
Right - click on SystemLook.exe and select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.

Copy and paste the content of the following codebox into the main textfield, The white box.
Do not include the word CODE.
Code:
:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

Now Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Thu Apr 26, 2012 5:05 pm    Post subject: Reply with quote

I did as you said and when I click "run as admin" the box still comes up blank. No content in the box.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Fri Apr 27, 2012 1:15 am    Post subject: Reply with quote

Hi Diann,
Quote:
I did as you said and when I click "run as admin" the box still comes up blank. No content in the box.

Ok let me see if i have this correct.
When you say the box comes up blank, do you see a white/blank box, with LOOK and EXIT buttons at the bottom of the box?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Fri Apr 27, 2012 4:49 pm    Post subject: Reply with quote

Yes, and the box is blank.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Sat Apr 28, 2012 2:19 am    Post subject: Reply with quote

Hi Diann,
Cypher wrote:
Ok let me see if i have this correct.
When you say the box comes up blank, do you see a white/blank box, with LOOK and EXIT buttons at the bottom of the box?

Diann wrote:
Yes, and the box is blank.

As mentioned previously when you open SystemLook that's what you should be seeing.
A blank box with the LOOK and EXIT buttons at the bottom.
What you have to do is Copy and paste the content of the following codebox into the blank box.
Code:
:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech

Now click the Look button at the bottom of the box to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Sat Apr 28, 2012 12:18 pm    Post subject: Reply with quote

I pasted and clicked on the Look tab.



SystemLook 30.07.11 by jpshortstuff
Log created at 14:08 on 28/04/2012 by Dianne
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(1).exe --a---- 2060760 bytes [03:34 15/11/2011] [03:35 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(2).exe --a---- 2060760 bytes [03:34 15/11/2011] [03:35 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid\ilivid.exe --a---- 2033152 bytes [03:41 15/11/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\downloads\iLividSetupV1.exe --a---- 2060760 bytes [03:33 15/11/2011] [03:34 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\locallow\searchqutoolbar d------ [03:37 15/11/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid d------ [03:41 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar d------ [03:37 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\Local\Ilivid Player d------ [03:41 15/11/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar\Datamngr d------ [03:37 15/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech "
No data found.

-= EOF =-
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Sun Apr 29, 2012 1:49 am    Post subject: Reply with quote

Hi Diann,
Good work that's what i needed to see, please continue with the instructions below.

Create a new System Restore point
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqutoolbar"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"=-
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"=-

    :files
    C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(1).exe
    C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(2).exe
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

We need to run SystemLook.exe again
  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code:

    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech


  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply
  • OTL fix log.
  • SystemLook.txt.

_________________
Admin/Teacher at Malware Removal University
Member of...



Last edited by Cypher on Mon Apr 30, 2012 2:47 am; edited 2 times in total
Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Sun Apr 29, 2012 8:06 am    Post subject: Reply with quote

Quote:
Right-click OTL.exe and select " Run as administrator " to run it.
Copy and Paste the following code into the textbox. Do not include the word Code



When I run this and paste in the textbox and click the runfix at the top as soon as I click it it says at the top OTL (Not Responding). I wait and wait but nothing happens so I had to restart the computer.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Sun Apr 29, 2012 8:21 am    Post subject: Reply with quote

Hi Diann,
Please run SystemLook.exe again as you did previously and post the resulting log.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Sun Apr 29, 2012 10:35 am    Post subject: Reply with quote

SystemLook 30.07.11 by jpshortstuff
Log created at 12:27 on 29/04/2012 by Dianne
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(1).exe --a---- 2060760 bytes [03:34 15/11/2011] [03:35 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(2).exe --a---- 2060760 bytes [03:34 15/11/2011] [03:35 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid\ilivid.exe --a---- 2033152 bytes [03:41 15/11/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\downloads\iLividSetupV1.exe --a---- 2060760 bytes [03:33 15/11/2011] [03:34 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\locallow\searchqutoolbar d------ [03:37 15/11/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid d------ [03:41 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar d------ [03:37 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\Local\Ilivid Player d------ [03:41 15/11/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar\Datamngr d------ [03:37 15/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "kelkoopartners"
No data found.

Searching for "trolltech "
No data found.

-= EOF =-
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Mon Apr 30, 2012 1:19 am    Post subject: Reply with quote

Hi Diann,
Ok the last OTL fix failed so lets try it again in safe mode.

Reboot your computer in Safe Mode with Networking .
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode with Networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Next.

We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the textbox. Do not include the word Code
    Code:

    :processes
    killallprocesses

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FE9A2C8-B7B1-412A-A491-E1C7F13E35EA}"=-
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{7D8407D7-F76A-4389-B8C6-2D340C39E07C}"=-

    :files
    C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(1).exe
    C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(2).exe
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top.
  • Click .
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

We need to run SystemLook.exe again
  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code:

    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*

    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech


  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply
  • OTL fix log.
  • SystemLook.txt.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Mon Apr 30, 2012 6:04 pm    Post subject: Reply with quote

Me again and not good news.
I went into safe mode and no problem but when I click on the fix it button after I paste in the information you gave the background goes black and the bottom of the box says it is scanning the info but then the computer freezes so nothing. It does this every time.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Tue May 01, 2012 2:12 am    Post subject: Reply with quote

Hi Diann,
Quote:
Me again and not good news.

Not having the best of luck are we, hang in there we will try a different method next.
First lets see if any of the fix was completed before your computer froze.
Please run SystemLook.exe again as you have done previously, and post the resulting log.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Tue May 01, 2012 1:40 pm    Post subject: Reply with quote

SystemLook 30.07.11 by jpshortstuff
Log created at 15:32 on 01/05/2012 by Dianne
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(1).exe --a---- 2060760 bytes [03:34 15/11/2011] [03:35 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(2).exe --a---- 2060760 bytes [03:34 15/11/2011] [03:35 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid\ilivid.exe --a---- 2033152 bytes [03:41 15/11/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\downloads\iLividSetupV1.exe --a---- 2060760 bytes [03:33 15/11/2011] [03:34 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\locallow\searchqutoolbar d------ [03:37 15/11/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid d------ [03:41 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar d------ [03:37 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\Local\Ilivid Player d------ [03:41 15/11/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar\Datamngr d------ [03:37 15/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar""

Searching for "kelkoopartners"
No data found.

Searching for "trolltech "
No data found.

-= EOF =-
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Wed May 02, 2012 1:41 am    Post subject: Reply with quote

Hi Diann,
It appears part of the fix worked before your computer froze, be we still have a few things to clean up.
Lets see if you can complete the instructions below.

Navigate to and find the following files, if found, delete them.
Quote:
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(1).exe
C:\Users\Dianne.DDHAFE-PC\Downloads\iLividSetupV1(2).exe

Next.

Create a new System Restore point
  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

Registry fix file.
  • Open Notepad by clicking Start>Run then type Notepad
  • Copy & paste the contents of the Code Box below to Notepad (DO NOT include Code:)
  • Make sure there is NO blank line before Windows Registry Editor Version 5.00
  • Make sure there IS one blank line at the end of the file.

    Code:
    Windows Registry Editor Version 5.00.

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqutoolbar"=-



  • Go to File>Save as
  • Name the file as fix_SR.reg
  • Change the Save as Type to All Files
  • Save the file to your Desktop. It will look like this
  • Now Right click on the fix_SR.reg file and select " Run as administrator " to run it.
  • when it prompts to Merge click Yes.

Now please run SystemLook.exe again as you did previously and post the resulting log.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Wed May 02, 2012 6:04 pm    Post subject: Reply with quote

OK deleted what you asked and did the notepad stuff and restore point. Here is the SystemLook.exe


SystemLook 30.07.11 by jpshortstuff
Log created at 19:57 on 02/05/2012 by Dianne
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid\ilivid.exe --a---- 2033152 bytes [03:41 15/11/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\downloads\iLividSetupV1.exe --a---- 2060760 bytes [03:33 15/11/2011] [03:34 15/11/2011] C3A4ECCE7394692172E224A1770B3AC5

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\locallow\searchqutoolbar d------ [03:37 15/11/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\iLivid d------ [03:41 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar d------ [03:37 15/11/2011]
C:\_OTL\MovedFiles\04192012_204759\C_Users\Dianne.DDHAFE-PC\AppData\Local\Ilivid Player d------ [03:41 15/11/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar\Datamngr d------ [03:37 15/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Thu May 03, 2012 1:07 am    Post subject: Reply with quote

Hi Diann,
Good work well done, that looks much better.
How is your computer running now? let me know in your next reply please.
I need you to run another scan for me.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply
  • ESET log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Fri May 04, 2012 5:06 pm    Post subject: Reply with quote

WoW! lots of threats. 13 of them.

The computer is still freezing up on me but as often. The blue light for the camera on the top edge of the screen blinks when computer is turned on but still can't use it for oovoo. I did buy a minicam pro but have not installed it yet. Waiting till computer to be fixed.


C:\$Recycle.Bin\S-1-5-21-1499456639-3145712747-3195128692-1000\$RLHUT6F.exe Win32/RegistryBooster application
C:\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Program Files\PDFReader\Uninstall\Uninstall.exe a variant of Win32/InstallCore.F application
C:\Program Files\PlayPickle Toolbar\ToolbarUpdaterService.exe a variant of Win32/Toolbar.Zugo application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Dianne\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101127182557467.rsc multiple threats
C:\Users\Dianne\Downloads\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
C:\Users\Dianne.DDHAFE-PC\AppData\LocalLow\FunWebProducts\Installr\Cache\00439E81.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (1).exe a variant of Win32/InstallCore.F application
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (2).exe a variant of Win32/InstallCore.F application
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (3).exe a variant of Win32/InstallCore.F application
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer.exe a variant of Win32/InstallCore.F application
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\04192012_204759\c_program files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll Win32/Toolbar.SearchSuite application
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Sat May 05, 2012 6:48 am    Post subject: Reply with quote

Hi Diann,
We still have a few things to deal with, lets try the following.

Download OTM.exe by Old Timer and save it to your Desktop.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code:

    :Files
    C:\$Recycle.Bin\S-1-5-21-1499456639-3145712747-3195128692-1000\$RLHUT6F.exe
    C:\Downloads\vlcmediaplayer-setup.exe
    C:\Program Files\PDFReader\Uninstall\Uninstall.exe
    C:\Program Files\PlayPickle Toolbar\ToolbarUpdaterService.exe
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
    C:\Users\Dianne\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101127182557467.rsc
    C:\Users\Dianne\Downloads\vlcmediaplayer-setup.exe
    C:\Users\Dianne.DDHAFE-PC\AppData\LocalLow\FunWebProducts\Installr\Cache\00439E81.exe
    C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (1).exe
    C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (2).exe
    C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (3).exe
    C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer.exe 
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [ClearAllRestorePoints]




    • Return to OTM, right-click then paste the code into the blank box below
    • Next click on the large button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Logs/Information to Post in your Next Reply
  • OTM log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Sat May 05, 2012 11:15 am    Post subject: Reply with quote

I am still getting the "not responding" quite a bit.







All processes killed
========== FILES ==========
C:\$Recycle.Bin\S-1-5-21-1499456639-3145712747-3195128692-1000\$RLHUT6F.exe moved successfully.
C:\Downloads\vlcmediaplayer-setup.exe moved successfully.
C:\Program Files\PDFReader\Uninstall\Uninstall.exe moved successfully.
C:\Program Files\PlayPickle Toolbar\ToolbarUpdaterService.exe moved successfully.
DllUnregisterServer procedure not found in C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll moved successfully.
DllUnregisterServer procedure not found in C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll moved successfully.
C:\Users\Dianne\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101127182557467.rsc moved successfully.
C:\Users\Dianne\Downloads\vlcmediaplayer-setup.exe moved successfully.
C:\Users\Dianne.DDHAFE-PC\AppData\LocalLow\FunWebProducts\Installr\Cache\00439E81.exe moved successfully.
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (1).exe moved successfully.
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (2).exe moved successfully.
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer (3).exe moved successfully.
C:\Users\Dianne.DDHAFE-PC\Downloads\internet-explorer.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dianne.DDHAFE-PC\Desktop\cmd.bat deleted successfully.
C:\Users\Dianne.DDHAFE-PC\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dianne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dianne.DDHAFE-PC
->Temp folder emptied: 104477529 bytes
->Temporary Internet Files folder emptied: 1889033 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56551470 bytes
->Google Chrome cache emptied: 6927720 bytes
->Flash cache emptied: 29477 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93133 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 952530 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 8855766 bytes

Total Files Cleaned = 171.00 mb


Restore point Set: OTM Restore Point

OTM by OldTimer - Version 3.1.19.0 log created on 05052012_130228
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Sun May 06, 2012 12:55 am    Post subject: Reply with quote

Hi Diann,
Quote:
I am still getting the "not responding" quite a bit.

Ok see if you can run this scan for me, if successfully post the resulting logs.

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Sun May 06, 2012 2:12 pm    Post subject: Reply with quote

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dianne at 2012-05-06 16:07:09
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 188 GB (83%) free of 226 GB
Total RAM: 2045 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:07:23 PM, on 5/6/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Dianne.DDHAFE-PC\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Dianne.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Carbonite Backup] "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=MC0w"&"prod=90"&"ver=10.0.1424
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{A4622~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{A4622~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [SymcUniversalUpdater] "C:\Program Files\Norton PC Checkup\Engine\Updater.exe" -repair
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{e8c34a23-c9b2-44a7-9c1b-c534ce298cbe}
O4 - HKLM\..\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton PC Checkup Application Launcher - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Unknown owner - C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--
End of file - 11072 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1499456639-3145712747-3195128692-1003Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1499456639-3145712747-3195128692-1003UA.job
C:\Windows\tasks\Norton Security Scan for Dianne.job
C:\Windows\tasks\PCConfidential.job
C:\Windows\tasks\RegPowerClean.job
C:\Windows\tasks\RPCReminder.job
C:\Windows\tasks\User_Feed_Synchronization-{1FF0654C-994F-4020-9D83-369B8A51180D}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dianne.DDHAFE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\304t8lks.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.swagbucks.com/"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7B8e76efb4-320c-4fc1-8ecd-4f145c2005d0%7D&mid=c945d0c7970c14019ef33ac5acfa640f-9272f5b518f80fc68060c8d23b4a9053f730a61c&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-05%2012%3A43%3A25&sap=ku&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\1.bin
"avg@toolbar"=C:\ProgramData\AVG Secure Search\11.0.0.9\
"{F53C93F1-07D5-430c-86D4-C9531B27DFAF}"=C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
webbooster@iminent.com
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npCouponPrinter.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npCouponPrinter.dll
npdeployJava1.dll
npMozCouponPrinter.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg-secure-search.xml
avg_igeared.xml
babylon.xml
bing.xml
bing.xml.old
eBay.xml
google.xml
Search_Results.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Dianne.DDHAFE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\304t8lks.default\searchplugins\
askcom.xml
bing-zugo.xml
mywebsearch.xml
search-here.xml
Search_Results.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files\AVG\AVG2012\avgdtiex.dll [2012-04-20 936528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-04-13 1390672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll [2012-05-05 2067328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-29 3844768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll [2011-07-22 787744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll [2012-05-05 2067328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-04-16 184320]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-06-16 13793824]
"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-06-16 92704]
"TaskTray"= []
"Carbonite Backup"=C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [2011-03-03 948880]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2012-01-13 981680]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-02-15 405504]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-05-05 1116544]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-04-05 2587008]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=MC0w&prod=90&ver=10.0.1424 []
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"Malwarebytes Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-01-13 460872]
"Malwarebytes Anti-Malware (cleanup)"=C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll [2011-12-24 1080904]
"InstallShieldSetup"=C:\PROGRA~1\INSTAL~1\{A4622~1\setup.exe [2007-10-18 117200]
"SymcUniversalUpdater"=C:\Program Files\Norton PC Checkup\Engine\Updater.exe [2012-02-01 330168]
"BrandClearStubs"=RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{e8c34a23-c9b2-44a7-9c1b-c534ce298cbe} []
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-04-11 217088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"ooVoo.exe"=C:\Program Files\ooVoo\oovoo.exe [2012-02-07 22465104]
"DW7"=C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe [2012-04-19 10554880]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-06 16:07:09 ----D---- C:\rsit
2012-05-06 16:07:09 ----D---- C:\Program Files\trend micro
2012-05-05 13:02:28 ----D---- C:\_OTM
2012-05-05 12:43:25 ----D---- C:\Program Files\AVG Secure Search
2012-05-05 00:31:07 ----D---- C:\Users\Dianne.DDHAFE-PC\AppData\Roaming\AVG2012
2012-05-05 00:30:00 ----D---- C:\ProgramData\AVG Secure Search
2012-05-05 00:29:59 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-05-05 00:27:26 ----D---- C:\ProgramData\AVG2012
2012-05-04 23:59:32 ----D---- C:\Users\Dianne.DDHAFE-PC\AppData\Roaming\SpeedyPC Software
2012-05-04 23:59:22 ----D---- C:\ProgramData\SpeedyPC Software
2012-05-04 17:48:38 ----D---- C:\ProgramData\Mozilla
2012-05-04 17:48:38 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-05-04 17:36:23 ----SHD---- C:\found.004
2012-04-30 18:36:49 ----A---- C:\Windows\ntbtlog.txt
2012-04-21 18:15:22 ----SHD---- C:\found.003
2012-04-19 21:12:25 ----SHD---- C:\found.002
2012-04-19 20:47:59 ----D---- C:\_OTL
2012-04-19 20:15:58 ----D---- C:\Program Files\The Weather Channel
2012-04-19 04:50:26 ----A---- C:\Windows\system32\drivers\avgidshx.sys
2012-04-10 21:16:26 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-10 21:16:26 ----A---- C:\Windows\system32\iertutil.dll
2012-04-10 21:16:25 ----A---- C:\Windows\system32\wininet.dll
2012-04-10 21:16:25 ----A---- C:\Windows\system32\jscript9.dll
2012-04-10 21:16:25 ----A---- C:\Windows\system32\jscript.dll
2012-04-10 21:16:24 ----A---- C:\Windows\system32\url.dll
2012-04-10 21:16:24 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-10 21:16:24 ----A---- C:\Windows\system32\ieui.dll
2012-04-10 21:16:23 ----A---- C:\Windows\system32\urlmon.dll
2012-04-10 21:16:21 ----A---- C:\Windows\system32\ieframe.dll
2012-04-10 21:16:20 ----A---- C:\Windows\system32\mshtml.dll
2012-04-10 21:16:11 ----A---- C:\Windows\system32\wmi.dll
2012-04-10 21:16:11 ----A---- C:\Windows\system32\wintrust.dll
2012-04-10 21:16:11 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-10 21:16:11 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-10 21:15:52 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-10 21:15:52 ----A---- C:\Windows\system32\ntkrnlpa.exe

======List of files/folders modified in the last 1 month======

2012-05-06 16:07:09 ----RD---- C:\Program Files
2012-05-06 16:06:52 ----D---- C:\Windows\Temp
2012-05-06 14:28:22 ----SHD---- C:\System Volume Information
2012-05-06 09:18:39 ----D---- C:\ProgramData\MFAData
2012-05-06 09:18:38 ----D---- C:\Windows\system32\drivers\AVG
2012-05-05 13:02:29 ----RD---- C:\Downloads
2012-05-05 13:02:29 ----D---- C:\Program Files\PlayPickle Toolbar
2012-05-05 12:59:55 ----SHD---- C:\Windows\Installer
2012-05-05 12:50:17 ----D---- C:\Windows\Prefetch
2012-05-05 12:48:42 ----D---- C:\Windows\Minidump
2012-05-05 12:48:37 ----D---- C:\Windows
2012-05-05 12:42:50 ----D---- C:\Windows\System32
2012-05-05 00:53:49 ----D---- C:\Windows\system32\drivers
2012-05-05 00:30:00 ----HD---- C:\ProgramData
2012-05-05 00:29:59 ----D---- C:\Program Files\Common Files
2012-05-05 00:27:27 ----HD---- C:\$AVG
2012-05-05 00:24:03 ----D---- C:\Program Files\AVG
2012-05-05 00:02:07 ----D---- C:\Windows\Tasks
2012-05-05 00:00:12 ----D---- C:\Windows\system32\Tasks
2012-05-04 20:43:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-05-04 17:48:36 ----D---- C:\Program Files\Mozilla Firefox
2012-05-04 17:30:48 ----D---- C:\ProgramData\AVG10
2012-04-30 18:33:01 ----D---- C:\Windows\system32\catroot2
2012-04-22 21:50:02 ----RSD---- C:\Windows\assembly
2012-04-22 21:50:02 ----D---- C:\Windows\Microsoft.NET
2012-04-20 21:02:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-20 21:02:04 ----D---- C:\Windows\inf
2012-04-19 20:39:46 ----D---- C:\Program Files\PC Tools
2012-04-19 20:39:46 ----D---- C:\Program Files\Common Files\PC Tools
2012-04-19 20:38:31 ----AD---- C:\ProgramData\TEMP
2012-04-19 20:38:24 ----D---- C:\ProgramData\PC Tools
2012-04-19 20:24:07 ----D---- C:\Program Files\The Weather Channel FW
2012-04-19 20:23:08 ----D---- C:\Program Files\McAfee Security Scan
2012-04-11 11:08:57 ----D---- C:\Windows\system32\migration
2012-04-11 11:08:56 ----D---- C:\Program Files\Internet Explorer
2012-04-10 21:18:04 ----D---- C:\Windows\winsxs
2012-04-10 21:17:59 ----D---- C:\Windows\system32\catroot
2012-04-10 21:03:45 ----D---- C:\Windows\Debug
2012-04-10 21:03:40 ----A---- C:\Windows\system32\mrt.exe
2012-04-10 21:03:10 ----D---- C:\Program Files\Windows Mail
2012-04-10 18:36:15 ----D---- C:\Program Files\Common Files\Adobe
2012-04-07 16:05:30 ----RD---- C:\Desktop

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AFS;AFS; C:\Windows\system32\drivers\AFS.sys [2010-04-01 77004]
R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2008-09-25 324120]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2008-10-22 46592]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2008-10-22 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2008-10-22 38400]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2010-03-30 22528]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-20 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-03-30 30208]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]
R3 NWADI;NWADI Bus Enumerator; C:\Windows\system32\DRIVERS\NWADIenum.sys [2009-12-18 230912]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM04Vfx.sys [2007-12-03 7424]
R3 OEM04Vid;Creative Camera OEM004 Driver; C:\Windows\system32\DRIVERS\OEM04Vid.sys [2007-12-03 234720]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-02-15 330752]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 182456]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-20 220672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NWUSBCDFIL;Novatel Wireless Installation CD; C:\Windows\system32\DRIVERS\NwUsbCdFil.sys [2009-12-18 20480]
S3 NWUSBModem;Novatel Wireless USB Modem Driver; C:\Windows\system32\DRIVERS\nwusbmdm.sys [2009-12-18 174720]
S3 NWUSBPort;Novatel Wireless USB Status Port Driver; C:\Windows\system32\DRIVERS\nwusbser.sys [2009-12-18 174720]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver; C:\Windows\system32\DRIVERS\nwusbser2.sys [2009-12-18 174720]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-20 32408]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 CarboniteService;CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [2011-03-03 3410576]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-16 211488]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 STacSV;SigmaTel Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe [2008-02-15 102400]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-05 932736]
R3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe /s []
S2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe /s PCCUJobMgr /m C:\Program Files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll /prefetch:1 []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
S3 Amazon Download Agent;Amazon Download Agent; C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-15 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.09 2012-05-06 16:07:25

======Uninstall list======

-->C:\ProgramData\{A8B5FFA8-79F1-48DF-BEDF-966D494FAE01}\DefaultTab_Setup.exe
-->C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -maintain plugin
Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Amazon Games & Software Downloader-->"C:\Program Files\Amazon\Amazon Games & Software Downloader\uninst\unins001.exe"
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Avery LabelPro 3.0-->C:\Windows\uninst.exe -f"C:\Program Files\Avery LabelPro\DeIsL1.isu"
AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2012-->MsiExec.exe /I{411949AB-6EE8-4C62-9C72-EBC93B6A7935}
AVG 2012-->MsiExec.exe /I{A7836FF5-7293-40A4-B86E-E2038F82E8F3}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
calibre-->MsiExec.exe /I{4EF42AFA-60CB-4745-84FF-C744FF7FAAC4}
Carbonite-->C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Default Tab-->"C:\ProgramData\{A8B5FFA8-79F1-48DF-BEDF-966D494FAE01}\DefaultTab_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Dell Edoc Viewer-->MsiExec.exe /I{3138EAD3-700B-4A10-B617-B3F8096EE30D}
FOX News Live Stream-->msiexec /qb /x {73568F76-7A37-9DB4-73B1-11DCF1A2FC52}
FOX News Live Stream-->MsiExec.exe /I{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\18.0.1025.168\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Desktop\Hijackthis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
hp officejet 6100 series-->MsiExec.exe /X{12BB7942-1E1F-43D9-B441-4668C1629425}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp officejet 6100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Laptop Integrated Webcam Driver (1.03.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM004.uns -plugin OEM04Pin.dll -pluginres OEM04Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mobile Broadband Generic Drivers-->MsiExec.exe /i{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}
Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NetAssistant-->MsiExec.exe /X{1266764D-FC4F-4FA7-B63B-884D53B1680F}
NetAssistant-->MsiExec.exe /X{C792A75A-2A1F-4991-9B85-291745478A79}
Norton PC Checkup-->C:\Program Files\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.17.20\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
ooVoo-->MsiExec.exe /X{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QualXServ Service Agreement-->MsiExec.exe /I{903679E8-44C8-4C07-9600-05C92654FC50}
Quicken 2011-->MsiExec.exe /X{5FE545A1-D215-4216-9189-E7B39C9D1CC1}
QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Extended
Serif Digital Scrapbook Artist-->MsiExec.exe /X{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}
SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\Setup.exe" -runfromtemp -l0x0009 -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
The Weather Channel App-->C:\Program Files\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Extended
Verizon Wireless MiFi-2200 Firmware Updates-->MsiExec.exe /X{06FAFD58-1C21-4C90-A2FC-C9DC5A2A9D09}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VZAccess Manager-->MsiExec.exe /I{7641FD7D-E94E-424E-A95C-0593C84DC0C0}
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yontoo Layers Runtime 1.10.01-->C:\PROGRA~2\TARMAI~1\{889DF~1\Setup.exe /remove /q0

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender

=====Application event log=====

Computer Name: DDHAFE-PC
Event Code: 3013
Message: The entry <C:\USERS\DIANNE\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Windows Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 507
Source Name: Microsoft-Windows-Search
Time Written: 20100331224713.000000-000
Event Type: Error
User:

Computer Name: DDHAFE-PC
Event Code: 3013
Message: The entry <C:\USERS\DIANNE\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Windows Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 506
Source Name: Microsoft-Windows-Search
Time Written: 20100331224713.000000-000
Event Type: Error
User:

Computer Name: DDHAFE-PC
Event Code: 3013
Message: The entry <C:\USERS\DIANNE\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Windows Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 505
Source Name: Microsoft-Windows-Search
Time Written: 20100331224251.000000-000
Event Type: Error
User:

Computer Name: DDHAFE-PC
Event Code: 3013
Message: The entry <C:\USERS\DIANNE\CALIBRE LIBRARY\METADATA.DB-JOURNAL> in the hash map cannot be updated.

Context: Windows Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 504
Source Name: Microsoft-Windows-Search
Time Written: 20100331224250.000000-000
Event Type: Error
User:

Computer Name: DDHAFE-PC
Event Code: 508
Message: Windows (1676) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 2244608 (0x0000000000224000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (231 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Record Number: 463
Source Name: ESENT
Time Written: 20100331180323.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: DDHAFE-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DDHAFE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\System Volume Information\SystemRestore\FRStaging\Users\Dianne\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-344de7a7-n\msvcp71.dll
Handle ID: 0x78

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\wininit.exe

Auditing Settings:
Original Security Descriptor: S:AI
New Security Descriptor: S:ARAI(ML;ID;NW;;;LW)
Record Number: 110577
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110803093051.599792-000
Event Type: Audit Success
User:

Computer Name: DDHAFE-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DDHAFE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\System Volume Information\SystemRestore\FRStaging\Users\Dianne\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-344de7a7-n\msvcp71.dll
Handle ID: 0x78

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\wininit.exe

Auditing Settings:
Original Security Descriptor: S:AI
New Security Descriptor: S:ARAI(ML;ID;NW;;;LW)
Record Number: 110576
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110803093051.594792-000
Event Type: Audit Success
User:

Computer Name: DDHAFE-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DDHAFE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\System Volume Information\SystemRestore\FRStaging\Users\Dianne\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-344de7a7-n\jmc.dll
Handle ID: 0x78

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\wininit.exe

Auditing Settings:
Original Security Descriptor: S:AI
New Security Descriptor: S:ARAI(ML;ID;NW;;;LW)
Record Number: 110575
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110803093051.583792-000
Event Type: Audit Success
User:

Computer Name: DDHAFE-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DDHAFE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\System Volume Information\SystemRestore\FRStaging\Users\Dianne\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-344de7a7-n\jmc.dll
Handle ID: 0x78

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\wininit.exe

Auditing Settings:
Original Security Descriptor: S:AI
New Security Descriptor: S:ARAI(ML;ID;NW;;;LW)
Record Number: 110574
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110803093051.577792-000
Event Type: Audit Success
User:

Computer Name: DDHAFE-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: DDHAFE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\System Volume Information\SystemRestore\FRStaging\Users\Dianne\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-344de7a7-n
Handle ID: 0x1d4

Process Information:
Process ID: 0x30c
Process Name: C:\Windows\System32\wininit.exe

Auditing Settings:
Original Security Descriptor: S:AI
New Security Descriptor: S:ARAI(ML;OICIID;NW;;;LW)
Record Number: 110573
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110803093051.546792-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"DFSTRACINGON"=FALSE
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Calibre2\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Mon May 07, 2012 2:14 am    Post subject: Reply with quote

Hi Diann,
A few things showed up in that scan so we need to run another tool.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Mon May 07, 2012 12:47 pm    Post subject: Reply with quote

ComboFix 12-05-07.02 - Dianne 05/07/2012 14:28:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1008 [GMT -6:00]
Running from: c:\users\Dianne.DDHAFE-PC\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
c:\users\Dianne.DDHAFE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\304t8lks.default\searchplugins\bing-zugo.xml
c:\users\Dianne.DDHAFE-PC\ExtractQHI.exe
c:\users\Dianne\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 20:37 . 2012-05-07 20:37 -------- d-----w- c:\users\Dianne.DDHAFE-PC\AppData\Local\temp
2012-05-06 22:07 . 2012-05-06 22:07 -------- d-----w- C:\rsit
2012-05-06 22:07 . 2012-05-06 22:07 -------- d-----w- c:\program files\trend micro
2012-05-05 19:02 . 2012-05-05 19:02 -------- d-----w- C:\_OTM
2012-05-05 18:43 . 2012-05-05 18:43 -------- d-----w- c:\program files\AVG Secure Search
2012-05-05 06:31 . 2012-05-05 06:31 -------- d-----w- c:\users\Dianne.DDHAFE-PC\AppData\Roaming\AVG2012
2012-05-05 06:30 . 2012-05-05 06:30 -------- d-----w- c:\users\Dianne.DDHAFE-PC\AppData\Local\AVG Secure Search
2012-05-05 06:30 . 2012-05-05 06:30 -------- d-----w- c:\programdata\AVG Secure Search
2012-05-05 06:29 . 2012-05-05 06:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-05-05 06:27 . 2012-05-05 06:47 -------- d-----w- c:\programdata\AVG2012
2012-05-05 05:59 . 2012-05-05 05:59 -------- d-----w- c:\users\Dianne.DDHAFE-PC\AppData\Roaming\SpeedyPC Software
2012-05-05 05:59 . 2012-05-05 06:02 -------- d-----w- c:\programdata\SpeedyPC Software
2012-05-05 05:59 . 2012-05-05 06:02 -------- d-----w- c:\users\Dianne.DDHAFE-PC\speedy pc pro
2012-05-04 23:48 . 2012-05-04 23:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-04 23:48 . 2012-05-04 23:48 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 23:48 . 2012-05-04 23:48 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-04 23:36 . 2012-05-04 23:36 -------- d-----w- C:\found.004
2012-04-22 00:15 . 2012-04-22 00:15 -------- d-----w- C:\found.003
2012-04-20 03:12 . 2012-04-20 03:12 -------- d-----w- C:\found.002
2012-04-20 02:47 . 2012-04-20 02:47 -------- d-----w- C:\_OTL
2012-04-20 02:15 . 2012-04-20 02:15 -------- d-----w- c:\program files\The Weather Channel
2012-04-19 10:50 . 2012-04-19 10:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 03:15 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 03:15 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 00:48 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 02:43 . 2012-03-31 18:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 02:43 . 2011-06-19 00:42 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-19 11:17 . 2012-03-19 11:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-24 16:36 . 2012-04-04 01:39 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-02-22 11:25 . 2012-02-22 11:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-14 15:45 . 2012-03-13 23:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-13 23:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-13 23:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-13 23:08 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-13 23:08 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-05-04 23:48 . 2011-03-30 02:48 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-05 18:43 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-05 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 02:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 02:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 02:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ooVoo.exe"="c:\program files\ooVoo\oovoo.exe" [2012-02-08 22465104]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-04-20 10554880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-16 13793824]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-16 92704]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-16 405504]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-05-05 1116544]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=MC0w&prod=90&ver=10.0.1424" [?]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2011-12-25 1080904]
"InstallShieldSetup"="c:\progra~1\INSTAL~1\{A4622~1\setup.exe" [2007-10-18 117200]
"SymcUniversalUpdater"="c:\program files\Norton PC Checkup\Engine\Updater.exe" [2012-02-01 330168]
"BrandClearStubs"="IEDKCS32.DLL" [2011-05-11 353584]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-04-11 217088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2010-3-31 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\aestsrv.exe [2007-09-20 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 02:43]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 04:04]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-16 04:04]
.
2010-12-25 c:\windows\Tasks\User_Feed_Synchronization-{1FF0654C-994F-4020-9D83-369B8A51180D}.job
- c:\windows\system32\msfeedssync.exe [2011-05-11 03:09]
.
.
------- Supplementary Scan -------
.
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\Dianne.DDHAFE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\304t8lks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8e76efb4-320c-4fc1-8ecd-4f145c2005d0%7D&mid=c945d0c7970c14019ef33ac5acfa640f-9272f5b518f80fc68060c8d23b4a9053f730a61c&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-05%2012%3A43%3A25&sap=ku&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100485
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a008b6ef000000000000001c26e03a27
FF - user.js: extensions.BabylonToolbar_i.hardId - a008b6ef000000000000001c26e03a27
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extentions.y2layers.installId - 2dc97c9d-0bd2-4c59-b1c5-75fc6fa50af1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
Toolbar-10 - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-TaskTray - (no file)
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-PDF Reader - c:\program files\PDFReader\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-07 14:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-07 14:45:34
ComboFix-quarantined-files.txt 2012-05-07 20:45
.
Pre-Run: 197,330,296,832 bytes free
Post-Run: 198,837,387,264 bytes free
.
- - End Of File - - FAF550D3207A6CE07BBBAFBB2788E95A
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Tue May 08, 2012 1:25 am    Post subject: Reply with quote

Hi Diann,
Good work well done, we need to run another fix.
Continue with the instructions below please, once done give me another update on how your computer is running.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code:
    File::
    C:\Windows\tasks\Driver Robot.job
    C:\Windows\tasks\RegPowerClean.job

    Folder::
    C:\found.004
    C:\found.003
    C:\found.002

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [-HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-HKEY_CLASSES_ROOT\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

    Firefox::
    FF - ProfilePath - c:\users\Dianne.DDHAFE-PC\AppData\Roaming\Mozilla\Firefox\Profiles\304t8lks.default\
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100485
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - a008b6ef000000000000001c26e03a27
    FF - user.js: extensions.BabylonToolbar_i.hardId - a008b6ef000000000000001c26e03a27
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:05
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

    AtJob:: 


  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:

    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!

  5. When finished ComboFix will create a log file... you can save this file to a convenient place.

Please copy/paste the ComboFix log file in your next reply.

Logs/Information to Post in your Next Reply
  • ComboFix log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Diann
Junior Member


Joined: 07 Apr 2012
Last Visit: 08 May 2012
Posts: 21
Location: Home

PostPosted: Tue May 08, 2012 5:17 pm    Post subject: Reply with quote

Let me get this right.

I know to disable the AVG and close all windows but then I just drag this box you put below to my desktop and then to the icon I already have for the ComboFix.

Because I did what I just typed and a box came back asking if I was trying to add the CFScript.txt (icon) (the black box you posted) to the Combofix.exe icon and it said it was mispelled and then it did nothing. I copied & pasted so it was spelled the right way. But nothing.
_________________
Diann
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Wed May 09, 2012 1:51 am    Post subject: Reply with quote

Hi Diann,
Im not sure what happened there so we will try this a different way.
We will need to uninstall FireFox so we will backup your Bookmarks first.

Make a Backup of Firefox Bookmarks
  • Please open your FireFox browser.
  • Click the Bookmarks button on the navigation toolbar and select Show All Bookmarks to open the Library window.
  • In the Library window, click the Import and Backup button and then select Backup....
  • In the Bookmarks backup filename window that opens, choose a your Desktop as a location to save the file, which is named bookmarks-"date".json by default.
  • Save the bookmarks json file. The Bookmarks backup filename window will close and you can close the Library window.

Next.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Quote:
Mozilla Firefox.


Next.
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code:

    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [-HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
    [-HKEY_CLASSES_ROOT\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

    :Files
    C:\Windows\tasks\Driver Robot.job
    C:\Windows\tasks\RegPowerClean.job
    C:\found.004
    C:\found.003
    C:\found.002
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [ClearAllRestorePoints]


    • Return to OTM, right-click then paste the code into the blank box below
    • Next click on the large button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
NOTE:[/b] If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Please download and install FireFox from Here

Next.

Restore your Firefox Bookmarks
  • Please open your FireFox browser.
  • Click the Bookmarks button on the navigation toolbar and select Show All Bookmarks to open the Library window.
  • In the Library window, click the Import and Backup button and then select Restore....
  • Choose bookmarks .json file you saved on your Desktop.
  • After choosing a backup, your bookmarks from that file will be restored. Close the Library window.


Logs/Information to Post in your Next Reply
  • OTM log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Fri May 11, 2012 7:05 am    Post subject: Reply with quote

Hi Diann, are you still with me?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 23 Aug 2014
Posts: 4593
Location: Land Of The Leprechauns

PostPosted: Sat May 12, 2012 8:18 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group