Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

How to remove StartPins? [Solved]


  • This topic is locked This topic is locked
19 replies to this topic

#1 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 September 2012 - 07:16 PM

I have an unwanted search engine(startpins) that has sneaked in with another download. I don't know how to remove it! I had tried Malwarebytes, Anvi Smart Defender, and SpyHunter4 nothing is working. Can anyone please tell me how to remove this unwanted search engine? Thankyou!!!

#2 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 24 September 2012 - 07:33 PM

I saw some old post and it says to download DDS and then post the info. Here's my DDS info:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Pisces223 at 20:58:16 on 2012-09-24
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2035.440 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Anvisoft\Cloud System Booster\CSBMini.exe
C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files\Anvisoft\Anvi Smart Defender\ASD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\fhcuser\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [Anvi_CSB] c:\program files\anvisoft\cloud system booster\CSBMini.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C; BRI/2)" -"https://nursingcases...=6;oi24109806#"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start [url="http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwAzADEAMAAwADEANAAyADEALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQANQAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADEAMABCACsAMgA"&"prod=90"&"ver=9.0.872"]http://www.avg.com/ww.special-uninstallati...uot;ver=9.0.872[/url]
StartupFolder: c:\users\fhcuser\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\fhcuser\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://www.yes-chinese.com/zw/smsx.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3CB15AF5-D6C5-487A-9C28-0841164DF72E} : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
R1 asdrm;asdrm;c:\windows\system32\drivers\asdrm.sys [2012-9-23 16208]
R1 MpKsl0550fb8c;MpKsl0550fb8c;c:\programdata\microsoft\microsoft antimalware\definition updates\{0c0912aa-6fff-4988-bd6a-c561ba78b799}\MpKsl0550fb8c.sys [2012-9-24 29904]
R1 MpKslef057310;MpKslef057310;c:\programdata\microsoft\microsoft antimalware\definition updates\{0c0912aa-6fff-4988-bd6a-c561ba78b799}\MpKslef057310.sys [2012-9-24 29904]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\drivers\asdrs.sys [2012-9-23 22864]
R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\drivers\asdws.sys [2012-9-23 14160]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-17 29736]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2009-4-17 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-11 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-4-16 224384]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-7 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-23 40776]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-4-16 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-4-16 280096]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
.
=============== File Associations ===============
.
txtfile=c:\windows\notepad.exe %1
.
=============== Created Last 30 ================
.
2012-09-25 00:28:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c0912aa-6fff-4988-bd6a-c561ba78b799}\MpKsl0550fb8c.sys
2012-09-25 00:18:11 110080 ----a-r- c:\users\fhcuser\appdata\roaming\microsoft\installer\{adafc0b4-fc15-45d9-bab3-bc7a8829d0c4}\IconF7A21AF7.exe
2012-09-25 00:18:11 110080 ----a-r- c:\users\fhcuser\appdata\roaming\microsoft\installer\{adafc0b4-fc15-45d9-bab3-bc7a8829d0c4}\IconD7F16134.exe
2012-09-25 00:18:11 110080 ----a-r- c:\users\fhcuser\appdata\roaming\microsoft\installer\{adafc0b4-fc15-45d9-bab3-bc7a8829d0c4}\IconCF33A0CE.exe
2012-09-25 00:18:03 -------- d-----w- C:\sh4ldr
2012-09-25 00:18:03 -------- d-----w- c:\program files\Enigma Software Group
2012-09-25 00:16:44 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-25 00:16:23 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-09-25 00:06:03 -------- d-----w- c:\users\fhcuser\appdata\local\{004819D5-2C5E-4004-881E-ED5981B4B059}
2012-09-24 16:31:10 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c0912aa-6fff-4988-bd6a-c561ba78b799}\MpKslef057310.sys
2012-09-24 16:31:09 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c0912aa-6fff-4988-bd6a-c561ba78b799}\offreg.dll
2012-09-24 13:38:33 -------- d-----w- c:\users\fhcuser\appdata\local\{45B104C5-B21A-4790-8B29-2B25ED762C81}
2012-09-24 02:59:13 -------- d-----w- c:\users\fhcuser\appdata\roaming\Anvisoft
2012-09-24 02:57:56 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
2012-09-24 02:57:56 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
2012-09-24 02:57:56 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
2012-09-24 02:57:55 -------- d-----w- c:\programdata\Anvisoft
2012-09-24 02:57:43 -------- d-----w- c:\program files\Anvisoft
2012-09-24 02:39:26 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-24 00:15:25 6980552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0c0912aa-6fff-4988-bd6a-c561ba78b799}\mpengine.dll
2012-09-23 15:42:06 -------- d-----w- c:\users\fhcuser\appdata\local\{EAD4B6DA-356E-48D2-90CC-75ACDA445883}
2012-09-22 21:02:05 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-09-22 21:02:05 153088 ----a-w- c:\windows\system32\xvid.ax
2012-09-22 21:02:04 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-09-22 20:58:04 -------- d-----w- c:\users\fhcuser\.bitrock
2012-09-22 20:27:22 -------- d-----w- c:\programdata\BasicScan
2012-09-22 20:27:22 -------- d-----w- c:\program files\BasicScan
2012-09-22 17:44:02 6980552 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-22 17:31:51 -------- d-----w- c:\users\fhcuser\appdata\local\{8DA4A869-4904-464E-BE1D-139B56A11A05}
2012-09-21 13:40:57 -------- d-----w- c:\users\fhcuser\appdata\local\{02315B08-9C62-4BBF-86A1-129773DEF592}
2012-09-20 17:44:39 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 17:42:30 -------- d-----w- c:\program files\iPod
2012-09-20 17:42:24 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-20 17:42:24 -------- d-----w- c:\program files\iTunes
2012-09-20 15:42:48 -------- d-----w- c:\users\fhcuser\appdata\local\{63F41B6D-C045-4490-A5FD-5A19CF57A9E3}
2012-09-19 14:12:48 -------- d-----w- c:\users\fhcuser\appdata\local\{075F5F5F-3384-442C-8B74-B712A0C4E4C5}
2012-09-18 15:10:18 -------- d-----w- c:\users\fhcuser\appdata\local\{6F0C8F1F-5C4D-4A15-855A-376032CC33C6}
2012-09-17 15:25:26 -------- d-----w- c:\users\fhcuser\appdata\local\{3BE9A2F6-224C-408F-9184-E30167EF4FDC}
2012-09-17 03:00:57 -------- d-----w- c:\users\fhcuser\appdata\local\{379D2163-3046-464A-84E1-8963864EF3C7}
2012-09-16 15:00:28 -------- d-----w- c:\users\fhcuser\appdata\local\{955A67D5-149C-48A8-9488-47674297BFFF}
2012-09-15 19:43:16 -------- d-----w- c:\users\fhcuser\appdata\local\{A2033994-0A21-49F6-A4F6-30C47B5A8CC4}
2012-09-15 15:54:22 -------- d-----w- c:\users\fhcuser\appdata\local\{9CB270AE-CE8D-4A72-B001-6A77366F7C22}
2012-09-14 15:58:37 -------- d-----w- c:\users\fhcuser\appdata\local\{E92EBF7A-B925-4FD9-B8FA-33FB5D93477A}
2012-09-11 18:44:43 -------- d-----w- c:\users\fhcuser\appdata\local\{9B8F3026-518E-4DE9-92E4-18D9B10F28D9}
2012-09-11 18:41:39 -------- d-----w- c:\users\fhcuser\appdata\local\{A910F6A1-AB76-4B15-B83E-5369CED3FCF5}
2012-09-09 15:42:21 -------- d-----w- c:\users\fhcuser\appdata\local\{3A60DA9E-ADEA-4B00-BA8E-FE1446768608}
2012-09-08 16:47:57 -------- d-----w- c:\users\fhcuser\appdata\local\{45F89EF0-DD8E-4339-BBBD-0F7EC8CC579E}
2012-09-08 01:36:30 -------- d-----w- c:\users\fhcuser\appdata\local\{BF5F90C8-77B6-4D42-9CD9-38B26B059EDC}
2012-09-07 13:36:18 -------- d-----w- c:\users\fhcuser\appdata\local\{ABC9EFAE-7FB2-4338-BB0C-4844354E4C3E}
2012-09-06 14:52:59 -------- d-----w- c:\users\fhcuser\appdata\local\{8523C6F6-FF5A-49C1-A24A-9A1124C01599}
2012-09-05 18:09:13 -------- d-----w- c:\users\fhcuser\appdata\local\{BA822DEE-58B2-43A7-A0AA-748AEA5B1204}
2012-09-04 16:26:11 -------- d-----w- c:\users\fhcuser\appdata\local\{E3E0AF34-3155-46A7-9405-C0073346C6DE}
2012-09-03 16:58:25 -------- d-----w- c:\users\fhcuser\appdata\local\{06DDAC56-81A3-4A6D-952D-A29A4C188A4B}
2012-09-01 19:32:34 -------- d-----w- c:\users\fhcuser\appdata\local\{16E07474-6BCF-4F34-9CDE-25A4D6CA7D8B}
2012-09-01 02:36:23 -------- d-----w- c:\users\fhcuser\appdata\local\{BDE871B0-4FF8-460E-8133-C515C0460194}
2012-09-01 01:10:07 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-31 14:36:10 -------- d-----w- c:\users\fhcuser\appdata\local\{10440400-2E2F-49B2-9AB1-451C2C1A1B8F}
2012-08-31 02:33:08 -------- d-----w- c:\users\fhcuser\appdata\local\{2A4C768A-5104-4178-AC91-A09C82E26FA4}
2012-08-30 14:32:39 -------- d-----w- c:\users\fhcuser\appdata\local\{E86DCDC5-8908-4459-80A9-AB055C2FA739}
2012-08-30 02:12:56 -------- d-----w- c:\users\fhcuser\appdata\local\{794AB9DB-638A-456F-9C29-9F26D672A8D1}
2012-08-29 14:12:31 -------- d-----w- c:\users\fhcuser\appdata\local\{F173730F-F7E3-4757-B88D-DCD0ECE19A62}
2012-08-28 20:51:39 -------- d-----w- c:\users\fhcuser\appdata\local\{5EDD0EDD-DB11-46EB-BAA4-E80C849DD568}
2012-08-27 15:22:44 -------- d-----w- c:\users\fhcuser\appdata\local\{54EBBE6F-9181-4F00-AB1D-A5491091A4CA}
2012-08-26 17:13:09 -------- d-----w- c:\users\fhcuser\appdata\local\{6B51ED8E-B007-4544-AF17-DE4BA0552F18}
.
==================== Find3M ====================
.
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 01:09:37 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 01:09:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 20:54:29 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 20:54:28 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
c:\windows\system32\drivers\iastorv.sys Intel Corporation Intel Matrix Storage Manager driver (base)
1 ntkrnlpa!IofCallDriver[0x82050936] -> \Device\Harddisk0\DR0[0x85C16968]
3 CLASSPNP[0x881AC8B3] -> ntkrnlpa!IofCallDriver[0x82050936] -> \Device\Ide\IAAStorageDevice-1[0x8521A030]
kernel: MBR read successfully
_asm { JMP 0x1c; }
user != kernel MBR !!!
.
============= FINISH: 21:03:29.77 ===============

And the Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 4/17/2009 12:51:25 AM
System Uptime: 9/24/2012 8:02:34 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0G868N
Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 800/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 90.895 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
???? 3.5.0
??QQ2011
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Connect Add-in
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
All-Time Best Recipes 21.5
Amazon Kindle
Ambient Light Sensor
Angel Secure Browser
Anvi Smart Defender 1.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bing Bar
BioAPI Framework
Bonjour
Broadcom USH Host Components
Brownstone Equation Editor 5
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CDBurnerXP
Chinese Simplified Fonts Support For Adobe Reader X
Chinese Traditional Fonts Support For Adobe Reader X
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client - Web Only
Cloud System Booster
Coupon Printer for Windows
D3DX10
Dell Security Device Driver Pack
Dell Touchpad
Dell Wireless WLAN Card Utility
Download Updater (AOL LLC)
Dropbox
Elsevier Pageburst
Evolve Reach RN Studyware
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Deskjet 3050 J610 series Product Improvement Study
HP Photo Creations
HP Update
HPDiagnosticCoreDll
IDT Audio
InstallMgr
Integrated Webcam Driver (1.06.03.0309)
Intel® Network Connections Drivers
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 15
JavaFX 2.1.1
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCLEX Tutorial
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
ooVoo
PlayMemories Home
PowerDVD DX
QQ?? 2012
QQ????1.0 Beta3
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.0
Saunders NCLEX-RN4e
Saxton Comp Review 19e
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Segoe UI
Sony USB Driver
SpyHunter
Tutor
Tutor 6
UltraVNC 1.0.5.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VCE 3.0 - Obstetric Patient Set
VLC media player 1.1.4
WIDCOMM Bluetooth Software 6.2.0.6600
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/24/2012 8:39:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.137.347.0).
9/24/2012 8:30:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.284.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80070643 Error description: Fatal error during installation.
9/24/2012 8:03:26 PM, Error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The system cannot find the file specified.
9/23/2012 7:56:44 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Broadcom Corp Contacted SmartCard 0' rejected IOCTL GET_STATE: The device has been removed.
9/23/2012 7:56:32 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
9/23/2012 11:40:16 AM, Error: EventLog [6008] - The previous system shutdown at 10:25:22 PM on 9/22/2012 was unexpected.
9/23/2012 11:33:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.284.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/23/2012 11:33:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.284.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
9/21/2012 9:41:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
9/21/2012 9:41:03 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/21/2012 9:41:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
9/21/2012 8:23:25 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user NUDB3F-LISLIQ\Pisces223 SID (S-1-5-21-1920104009-661548430-2577745447-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
9/20/2012 1:37:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
9/20/2012 1:36:38 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/20/2012 1:35:59 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/19/2012 10:03:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
9/19/2012 10:03:44 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2012 10:01:23 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
9/19/2012 10:01:23 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 00242B8BAA43 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/18/2012 11:08:19 AM, Error: EventLog [6008] - The previous system shutdown at 3:56:24 PM on 9/17/2012 was unexpected.
.
==== End Of File ===========================

Then is says to download aswMBR and then save the logfile, here's the logfile:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 21:18:02
-----------------------------
21:18:02.597 OS Version: Windows 6.0.6002 Service Pack 2
21:18:02.597 Number of processors: 2 586 0x170A
21:18:02.638 ComputerName: NUDB3F-LISLIQ UserName: Pisces223
21:18:12.867 Initialize success
21:18:41.534 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:18:41.539 Disk 0 Vendor: Size: 0MB BusType: 0
21:18:41.565 Disk 0 MBR read successfully
21:18:41.570 Disk 0 MBR scan
21:18:41.575 Disk 0 unknown MBR code
21:18:41.581 Disk 0 MBR hidden
21:18:41.602 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:18:41.642 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152586 MB offset 80325
21:18:41.734 Disk 0 scanning C:\Windows\system32\drivers
21:19:08.991 Service scanning
21:20:00.908 Service MpKsl0550fb8c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C0912AA-6FFF-4988-BD6A-C561BA78B799}\MpKsl0550fb8c.sys **LOCKED** 32
21:21:04.626 Modules scanning
21:21:59.238 Disk 0 trace - called modules:
21:21:59.287 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
21:21:59.304 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c16968]
21:21:59.329 3 CLASSPNP.SYS[881ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8521a030]
21:21:59.350 Scan finished successfully
21:25:07.210 Disk 0 MBR has been saved successfully to "C:\Users\FHCUser\Desktop\MBR.dat"
21:25:07.659 The log file has been saved successfully to "C:\Users\FHCUser\Desktop\aswMBR.txt"


Please can anyone help me to remove this unwanted search engine called StartPins?!!! Thankyou so much!!!


#3 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 25 September 2012 - 08:44 AM

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


Having said that....Let's get going!! :thumbup:
----------

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.


#4 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 26 September 2012 - 10:52 AM

Hi Jeff! Thankyou for helping me! I did what you told me to do and here's the C:\ComboFix.txt :

ComboFix 12-09-26.01 - Pisces223 09/26/2012 11:55:51.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2035.691 [GMT -4:00]
Running from: c:\users\FHCUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTT8NYVB\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BasicScan
c:\program files\BasicScan\uninstall.exe
c:\program files\Common Files\Tencent\Paycenter
c:\program files\Common Files\Tencent\Paycenter\qqcert.dll
c:\program files\Common Files\Tencent\Paycenter\qqedit.dll
c:\programdata\440ec7cfcbdc0e2d45cf67b054d59bd6_c
c:\programdata\BasicScan
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 16:11 . 2012-09-26 16:11 -------- d-----w- c:\users\FHCUser\AppData\Local\temp
2012-09-26 16:11 . 2012-09-26 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 15:47 . 2012-09-26 15:47 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD73100C-1416-4F2C-8E1F-48B2D5CCDB0E}\MpKsl60ca50a6.sys
2012-09-25 14:48 . 2012-09-25 14:48 -------- d-----w- c:\users\FHCUser\AppData\Local\MFAData
2012-09-25 00:18 . 2012-09-25 00:18 -------- d-----w- c:\program files\Enigma Software Group
2012-09-25 00:16 . 2012-09-25 02:09 -------- d-----w- c:\windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP
2012-09-25 00:16 . 2012-09-25 00:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-09-24 03:02 . 2012-09-24 03:02 -------- d-----w- c:\users\Public\Anvisoft
2012-09-24 02:59 . 2012-09-25 02:08 -------- d-----w- c:\users\FHCUser\AppData\Roaming\Anvisoft
2012-09-24 02:57 . 2012-09-24 02:57 -------- d-----w- c:\programdata\Anvisoft
2012-09-24 00:15 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-22 21:02 . 2011-05-23 09:52 153088 ----a-w- c:\windows\system32\xvid.ax
2012-09-22 21:02 . 2011-05-23 07:46 645632 ----a-w- c:\windows\system32\xvidcore.dll
2012-09-22 21:02 . 2011-05-30 13:42 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2012-09-22 20:58 . 2012-09-22 20:58 -------- d-----w- c:\users\FHCUser\.bitrock
2012-09-20 17:44 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 17:42 . 2012-09-20 17:42 -------- d-----w- c:\program files\iPod
2012-09-20 17:42 . 2012-09-20 17:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-20 17:42 . 2012-09-20 17:44 -------- d-----w- c:\program files\iTunes
2012-09-17 22:58 . 2012-09-17 22:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 09:34 . 2012-09-14 09:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 15:47 . 2012-09-12 15:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 15:47 . 2012-09-12 15:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-01 01:10 . 2012-09-01 01:10 -------- d-----w- c:\program files\Common Files\Java
2012-09-01 01:10 . 2012-09-01 01:09 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 21:04 . 2011-02-08 03:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 01:09 . 2012-07-27 03:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 01:09 . 2012-07-27 03:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 20:54 . 2012-04-05 02:45 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 20:54 . 2011-05-23 15:30 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 17:01 . 2011-03-17 17:20 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-13 20:40 . 2012-08-13 20:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 08:52 . 2012-08-10 08:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 08:52 . 2012-08-10 08:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 17:56 . 2012-08-09 17:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-04 14:02 . 2012-08-15 03:16 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-25 15:00 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-25 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\FHCUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\FHCUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\FHCUser\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-25 947808]
"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-25 856160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [url="http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwAzADEAMAAwADEANAAyADEALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AWABMACsAMQAtAFQANQAtAEYAUAA5ACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADEAMABCACsAMgA&prod=90&ver=9.0.872""]http://www.avg.com/ww.special-uninstallati...r=9.0.872"[/url] [?]
.
c:\users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-12-21 16:48 200704 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-01-20 19:36 3563520 ----a-w- c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-02-21 15:57 136176 ----atw- c:\users\FHCUser\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 06:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 21:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 18:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-16 15:27 13793824 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-16 15:27 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-11 03:59 1657376 ----a-w- c:\windows\System32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-05-18 13:25 22631608 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-04-02 21:33 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2012-04-22 13:58 724536 ----a-w- c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-02-23 15:08 483420 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1920104009-661548430-2577745447-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\aestsrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSHX
*NewlyCreated* - MPKSL60CA50A6
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 20:54]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000Core.job
- c:\users\FHCUser\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 15:57]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000UA.job
- c:\users\FHCUser\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-21 15:57]
.
2012-09-25 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-08-09 20:53]
.
2012-09-04 c:\windows\Tasks\hpwebreg_CN19G410M305HX.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-11-17 01:16]
.
2012-05-14 c:\windows\Tasks\User_Feed_Synchronization-{63845E0A-F6BC-4C8C-BCCA-F5876682FD59}.job
- c:\windows\system32\msfeedssync.exe [2012-05-12 17:37]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Xvid - c:\program files\Xvid\CheckUpdate.exe
HKCU-Run-Anvi_CSB - c:\program files\Anvisoft\Cloud System Booster\CSBMini.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-PPAP - c:\program files\Common Files\PPLiveNetwork\PPAP.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-26 12:11
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-09-26 12:17:07
ComboFix-quarantined-files.txt 2012-09-26 16:17
.
Pre-Run: 103,054,282,752 bytes free
Post-Run: 103,456,358,400 bytes free
.
- - End Of File - - CD24557A23C35E45E5D6F82911DDE763


After my friend went to an website watching a video and she downloaded Xvid that's when I got the "StartPins" on my search engine and it drives me nuts when I wanted google to be my main search engine. I don't know is that a virus or not but I wanted it to be remove! Thankyou so much!

#5 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 26 September 2012 - 11:54 AM

Hi, What browsers are you noticing this happening in?

#6 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 26 September 2012 - 01:48 PM

I only have Internet Explorer and Google Chrome. It only happens on Internet Explorer.

#7 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 26 September 2012 - 04:19 PM

Hi,

I notice that you have both AVG and Microsoft Security Essentials running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either AVG or Microsoft Security Essentials (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.
----------

OTL
  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
----------

#8 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 26 September 2012 - 05:43 PM

Hi Jeff! I did what you told me to uninstall one of the antivirus. Here's the stuff you want me to paste:

OTL logfile created on: 9/26/2012 7:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\FHCUser\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.58% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 96.99 Gb Free Space | 65.09% Space Free | Partition Type: NTFS

Computer Name: NUDB3F-LISLIQ | User Name: Pisces223 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\FHCUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TSUSVC) -- C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe (Tencent)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\Users\FHCUser\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/http://facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 07 27 59 B5 43 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....mp;d=2012-09-25 11:00:23&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9E209B9C-5F98-472A-A916-CADEAF123220}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/29 22:49:14 | 000,000,000 | ---D | M]

[2012/09/23 22:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/22 18:10:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - homepage: http://learn.fhchs.edu/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://learn.fhchs.edu/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Default = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Poppit = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: AVG Secure Search = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

O1 HOSTS File: ([2012/09/26 12:11:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB15AF5-D6C5-487A-9C28-0841164DF72E}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 19:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\FHCUser\Desktop\OTL.exe
[2012/09/26 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\Avg2013
[2012/09/26 12:17:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/26 12:17:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/26 12:17:10 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\temp
[2012/09/26 11:52:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/26 11:52:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/26 11:52:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/26 11:52:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/26 11:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/26 11:45:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/26 11:36:11 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{9EC2D76D-9D55-484A-B11C-3832979FFFD7}
[2012/09/25 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Roaming\TuneUp Software
[2012/09/25 10:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/25 10:48:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/25 10:48:07 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\MFAData
[2012/09/25 10:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/25 10:39:08 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{C66FEC18-F4F9-4346-85A0-54F77B76C511}
[2012/09/24 20:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/24 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/24 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{004819D5-2C5E-4004-881E-ED5981B4B059}
[2012/09/24 09:38:33 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{45B104C5-B21A-4790-8B29-2B25ED762C81}
[2012/09/23 22:59:13 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Roaming\Anvisoft
[2012/09/23 22:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/09/23 22:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/09/23 11:42:06 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{EAD4B6DA-356E-48D2-90CC-75ACDA445883}
[2012/09/22 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\.bitrock
[2012/09/22 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{8DA4A869-4904-464E-BE1D-139B56A11A05}
[2012/09/21 09:40:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{02315B08-9C62-4BBF-86A1-129773DEF592}
[2012/09/20 13:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 13:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/20 13:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/20 13:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/20 11:42:48 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{63F41B6D-C045-4490-A5FD-5A19CF57A9E3}
[2012/09/19 10:12:48 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{075F5F5F-3384-442C-8B74-B712A0C4E4C5}
[2012/09/18 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{6F0C8F1F-5C4D-4A15-855A-376032CC33C6}
[2012/09/17 11:25:26 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{3BE9A2F6-224C-408F-9184-E30167EF4FDC}
[2012/09/16 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{379D2163-3046-464A-84E1-8963864EF3C7}
[2012/09/16 11:00:28 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{955A67D5-149C-48A8-9488-47674297BFFF}
[2012/09/15 15:43:16 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{A2033994-0A21-49F6-A4F6-30C47B5A8CC4}
[2012/09/15 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{9CB270AE-CE8D-4A72-B001-6A77366F7C22}
[2012/09/14 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{E92EBF7A-B925-4FD9-B8FA-33FB5D93477A}
[2012/09/11 14:44:43 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{9B8F3026-518E-4DE9-92E4-18D9B10F28D9}
[2012/09/11 14:41:39 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{A910F6A1-AB76-4B15-B83E-5369CED3FCF5}
[2012/09/09 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{3A60DA9E-ADEA-4B00-BA8E-FE1446768608}
[2012/09/08 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{45F89EF0-DD8E-4339-BBBD-0F7EC8CC579E}
[2012/09/07 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{BF5F90C8-77B6-4D42-9CD9-38B26B059EDC}
[2012/09/07 09:36:18 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{ABC9EFAE-7FB2-4338-BB0C-4844354E4C3E}
[2012/09/06 10:52:59 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{8523C6F6-FF5A-49C1-A24A-9A1124C01599}
[2012/09/05 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{BA822DEE-58B2-43A7-A0AA-748AEA5B1204}
[2012/09/04 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{E3E0AF34-3155-46A7-9405-C0073346C6DE}
[2012/09/03 12:58:25 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{06DDAC56-81A3-4A6D-952D-A29A4C188A4B}
[2012/09/01 15:32:34 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{16E07474-6BCF-4F34-9CDE-25A4D6CA7D8B}
[2012/08/31 22:36:23 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{BDE871B0-4FF8-460E-8133-C515C0460194}
[2012/08/31 21:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/31 10:36:10 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{10440400-2E2F-49B2-9AB1-451C2C1A1B8F}
[2012/08/30 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{2A4C768A-5104-4178-AC91-A09C82E26FA4}
[2012/08/30 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{E86DCDC5-8908-4459-80A9-AB055C2FA739}
[2012/08/29 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{794AB9DB-638A-456F-9C29-9F26D672A8D1}
[2012/08/29 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{F173730F-F7E3-4757-B88D-DCD0ECE19A62}
[2012/08/28 16:51:39 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{5EDD0EDD-DB11-46EB-BAA4-E80C849DD568}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FHCUser\Desktop\*.tmp files -> C:\Users\FHCUser\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/26 19:21:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/26 19:19:04 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/09/26 19:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FHCUser\Desktop\OTL.exe
[2012/09/26 19:09:42 | 000,065,131 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/26 19:09:41 | 000,065,131 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/26 19:08:48 | 000,609,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/26 19:08:48 | 000,106,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/26 19:03:37 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/26 19:03:36 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/26 19:03:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/26 19:02:34 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/26 16:27:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000UA.job
[2012/09/26 13:41:21 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\ReachTest .lnk
[2012/09/26 12:27:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000Core.job
[2012/09/26 12:11:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/24 21:25:07 | 000,000,512 | ---- | M] () -- C:\Users\FHCUser\Desktop\MBR.dat
[2012/09/23 23:11:50 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 16:38:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 13:44:43 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/09 21:24:00 | 000,055,296 | ---- | M] () -- C:\Users\FHCUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/09 16:59:22 | 050,328,581 | ---- | M] () -- C:\Users\FHCUser\Desktop\Kaplan Free Practice Test Event.mp3
[2012/09/09 16:41:05 | 004,563,102 | ---- | M] () -- C:\Users\FHCUser\Desktop\NCLEX-Practice-Test-Explanations.pdf
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/04 18:28:38 | 000,002,052 | ---- | M] () -- C:\Users\FHCUser\Desktop\Google Chrome.lnk
[2012/09/04 18:28:38 | 000,002,014 | ---- | M] () -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/04 15:07:07 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN19G410M305HX.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\FHCUser\Desktop\*.tmp files -> C:\Users\FHCUser\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/26 11:52:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/26 11:52:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/26 11:52:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/26 11:52:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/26 11:52:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 21:25:07 | 000,000,512 | ---- | C] () -- C:\Users\FHCUser\Desktop\MBR.dat
[2012/09/22 17:02:05 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/09/22 17:02:05 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012/09/22 17:02:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/09/20 13:44:43 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/09 16:45:44 | 050,328,581 | ---- | C] () -- C:\Users\FHCUser\Desktop\Kaplan Free Practice Test Event.mp3
[2012/09/09 16:40:58 | 004,563,102 | ---- | C] () -- C:\Users\FHCUser\Desktop\NCLEX-Practice-Test-Explanations.pdf
[2012/08/05 14:05:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/11 16:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\LiveUpdate.INI
[2012/05/25 16:31:58 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2011/11/17 15:38:07 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/30 20:13:07 | 000,055,296 | ---- | C] () -- C:\Users\FHCUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 00:12:16 | 005,716,952 | ---- | C] () -- C:\Users\FHCUser\AppData\Local\Windows6.0-KB942567-x86.msu
[2009/04/16 23:57:21 | 000,065,131 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/16 23:13:48 | 000,065,131 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/16 21:55:18 | 000,000,680 | ---- | C] () -- C:\Users\FHCUser\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/24 15:44:27 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\acccore
[2012/09/24 22:08:45 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Anvisoft
[2009/04/16 23:54:11 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Canneverbe_Limited
[2012/06/19 21:27:06 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Canon
[2012/06/22 18:10:27 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Catalina Marketing Corp
[2012/09/26 19:10:57 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Dropbox
[2009/09/21 13:12:58 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\ICAClient
[2011/04/01 12:39:50 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\ooVoo Details
[2012/06/22 20:19:25 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\OpenCandy
[2012/06/19 21:56:04 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\QQMusicUpdate
[2012/05/16 23:40:20 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Tencent
[2012/09/25 11:00:57 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\TuneUp Software
[2010/08/02 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Tutor
[2012/08/09 16:53:51 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Visan
[2009/05/23 00:45:03 | 000,000,000 | ---D | M] -- C:\Users\FHCUser\AppData\Roaming\Windows SideBar

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 22:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/20 22:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 22:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 22:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/20 22:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 22:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Files - Unicode (All) ==========
[2012/09/24 09:41:47 | 000,000,000 | ---D | M](C:\Users\FHCUser\Desktop\?? - ???) -- C:\Users\FHCUser\Desktop\爸爸 - 工程單
[2012/09/07 23:00:25 | 000,000,000 | ---D | M](C:\Users\FHCUser\Desktop\????? (3)) -- C:\Users\FHCUser\Desktop\新建文件夹 (3)
[2012/09/07 22:43:53 | 000,000,000 | ---D | C](C:\Users\FHCUser\Desktop\????? (3)) -- C:\Users\FHCUser\Desktop\新建文件夹 (3)
[2012/08/11 18:26:23 | 000,000,888 | ---- | M] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk
[2012/08/11 18:26:23 | 000,000,864 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2012/08/08 13:25:52 | 000,000,000 | ---D | C](C:\Users\FHCUser\Desktop\?? - ???) -- C:\Users\FHCUser\Desktop\爸爸 - 工程單
[2012/06/23 14:02:28 | 000,000,956 | ---- | M] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2012/06/23 14:02:28 | 000,000,956 | ---- | C] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2012/06/23 14:02:28 | 000,000,932 | ---- | M] ()(C:\Users\Public\Desktop\QQ??.lnk) -- C:\Users\Public\Desktop\QQ音乐.lnk
[2012/06/23 14:02:28 | 000,000,932 | ---- | C] ()(C:\Users\Public\Desktop\QQ??.lnk) -- C:\Users\Public\Desktop\QQ音乐.lnk
[2012/06/01 15:00:15 | 000,000,000 | ---D | M](C:\Users\FHCUser\Documents\????) -- C:\Users\FHCUser\Documents\美图图库
[2012/06/01 15:00:15 | 000,000,000 | ---D | C](C:\Users\FHCUser\Documents\????) -- C:\Users\FHCUser\Documents\美图图库
[2012/06/01 14:59:39 | 000,000,888 | ---- | C] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk
[2012/06/01 14:59:39 | 000,000,864 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2010/09/07 08:09:36 | 000,002,040 | ---- | M] ()(C:\Users\FHCUser\Desktop\??QQ2010.lnk) -- C:\Users\FHCUser\Desktop\腾讯QQ2010.lnk
[2010/09/07 08:09:36 | 000,002,040 | ---- | C] ()(C:\Users\FHCUser\Desktop\??QQ2010.lnk) -- C:\Users\FHCUser\Desktop\腾讯QQ2010.lnk
[2009/12/18 23:48:03 | 000,016,872 | ---- | M] ()(C:\Users\FHCUser\Documents\????.docx) -- C:\Users\FHCUser\Documents\工作項目.docx
[2009/12/18 15:48:48 | 000,000,162 | -H-- | M] ()(C:\Users\FHCUser\Documents\~$????.docx) -- C:\Users\FHCUser\Documents\~$工作項目.docx
[2009/12/18 15:48:48 | 000,000,162 | -H-- | C] ()(C:\Users\FHCUser\Documents\~$????.docx) -- C:\Users\FHCUser\Documents\~$工作項目.docx
[2009/12/18 15:48:47 | 000,016,872 | ---- | C] ()(C:\Users\FHCUser\Documents\????.docx) -- C:\Users\FHCUser\Documents\工作項目.docx
(C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美图
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\美图

< End of report >


The other one Extras.Txt:


OTL Extras logfile created on: 9/26/2012 7:14:24 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\FHCUser\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.58% Memory free
4.21 Gb Paging File | 3.26 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 96.99 Gb Free Space | 65.09% Space Free | Partition Type: NTFS

Computer Name: NUDB3F-LISLIQ | User Name: Pisces223 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [QQMusic.1.Play] -- "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /play "%1" (Tencent)
Directory [QQMusic.2.Add] -- "C:\Program Files\Tencent\QQMusic\QQMusic.exe" /add "%1" (Tencent)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1920104009-661548430-2577745447-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Meitu\KanKan\KanKan.exe" = C:\Program Files\Meitu\KanKan\KanKan.exe:*:Enabled:KanKan


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C99DD5-16A5-402B-A913-3BDE37950C48}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{111EB3CD-6CD4-472A-B6DE-E42E4F75A740}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15D776B6-A77E-4C74-BC01-84B2A0AF7019}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3606190B-C887-4125-A9C7-A87655797378}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3969A8E8-29ED-49AC-A488-4EF912773291}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40B9AB1B-CDF3-4F24-B02F-154830BF4A6A}" = lport=5800 | protocol=6 | dir=in | name=vnc5800 |
"{68115C0A-1ABA-47CB-B86A-A54783C85529}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71F28091-4C5D-49E6-8EA2-9A9CEC865071}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{762ED397-E820-4187-A2B4-6F25D4C32E45}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{7DB31487-91B0-4CE8-A998-5EBF04A471E9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{81963E3D-875A-4233-95C2-2DC7884C0313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8FEA2D4C-5124-4031-BE7B-1BD2C8877ECD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{948C6F00-4F7C-48A0-92B9-33011426EF56}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{9FF2D52B-B532-429F-A9EC-B106805878CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A0A9E4F1-9E4C-4D8D-A75A-6DEB5EE2FC4B}" = lport=5900 | protocol=6 | dir=in | name=vnc5900 |
"{A3ADA5B0-1F30-4DC3-86C6-2462FE1D9CCF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A3F6AF0C-A270-4B80-A767-09B19F84F5C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA63A6CC-5810-47D6-9192-A4B0BD17BF65}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE881834-9300-491F-87A0-B789C5DF7936}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BE9FA445-DFF8-47D7-B753-8A063007A97E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5AC8205-BBB2-4643-8C38-D310EE0B68D4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C9103601-6622-45FA-8606-60523FB4C80F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E20EB694-F342-4CDD-821B-26618E5EE080}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4EAFF84-28FC-4616-AB7F-0B2E6EDC4A7C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E68868C5-B7AA-4415-A3D0-860F5D58476E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E743B2A1-AE7C-4C5A-9BA9-33332EE66B7E}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{ECE27C87-D132-4640-9CA8-67D30F800269}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{EE2B35B4-20BF-45DF-9A13-035FBF997088}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA6A68DB-1668-49BC-8EC1-DE9646A65083}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B3E0CB7-BBB1-428E-A411-CF5657ACB30F}" = protocol=17 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgrupdater.exe |
"{1770B928-337E-435C-BAA1-E2B77834D36B}" = protocol=17 | dir=in | app=c:\program files\common files\tencent\qqdownload\107\tencentdl.exe |
"{18035A8F-4F5E-44DD-9BE2-C982502AF6FB}" = protocol=6 | dir=in | app=c:\program files\common files\tencent\qqdownload\107\tencentdl.exe |
"{1BE42327-A035-494F-96D2-0C122F1E4DF7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D57EDD3-ADD5-4C0A-93A6-DA93F149CE09}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{2241EF1E-5A0E-4177-8511-93144044BA78}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{240A4597-F86B-4257-AA70-C59EE862581F}" = protocol=17 | dir=in | app=c:\users\fhcuser\appdata\roaming\dropbox\bin\dropbox.exe |
"{24800AE4-8503-47AB-831F-05E4D940F3DE}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{26ABCF3D-B5C3-42D5-94CD-A614CE224843}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2CA5BC66-1FFA-46EE-8D47-A5997BCBCD71}" = protocol=6 | dir=in | app=c:\users\fhcuser\appdata\local\temp\7zs48c9\hpdiagnosticcoreui.exe |
"{2CB82BF3-83E6-4DE2-B03F-6BF0FE526E99}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"{2E6CE52C-6CC3-47B4-BE3D-D25E37C9244B}" = protocol=17 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgr.exe |
"{3052A0D6-F60F-4DE6-B6F1-A19FBDAAC5C3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{37DEA49F-728A-42D9-8A8D-169FEBDEB0EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{38503BC2-CF20-4364-B24F-74F03EC57F5F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3A868E65-B915-4676-BC8A-54F5AAFDDA01}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"{42AA8548-9FF2-4FE9-B199-62A27A5F0273}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{5186EB86-7252-4C11-9011-F05D0E70CC4E}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{524B86D1-D99A-4E8A-98BE-6161533A7E5F}" = protocol=6 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgrupdater.exe |
"{54F9F3E2-EEA2-4B72-A378-3DB8A0DB3B0E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{5F3645A5-0C0D-47D1-967A-640BE416A23B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{611A9EA4-1119-488F-9005-ACFCF46232B3}" = protocol=6 | dir=in | app=c:\users\fhcuser\appdata\local\temp\qqpcdetector.exe |
"{63B7637C-C43A-4477-BE7B-8E48A14D9396}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64F2E0AA-5B3E-44BA-895C-4FC593394919}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{67E75E68-98FF-4504-855B-0B179C91E8FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69406167-92E7-4880-BCED-A1B23C638EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{69F98496-44F4-42A9-8AD6-1F246C1559DB}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{6CAE39F3-0660-4194-9D99-1497E2D7B785}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{723E20C8-8C92-4837-A780-900BFF1C147F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{756D13ED-5F0B-4A5F-9B88-2AA9C9BB1BAA}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{75C50F1B-2D9D-4DD2-84BD-E1248C0C0F2A}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qzonemusic.exe |
"{7A4CEF4A-A936-4820-B105-965F2BB14A4B}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{7C4BE7A2-33B3-462D-A8D5-68B89DB19C8D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{7D2B3445-7987-4447-A37E-B752BC29B02A}" = protocol=6 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\tencentupdatesvc.exe |
"{7E6DCBDE-CFAA-4B64-B393-1976A0C3472F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{83B220D7-7868-4B6E-8E0A-2EE530301AF2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89C63BA1-F042-435C-98D6-3317C9F1E034}" = protocol=6 | dir=in | app=c:\users\fhcuser\appdata\roaming\dropbox\bin\dropbox.exe |
"{8B288439-517B-4871-A200-6B7E3B7BD210}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{8B56AB63-D15D-41BB-A522-42FC065DCE5F}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{A0289B2E-62B1-4FB5-B8F0-CAAA306EB255}" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"{A22E0928-4D64-488D-AED5-40B601F0FEFE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5D13B8B-C415-469F-849E-148A621264FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA5A045D-D8AF-4690-BCCB-AA4CF63449E9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{AB4C4C69-1E39-430B-B995-DD4408EE85B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEC15B6E-C99C-4A84-AB2E-CE70466BD21E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6159BB8-9CE4-4910-860D-F1089EB474D8}" = protocol=17 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B6B0C85F-3750-4886-9C6B-DFC6596CE574}" = protocol=6 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\qqsoftmgr.exe |
"{BF9F505F-D3EB-4501-A4E9-CA95ECCF79A4}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{C5F28A36-E1A2-4206-89A9-5DAEDCFC5246}" = protocol=17 | dir=in | app=c:\users\fhcuser\appdata\local\temp\qqpcdetector.exe |
"{D11FD975-62EA-4F96-BDDF-86F102713B46}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{D325F74B-6EBD-49FE-98A3-E927C0992378}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{D4A31A9C-17B2-43A1-8D25-B36527D0E459}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"{D8A2E5B6-90E3-4E8A-830F-A5D08B77A4F4}" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"{DBC7E946-14E8-4703-A67F-759D9C961F5C}" = protocol=17 | dir=in | app=c:\users\fhcuser\appdata\local\temp\7zs48c9\hpdiagnosticcoreui.exe |
"{E0230007-3C1B-4A4B-86FF-2986476ADE92}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E23D28E5-61B3-4EAE-A99B-F9BEAAAC3F11}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{E3CE2C4B-844F-4F34-A026-728E37CFEC83}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{E5CBF475-32C4-441A-AAEA-E71FCF4DE235}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicie.exe |
"{E6306A0E-9FDE-4934-B19C-32432CC27E01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E683B2DA-150C-493A-BB8E-E77F49A5FA35}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{E6B6F007-3C2E-4D4C-9624-029E100C3C3D}" = protocol=6 | dir=out | app=system |
"{E7C867E4-6E8C-4BB4-8147-AFFCB2D0C142}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicupdate.exe |
"{EA4F734A-10D3-4464-9B64-E3329B6BF0D0}" = protocol=6 | dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EB8E5B1D-81A7-4C17-86B4-E870C7D082DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ECB65137-7E17-453E-B7AE-4C26BCBA60E7}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EE910D1F-CEFE-4253-ABB9-49EE3831CB1C}" = protocol=17 | dir=in | app=c:\program files\tencent\qqsoftmgr\1.0.375.203\tencentupdatesvc.exe |
"{F036A9A9-1445-4928-B81D-F8C50D1374CA}" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicie.exe |
"{F50FF988-1AF8-455A-BB19-919CA0C62D0C}" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusicupdate.exe |
"{FCFC7CB3-D340-4A19-BB79-7FD6A1EB35E3}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{2516091F-ADB8-4687-A61C-D81434AB58F7}C:\program files\meitu\xiuxiu\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\meitu\xiuxiu\liveupdate.exe |
"TCP Query User{3112703E-A05A-43F9-ADB0-FE705F2B39EE}C:\users\fhcuser\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fhcuser\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3182EF9E-7696-4A03-BF2F-59DC9C62824F}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{521D5317-326C-409D-89EE-BA01F4211DC8}C:\program files\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"TCP Query User{7C9F0103-3383-4DA4-BE2E-B75178354CE8}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{992940DC-E704-4998-AF7C-C836903BA7A2}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{9F7E4E37-F19A-4462-ABD6-1B5B37A197C1}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{AB0D26DF-667D-4F41-ACEF-AF04EE6CB3CA}C:\program files\tencent\qq\bin\auclt.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"TCP Query User{BC5B2915-3C07-487B-82CC-52E9689D22F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BC8C60FC-6CDF-4B3D-AB93-4ADFD3BB61DF}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |
"TCP Query User{D8ABBD8D-6AEA-44D7-A3FC-CFD38437835E}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=6 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"TCP Query User{E0790F3C-196B-4622-9490-F3E12BA0FCFD}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"TCP Query User{F035D711-F62F-4B78-BC07-5DF37A1B63CF}C:\program files\tencent\qq\bin\auclt.exe" = protocol=6 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"UDP Query User{12300B5C-C33C-4A76-B579-E6795E641297}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{19FAFE10-F818-49B1-BCA5-84CB5733B3CC}C:\program files\tencent\qq\bin\auclt.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"UDP Query User{1BB5B57F-CF84-4E8C-843A-72A5C42D32A6}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{2723D7E7-29DD-417C-B0CB-69CE4D1EA402}C:\program files\tencent\qq\bin\auclt.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\auclt.exe |
"UDP Query User{2790AF65-997F-4EA0-A779-52B069AD0CFE}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{2A2A778F-CD3C-4B6A-B12A-E01B98C2DFCC}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{545FC7D4-A8B3-4BBF-B421-16E0761E044B}C:\program files\meitu\xiuxiu\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\meitu\xiuxiu\liveupdate.exe |
"UDP Query User{67FDEE4B-7160-4E1C-AC33-02D671EFBD7C}C:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"UDP Query User{7A3D74FD-88F5-4506-B1C8-B7988ED18295}C:\program files\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qq\bin\qq.exe |
"UDP Query User{A86633C0-6EE8-473C-BD99-0809036D94DE}C:\users\fhcuser\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fhcuser\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{E316DB22-9285-4F06-B0DD-2718AC08700C}C:\program files\common files\pplivenetwork\ppap.exe" = protocol=17 | dir=in | app=c:\program files\common files\pplivenetwork\ppap.exe |
"UDP Query User{E78FC5F5-FF25-47A6-A1A3-0D561FC2C878}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F0400899-C325-4FA0-8B87-E5966FA959BB}C:\program files\tencent\qqmusic\qqmusic.exe" = protocol=17 | dir=in | app=c:\program files\tencent\qqmusic\qqmusic.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = 腾讯QQ2011
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17241C58-97D4-D830-2A24-1B1B57BB9AC8}" = All-Time Best Recipes 21.5
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{9F8D1A84-9B7E-430A-BEFA-C84C7496E226}" = NCLEX Tutorial
"{A0B20B80-9768-4123-9359-4553559E0FEB}" = Tutor 6
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X
"{AC76BA86-7AD7-2448-0000-A00000000003}" = Chinese Traditional Fonts Support For Adobe Reader X
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B20179BA-2872-432F-8D88-B8F44AED359B}" = Broadcom USH Host Components
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9154586-6E6C-44E9-B419-BBEBDF82B8A3}" = Elsevier Pageburst
"{B9F2C612-C015-4AB0-A388-BB5CD6A4039A}" = Evolve Reach RN Studyware
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E256FE14-E5A3-4F96-9AFE-8001AB010A3E}" = Angel Secure Browser
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.6600
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9459BCF-0982-498B-ABA7-26C34323493F}" = Citrix Presentation Server Client - Web Only
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BREE5" = Brownstone Equation Editor 5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"DPP" = Canon Utilities Digital Photo Professional 3.8
"e75b83743d3b6363f6d41296f1a944dc" = All-Time Best Recipes 21.5
"EOS Utility" = Canon Utilities EOS Utility
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"NVIDIA Drivers" = NVIDIA Drivers
"nView Desktop Manager" = NVIDIA nView Desktop Manager
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® Network Connections Drivers
"QQMusic" = QQ音乐 2012
"QQSoftMgr" = QQ软件管理1.0 Beta3
"Saunders NCLEX-RN4e" = Saunders NCLEX-RN4e
"Saxton_Comprehensive_Review" = Saxton Comp Review 19e
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Tutor" = Tutor
"Tutor 6" = Tutor 6
"Ultravnc2_is1" = UltraVNC 1.0.5.3
"VCE 3.0 - Obstetric Patient Set" = VCE 3.0 - Obstetric Patient Set
"VLC media player" = VLC media player 1.1.4
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"美图秀秀" = 美图秀秀 3.5.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Connect Add-in" = Adobe Connect Add-in
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2012 8:40:10 PM | Computer Name = NuDB3F-LisLiQ | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2012 8:52:30 PM | Computer Name = NuDB3F-LisLiQ | Source = System Restore | ID = 8193
Description =

Error - 6/1/2012 11:53:36 PM | Computer Name = NuDB3F-LisLiQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/1/2012 11:53:36 PM | Computer Name = NuDB3F-LisLiQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16068

Error - 6/1/2012 11:53:36 PM | Computer Name = NuDB3F-LisLiQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16068

Error - 6/2/2012 12:49:02 PM | Computer Name = NuDB3F-LisLiQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/2/2012 12:49:02 PM | Computer Name = NuDB3F-LisLiQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 46542695

Error - 6/2/2012 12:49:02 PM | Computer Name = NuDB3F-LisLiQ | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 46542695

Error - 6/2/2012 3:49:33 PM | Computer Name = NuDB3F-LisLiQ | Source = WinMgmt | ID = 10
Description =

Error - 6/2/2012 8:42:07 PM | Computer Name = NuDB3F-LisLiQ | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 8/15/2012 6:40:08 PM | Computer Name = NuDB3F-LisLiQ | Source = WLAN-Tray | ID = 0
Description = 18:40:07, Wed, Aug 15, 12 Error - Unable to gain access to user store


[ OSession Events ]
Error - 8/31/2011 12:32:54 PM | Computer Name = NuDB3F-LisLiQ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 9/26/2012 11:38:56 AM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7022
Description =

Error - 9/26/2012 11:55:04 AM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7034
Description =

Error - 9/26/2012 11:55:12 AM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7030
Description =

Error - 9/26/2012 12:03:52 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7030
Description =

Error - 9/26/2012 12:11:51 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7030
Description =

Error - 9/26/2012 5:20:05 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7006
Description =

Error - 9/26/2012 6:48:26 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7006
Description =

Error - 9/26/2012 6:48:26 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7000
Description =

Error - 9/26/2012 6:48:26 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7006
Description =

Error - 9/26/2012 7:03:40 PM | Computer Name = NuDB3F-LisLiQ | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#9 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 26 September 2012 - 05:53 PM

Hi,

Run OTL.exe
  • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL


    :Services

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/http://facebook.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4D 07 27 59 B5 43 CA 01 [binary data]
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...amp;FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{9E209B9C-5F98-472A-A916-CADEAF123220}: "URL" = http://www.google.co...age={startPage}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\Users\FHCUser\Desktop\*.tmp files -> C:\Users\FHCUser\Desktop\*.tmp -> ]

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

#10 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 September 2012 - 09:15 AM

Hi Jeff!

Here's what I got after putting the stuff you want me to put it in the Custom Scan box:


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E209B9C-5F98-472A-A916-CADEAF123220}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E209B9C-5F98-472A-A916-CADEAF123220}\ not found.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla17.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla18.exe deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla19.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla20.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla21.dll deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseCustomCalla21.exe deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP\WiseData.ini deleted successfully.
C:\Windows\ADAFC0B4FC1545D9BAB3BC7A8829D0C4.TMP folder deleted successfully.
C:\Users\FHCUser\Desktop\~WRL2806.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\FHCUser\Desktop\cmd.bat deleted successfully.
C:\Users\FHCUser\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FHCUser
->Temp folder emptied: 6457088 bytes
->Temporary Internet Files folder emptied: 698695305 bytes
->Java cache emptied: 1387974 bytes
->Google Chrome cache emptied: 217381004 bytes
->Flash cache emptied: 5379391 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 548169 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 887.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.68.0 log created on 09272012_104007

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Then you tell me to Run the Scan and here's what I get:

OTL logfile created on: 9/27/2012 10:55:06 AM - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\FHCUser\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.79% Memory free
4.21 Gb Paging File | 3.24 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.01 Gb Total Space | 96.47 Gb Free Space | 64.74% Space Free | Partition Type: NTFS

Computer Name: NUDB3F-LISLIQ | User Name: Pisces223 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\FHCUser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe (Tencent)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
PRC - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (MDM) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (TSUSVC) -- C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe (Tencent)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)
SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV - (catchme) -- C:\Users\FHCUser\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (PBADRV) -- C:\Windows\System32\drivers\PBADRV.sys (Dell Inc)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....mp;d=2012-09-25 11:00:23&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QQPhotoDrawEx: C:\Program Files\Tencent\QQ\Plugin\Com.Tencent.Qzone\bin\QQPhotoDrawEx\npQQPhotoDrawEx.dll ()
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files\Tencent\QQMusic\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FHCUser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/29 22:49:14 | 000,000,000 | ---D | M]

[2012/09/23 22:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/22 18:10:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/06/20 12:56:43 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/06/20 12:56:44 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - homepage: http://learn.fhchs.edu/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://learn.fhchs.edu/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Users\FHCUser\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Default = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn\1.1_0\
CHR - Extension: Poppit = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: AVG Secure Search = C:\Users\FHCUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

O1 HOSTS File: ([2012/09/27 10:45:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\FHCUser\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CB15AF5-D6C5-487A-9C28-0841164DF72E}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/27 10:40:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/27 08:54:38 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{345F2A7D-56BA-41BA-8A0A-E16663F963D8}
[2012/09/26 19:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\FHCUser\Desktop\OTL.exe
[2012/09/26 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\Avg2013
[2012/09/26 12:17:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/26 12:17:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/26 12:17:10 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\temp
[2012/09/26 11:52:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/26 11:52:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/26 11:52:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/26 11:52:29 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/26 11:47:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/26 11:45:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/26 11:36:11 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{9EC2D76D-9D55-484A-B11C-3832979FFFD7}
[2012/09/25 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Roaming\TuneUp Software
[2012/09/25 10:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/25 10:48:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/25 10:48:07 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\MFAData
[2012/09/25 10:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/25 10:39:08 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{C66FEC18-F4F9-4346-85A0-54F77B76C511}
[2012/09/24 20:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/09/24 20:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/09/24 20:06:03 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{004819D5-2C5E-4004-881E-ED5981B4B059}
[2012/09/24 09:38:33 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{45B104C5-B21A-4790-8B29-2B25ED762C81}
[2012/09/23 22:59:13 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Roaming\Anvisoft
[2012/09/23 22:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/09/23 22:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/09/23 11:42:06 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{EAD4B6DA-356E-48D2-90CC-75ACDA445883}
[2012/09/22 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\.bitrock
[2012/09/22 13:53:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 13:53:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 13:53:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 13:53:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 13:53:52 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 13:53:48 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 13:53:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 13:53:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 13:31:51 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{8DA4A869-4904-464E-BE1D-139B56A11A05}
[2012/09/21 09:40:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{02315B08-9C62-4BBF-86A1-129773DEF592}
[2012/09/20 13:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/20 13:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/20 13:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/20 13:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/20 11:42:48 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{63F41B6D-C045-4490-A5FD-5A19CF57A9E3}
[2012/09/19 10:12:48 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{075F5F5F-3384-442C-8B74-B712A0C4E4C5}
[2012/09/18 11:10:18 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{6F0C8F1F-5C4D-4A15-855A-376032CC33C6}
[2012/09/17 11:25:26 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{3BE9A2F6-224C-408F-9184-E30167EF4FDC}
[2012/09/16 23:00:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{379D2163-3046-464A-84E1-8963864EF3C7}
[2012/09/16 11:00:28 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{955A67D5-149C-48A8-9488-47674297BFFF}
[2012/09/15 15:43:16 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{A2033994-0A21-49F6-A4F6-30C47B5A8CC4}
[2012/09/15 11:54:22 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{9CB270AE-CE8D-4A72-B001-6A77366F7C22}
[2012/09/14 11:58:37 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{E92EBF7A-B925-4FD9-B8FA-33FB5D93477A}
[2012/09/11 14:44:43 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{9B8F3026-518E-4DE9-92E4-18D9B10F28D9}
[2012/09/11 14:41:39 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{A910F6A1-AB76-4B15-B83E-5369CED3FCF5}
[2012/09/09 11:42:21 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{3A60DA9E-ADEA-4B00-BA8E-FE1446768608}
[2012/09/08 12:47:57 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{45F89EF0-DD8E-4339-BBBD-0F7EC8CC579E}
[2012/09/07 21:36:30 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{BF5F90C8-77B6-4D42-9CD9-38B26B059EDC}
[2012/09/07 09:36:18 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{ABC9EFAE-7FB2-4338-BB0C-4844354E4C3E}
[2012/09/06 10:52:59 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{8523C6F6-FF5A-49C1-A24A-9A1124C01599}
[2012/09/05 14:09:13 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{BA822DEE-58B2-43A7-A0AA-748AEA5B1204}
[2012/09/04 12:26:11 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{E3E0AF34-3155-46A7-9405-C0073346C6DE}
[2012/09/03 12:58:25 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{06DDAC56-81A3-4A6D-952D-A29A4C188A4B}
[2012/09/01 15:32:34 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{16E07474-6BCF-4F34-9CDE-25A4D6CA7D8B}
[2012/08/31 22:36:23 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{BDE871B0-4FF8-460E-8133-C515C0460194}
[2012/08/31 21:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/31 21:10:26 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/31 21:10:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/31 21:10:07 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/31 21:10:07 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/31 10:36:10 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{10440400-2E2F-49B2-9AB1-451C2C1A1B8F}
[2012/08/30 22:33:08 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{2A4C768A-5104-4178-AC91-A09C82E26FA4}
[2012/08/30 10:32:39 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{E86DCDC5-8908-4459-80A9-AB055C2FA739}
[2012/08/29 22:12:56 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{794AB9DB-638A-456F-9C29-9F26D672A8D1}
[2012/08/29 10:12:31 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{F173730F-F7E3-4757-B88D-DCD0ECE19A62}
[2012/08/28 16:51:39 | 000,000,000 | ---D | C] -- C:\Users\FHCUser\AppData\Local\{5EDD0EDD-DB11-46EB-BAA4-E80C849DD568}

========== Files - Modified Within 30 Days ==========

[2012/09/27 10:56:27 | 000,609,756 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/27 10:56:27 | 000,106,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/27 10:53:29 | 000,065,131 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/27 10:53:29 | 000,065,131 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/27 10:50:51 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 10:50:51 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/27 10:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/27 10:49:35 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/27 10:45:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/09/27 10:27:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000UA.job
[2012/09/27 10:21:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/27 10:19:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/09/26 20:46:47 | 000,055,296 | ---- | M] () -- C:\Users\FHCUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/26 19:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FHCUser\Desktop\OTL.exe
[2012/09/26 13:41:21 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\ReachTest .lnk
[2012/09/26 12:27:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1920104009-661548430-2577745447-1000Core.job
[2012/09/24 21:25:07 | 000,000,512 | ---- | M] () -- C:\Users\FHCUser\Desktop\MBR.dat
[2012/09/23 23:11:50 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/22 16:38:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 13:44:43 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/09 16:59:22 | 050,328,581 | ---- | M] () -- C:\Users\FHCUser\Desktop\Kaplan Free Practice Test Event.mp3
[2012/09/09 16:41:05 | 004,563,102 | ---- | M] () -- C:\Users\FHCUser\Desktop\NCLEX-Practice-Test-Explanations.pdf
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/04 18:28:38 | 000,002,052 | ---- | M] () -- C:\Users\FHCUser\Desktop\Google Chrome.lnk
[2012/09/04 18:28:38 | 000,002,014 | ---- | M] () -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/04 15:07:07 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN19G410M305HX.job
[2012/08/31 21:09:45 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/31 21:09:39 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/31 21:09:39 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/31 21:09:38 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/31 21:09:37 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/31 21:09:36 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/08/28 16:54:29 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/28 16:54:28 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/09/26 11:52:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/26 11:52:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/26 11:52:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/26 11:52:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/26 11:52:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/24 21:25:07 | 000,000,512 | ---- | C] () -- C:\Users\FHCUser\Desktop\MBR.dat
[2012/09/22 17:02:05 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/09/22 17:02:05 | 000,153,088 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2012/09/22 17:02:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/09/20 13:44:43 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/09 16:45:44 | 050,328,581 | ---- | C] () -- C:\Users\FHCUser\Desktop\Kaplan Free Practice Test Event.mp3
[2012/09/09 16:40:58 | 004,563,102 | ---- | C] () -- C:\Users\FHCUser\Desktop\NCLEX-Practice-Test-Explanations.pdf
[2012/08/05 14:05:02 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/06/11 16:52:12 | 000,000,000 | ---- | C] () -- C:\Windows\LiveUpdate.INI
[2012/05/25 16:31:58 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2011/11/17 15:38:07 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/30 20:13:07 | 000,055,296 | ---- | C] () -- C:\Users\FHCUser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/17 00:12:16 | 005,716,952 | ---- | C] () -- C:\Users\FHCUser\AppData\Local\Windows6.0-KB942567-x86.msu
[2009/04/16 23:57:21 | 000,065,131 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/16 23:13:48 | 000,065,131 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/16 21:55:18 | 000,000,680 | ---- | C] () -- C:\Users\FHCUser\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 08:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2012/09/27 10:25:27 | 000,016,606 | ---- | M] ()(C:\Users\FHCUser\Desktop\??1.docx) -- C:\Users\FHCUser\Desktop\名單1.docx
[2012/09/27 09:02:40 | 000,016,606 | ---- | C] ()(C:\Users\FHCUser\Desktop\??1.docx) -- C:\Users\FHCUser\Desktop\名單1.docx
[2012/09/26 23:01:16 | 000,015,759 | ---- | M] ()(C:\Users\FHCUser\Desktop\??.docx) -- C:\Users\FHCUser\Desktop\名單.docx
[2012/09/26 22:23:11 | 000,015,759 | ---- | C] ()(C:\Users\FHCUser\Desktop\??.docx) -- C:\Users\FHCUser\Desktop\名單.docx
[2012/09/24 09:41:47 | 000,000,000 | ---D | M](C:\Users\FHCUser\Desktop\?? - ???) -- C:\Users\FHCUser\Desktop\爸爸 - 工程單
[2012/09/07 23:00:25 | 000,000,000 | ---D | M](C:\Users\FHCUser\Desktop\????? (3)) -- C:\Users\FHCUser\Desktop\新建文件夹 (3)
[2012/09/07 22:43:53 | 000,000,000 | ---D | C](C:\Users\FHCUser\Desktop\????? (3)) -- C:\Users\FHCUser\Desktop\新建文件夹 (3)
[2012/08/11 18:26:23 | 000,000,888 | ---- | M] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk
[2012/08/11 18:26:23 | 000,000,864 | ---- | M] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2012/08/08 13:25:52 | 000,000,000 | ---D | C](C:\Users\FHCUser\Desktop\?? - ???) -- C:\Users\FHCUser\Desktop\爸爸 - 工程單
[2012/06/23 14:02:28 | 000,000,956 | ---- | M] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2012/06/23 14:02:28 | 000,000,956 | ---- | C] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ??.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ音乐.lnk
[2012/06/23 14:02:28 | 000,000,932 | ---- | M] ()(C:\Users\Public\Desktop\QQ??.lnk) -- C:\Users\Public\Desktop\QQ音乐.lnk
[2012/06/23 14:02:28 | 000,000,932 | ---- | C] ()(C:\Users\Public\Desktop\QQ??.lnk) -- C:\Users\Public\Desktop\QQ音乐.lnk
[2012/06/01 15:00:15 | 000,000,000 | ---D | M](C:\Users\FHCUser\Documents\????) -- C:\Users\FHCUser\Documents\美图图库
[2012/06/01 15:00:15 | 000,000,000 | ---D | C](C:\Users\FHCUser\Documents\????) -- C:\Users\FHCUser\Documents\美图图库
[2012/06/01 14:59:39 | 000,000,888 | ---- | C] ()(C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\????.lnk) -- C:\Users\FHCUser\Application Data\Microsoft\Internet Explorer\Quick Launch\美图秀秀.lnk
[2012/06/01 14:59:39 | 000,000,864 | ---- | C] ()(C:\Users\Public\Desktop\????.lnk) -- C:\Users\Public\Desktop\美图秀秀.lnk
[2010/09/07 08:09:36 | 000,002,040 | ---- | M] ()(C:\Users\FHCUser\Desktop\??QQ2010.lnk) -- C:\Users\FHCUser\Desktop\腾讯QQ2010.lnk
[2010/09/07 08:09:36 | 000,002,040 | ---- | C] ()(C:\Users\FHCUser\Desktop\??QQ2010.lnk) -- C:\Users\FHCUser\Desktop\腾讯QQ2010.lnk
[2009/12/18 23:48:03 | 000,016,872 | ---- | M] ()(C:\Users\FHCUser\Documents\????.docx) -- C:\Users\FHCUser\Documents\工作項目.docx
[2009/12/18 15:48:48 | 000,000,162 | -H-- | M] ()(C:\Users\FHCUser\Documents\~$????.docx) -- C:\Users\FHCUser\Documents\~$工作項目.docx
[2009/12/18 15:48:48 | 000,000,162 | -H-- | C] ()(C:\Users\FHCUser\Documents\~$????.docx) -- C:\Users\FHCUser\Documents\~$工作項目.docx
[2009/12/18 15:48:47 | 000,016,872 | ---- | C] ()(C:\Users\FHCUser\Documents\????.docx) -- C:\Users\FHCUser\Documents\工作項目.docx
(C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????) -- C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\??) -- C:\Users\FHCUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\美图
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\美图

< End of report >

After the scan I went online and check the search engine. Google is gone but since I installed the AVG before and it stay as my search Engine. How can i get Google back as my main Search Engine? Thankyou!

#11 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 27 September 2012 - 09:33 AM

Hi,

What browser are you wanting to have Google set as your default search?
--------

Please do the following:

Go to Start >> Control Panel >> Programs and Features

This will open your list of installed programs.

Remove the following programs:

Java™ 6 Update 15
----------

See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Other Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
----------

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.
----------

#12 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 September 2012 - 12:53 PM

Hi Jeff,

I'm using Internet Explorer, I want Google search set as my default serach. But I don't know how to do that!

I did uninstal Java 6 Update 15 and delete CACHE

I also did the Malwarebytes and here's the result:


Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Pisces223 :: NUDB3F-LISLIQ [administrator]

9/27/2012 11:45:36 AM
mbam-log-2012-09-27 (11-45-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199745
Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Then I did the ESET online Scanner, they found 1 threat and here's the result:

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3TDGXB4\upgrade[1].cab a variant of Win32/Adware.OneStep.BZ application


I have some questions. When I installed the AVG and did a scan it says I have so many virus and needed to fix it but when I run the Microsoft Security Essentials it didn't pick up any thing. For Malwarebytes, it helps me find virus?

#13 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 27 September 2012 - 01:03 PM

To set Google as your default search in Internet Explorer 9 do the following:
  • Click the Tools icon at the far right of the browser window.
  • Select Internet options.
  • In the General tab, find the Search section and click Settings.
  • Select Google.
  • Click Set as default and click Close.
----------

Malwarebytes in an antimalware program that you should definitely keep and use weekly. It is not an antivirus though so you need to keep Microsoft Security Essentials.
---------

As for why AVG picked up anything...when did you run it? Before you initially posted here? We have cleaned up your system so there won't be anything that should be listed now.
---------

First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste

del "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3TDGXB4\upgrade[1].cab"


Press Enter
Close the Command Prompt window.

Let me know how your system is running now. :)

#14 LuckyStar

LuckyStar

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 27 September 2012 - 03:48 PM

Hi Jeff! Thankyou so much for helping me!!! I added the Google as my default search and now it doesn't go to StartPins any more!!! I'm so glad! Is StartPins a virus? How did it get into my laptop?

Yes, I Recently install AVG like 3 days ago. I'm just curious about why AVG picks up more threats than Microsoft Security Essential. Microsoft Security Essential don't pick up any thing at all. That's why it make me think that I should install more than one antivirus software. But Thanks for letting me know installing more than one antivirus software might not help but harm...

I did the cmd and copy the quote you gave me but it says denied. I attached a print screen for you too see, maybe I did it wrong!

Attached Thumbnails

  • cmd.jpg


#15 jeffce

jeffce

    Super Saiyan

  • Malware Team
  • 8,659 posts
  • MVP

Posted 27 September 2012 - 07:30 PM

Hi,

Different antivirus programs will detect differently. Just because one detects one file does not necessarily make it a virus...it could be getting detected based upon its behavior. Some legit files have behavior like an infection but they are just fine.
----------

Go ahead and run this through... :)
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:


    ClearJavaCache::

    File::
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P3TDGXB4\upgrade[1].cab

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

Let me know how your system is running in the next reply along with posting the new ComboFix log. :)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users