9 replies to this topic

[bananna]

Hi there,

I have been having so much trouble trying to get rid of Searchqu, sparklebox, sweetim add-ons. I've been playing around (i'm not terribly tech-savvy!) and I THINK I've mainly been able to clean things up, but I can't get the Searchqu to stop coming up when I open a new tab in Firefox. Any assistance would be fantastic, I'm at my wits end, seeing that horrible page makes me so angry!!

Thanks so much
Anna

Hijack this log -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:08:18 PM, on 2/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alfonso\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.commsec.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SMART Notebook Download Plugin - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar"
O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\Documents and Settings\Alfonso\Desktop\sdsetup_revwire207.exe -min
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanne..._IKEA_Win32.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe

--
End of file - 8515 bytes

[Sunyata]

Hi bananna and welcome to the forums!
I'm Sunyata and I will be helping you with your computer problems.

Please read the following guidelines which will help to make cleaning your machine easier:

• Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
• The fixes I will give you are specific to your problem and should only be used for this issue on this machine.
• Please make sure to carefully read any instructions posted. If you're not sure, please stop and ask!
• Please stay with this thread until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that all malware is gone.
• PLEASE DO NOT install/uninstall any programs unless asked to.
• PLEASE DO NOT run any malware scans other than those requested.
• Please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
• I will reply back shortly with instructions

Note to Vista and Windows 7 users:

• These tools MUST be run from the executable. (.exe) every time you run them
• These tools MUST be run With Admin Rights (Right click, choose "Run as Administrator")

Please download OTL to your desktop.

• If you are using Firefox, make sure that your download settings are as follows:
  

  -Tools->Options->Main tab
  -Set to "Always ask me where to Save the files".

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output
• Check the boxes beside LOP Check and Purity Check.
• In the window under Custom Scans/Fixes copy and paste the following

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lîk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Deskuop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results Install|LastSuccessTime /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
%systemroot%\*. /rp /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|* /RS
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
winsrv.dll
/md5stop

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Next,

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  

  Vista and Windows 7 users right click the icon and choose "Run as administrator".

• When asked if you want to download Avast's virus definitions please select Yes.
• Click the Scan button to start scan.
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

In your next post, please include:

• OTL.txt
• Extras.txt
• The aswMBR log

[bananna]

Thank you for your help, Sunyata.

here is the OTL:

OTL logfile created on: 2/28/2012 6:47:46 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Alfonso\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.54% Memory free
3.25 Gb Paging File | 2.38 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 433.85 Gb Free Space | 93.15% Space Free | Partition Type: NTFS

Computer Name: ALFONSO | User Name: Alfonso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Alfonso\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Viprebridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ccSvcHst.exe (Symantec Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)


========== Driver Services (SafeList) ==========

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120227.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120227.002\NAVENG.SYS (Symantec Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120224.002\IDSXpx86.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120215.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1305000.091\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1305000.091\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1305000.091\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1305000.091\Ironx86.SYS (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\WINDOWS\system32\drivers\NAV\1305000.091\ccSetx86.sys (Symantec Corporation)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1305000.091\SYMDS.SYS (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AtcL002) -- C:\WINDOWS\system32\drivers\l251x86.sys (Atheros Communications, Inc.)
DRV - (HECI) Intel® -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.commsec.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c...er/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 4D 68 5E 50 8A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012/01/29 07:37:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/14 17:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/27 18:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Extensions
[2012/02/27 18:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\extensions
[2011/11/15 22:06:07 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\Search_Results.xml
[2012/02/15 17:41:22 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\SweetIM Search.xml
[2012/02/15 17:41:10 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\sweetim.xml
[2012/02/27 18:57:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/16 18:24:58 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012/01/29 07:37:03 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPLGN
[2011/09/29 14:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/29 08:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/15 22:06:07 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: SweetIM Search ()
CHR - default_search_provider: search_url = http://search.sweeti...6-DB654AFDFC3F}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2004/08/04 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.5.0.145\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
O4 - HKCU..\Run: [Spyware Doctor] C:\Documents and Settings\Alfonso\Desktop\sdsetup_revwire207.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1312C0D8-BA2B-464E-BACD-4ED6E4A1F29C}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F8CEC1C-9952-4228-9CAA-1D5E257DAB2E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8515E628-4961-47D9-9319-2CC250FD7329}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A604C5B8-EDF9-4DE8-95AC-6F957AE69257}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/19 14:55:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 06:46:18 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alfonso\Desktop\OTL.exe
[2012/02/27 19:07:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Alfonso\Desktop\HiJackThis.exe
[2012/02/27 17:56:39 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/02/27 17:56:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/27 17:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/27 17:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/02/27 17:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/27 17:50:52 | 003,834,864 | ---- | C] (PC Tools) -- C:\Documents and Settings\Alfonso\Desktop\sdasetup.exe
[9 C:\Documents and Settings\Alfonso\My Documents\*.tmp files -> C:\Documents and Settings\Alfonso\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/28 06:46:18 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alfonso\Desktop\OTL.exe
[2012/02/28 06:33:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/28 06:33:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/28 06:19:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/28 06:18:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/27 19:07:52 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Alfonso\Desktop\HiJackThis.exe
[2012/02/27 19:06:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/27 18:23:39 | 000,004,706 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/02/27 17:56:43 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/27 17:55:51 | 012,410,880 | ---- | M] () -- C:\Documents and Settings\Alfonso\Desktop\Ad-Aware96Install.msi
[2012/02/27 17:51:31 | 003,834,864 | ---- | M] (PC Tools) -- C:\Documents and Settings\Alfonso\Desktop\sdasetup.exe
[2012/02/26 09:02:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/02/25 09:44:02 | 000,009,669 | ---- | M] () -- C:\Documents and Settings\Alfonso\Desktop\makeup.jpg
[2012/02/18 07:34:43 | 000,001,823 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/02/13 06:06:27 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/08 18:54:16 | 000,075,279 | ---- | M] () -- C:\Documents and Settings\Alfonso\Desktop\pic1.jpg
[2012/01/30 06:08:06 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2012/01/30 06:07:31 | 000,531,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1305000.091\Cat.DB
[2012/01/30 06:07:28 | 000,004,782 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1305000.091\VT20111023.023
[2012/01/29 08:01:06 | 000,141,944 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2012/01/29 08:01:06 | 000,060,872 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2012/01/29 08:01:06 | 000,007,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2012/01/29 08:01:06 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[9 C:\Documents and Settings\Alfonso\My Documents\*.tmp files -> C:\Documents and Settings\Alfonso\My Documents\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/27 18:23:32 | 000,004,706 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/02/27 17:56:48 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/27 17:56:43 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/27 17:55:46 | 012,410,880 | ---- | C] () -- C:\Documents and Settings\Alfonso\Desktop\Ad-Aware96Install.msi
[2012/02/25 09:44:01 | 000,009,669 | ---- | C] () -- C:\Documents and Settings\Alfonso\Desktop\makeup.jpg
[2012/02/12 21:53:09 | 000,030,480 | ---- | C] () -- C:\Documents and Settings\Alfonso\Desktop\FhPrint.TTF
[2012/02/08 18:58:58 | 000,075,279 | ---- | C] () -- C:\Documents and Settings\Alfonso\Desktop\pic1.jpg
[2011/11/12 20:28:43 | 000,063,080 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/20 20:10:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 17:06:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Alfonso\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/20 14:42:20 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\Alfonso\Application Data\cudopromotion Prefs
[2011/10/14 15:13:08 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2011/10/14 15:00:39 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011/10/14 15:00:34 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011/10/14 15:00:31 | 000,019,583 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011/10/14 15:00:31 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011/01/20 08:45:57 | 001,445,112 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011/01/19 16:50:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll

========== LOP Check ==========

[2011/11/19 10:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\AVG2012
[2011/12/18 09:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\Canon
[2011/10/20 14:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\cudopromotion
[2011/11/15 22:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\searchquband
[2011/10/16 18:25:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\SMART Technologies Inc
[2011/11/19 10:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\TestApp
[2011/12/24 19:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/15 22:06:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/12/06 18:02:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/10 10:43:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/12/10 10:48:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/12/10 10:43:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/12/10 10:42:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJFAX
[2011/12/11 12:35:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/12/10 10:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/11/19 10:42:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/12/24 18:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/16 18:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2012/02/27 17:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/10/14 16:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/02/28 06:19:25 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2012/02/27 18:23:39 | 000,004,706 | -H-- | M] () -- C:\aaw7boot.cmd
[2005/02/19 14:55:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/12/24 19:03:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2005/02/19 14:55:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/01/16 12:47:15 | 000,000,032 | ---- | M] () -- C:\csb.log
[2011/10/15 11:23:34 | 000,757,784 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flashplayer11x32ax_gtba_aih.exe
[2005/02/19 14:55:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/02/19 14:55:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 20:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/10/21 10:21:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/28 06:18:42 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2011/11/25 17:56:25 | 006,283,632 | ---- | M] (Microsoft Corporation) -- C:\Silverlight.exe

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/02/19 14:55:06 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/03/14 05:06:40 | 000,019,968 | ---- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\BuEProNT.dll
[2007/03/19 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8S.DLL
[2010/09/20 05:00:00 | 000,028,672 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPDAK.DLL
[2007/03/19 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8S.DLL
[2010/09/20 05:00:00 | 000,074,752 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPPAK.DLL
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/02/19 22:43:13 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2005/02/19 22:43:13 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2005/02/19 22:43:13 | 000,880,640 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >
[2011/10/21 10:24:27 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2011/10/21 10:24:27 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2005/02/19 14:55:44 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Catalog.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results Install|LastSuccessTime /rs >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< %systemroot%\*. /rp /s >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|* /RS >


< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 20:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[1999/04/24 14:22:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=B22B28F61B1BB06723019307F0FAACFC -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\EXPLORER.EXE

< MD5 for: EXPLORER.EXE-082F38A9.PF >
[2012/02/27 17:58:30 | 000,058,970 | ---- | M] () MD5=F8DC0E6E0054F44A0C9ADDBCC8442B89 -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf

< MD5 for: EXPLORER.LGC >
[2002/10/10 03:24:44 | 000,073,263 | ---- | M] () MD5=FB909170A9210FC2ADF45933D6AE3AD5 -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\APPLOG\EXPLORER.LGC

< MD5 for: EXPLORER.LNK >
[2003/04/04 09:42:46 | 000,000,276 | ---- | M] () MD5=2DA7C14C5978A621B6AED4FEDC89C8F1 -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\Application Data\Microsoft\Office\Recent\Explorer.LNK

< MD5 for: EXPLORER.SCF >
[1999/04/24 14:22:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\EXPLORER.SCF
[2004/08/04 20:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CHM >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[1999/04/24 14:22:00 | 000,113,910 | ---- | M] () MD5=6001884F943D00E3C15C7119A044D6AA -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\HELP\IEXPLORE.CHM
[2004/08/04 20:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2008/04/14 04:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/14 04:42:24 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/04 20:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
[1999/04/24 14:22:00 | 000,078,272 | ---- | M] (Microsoft Corporation) MD5=F51690B7980BD05DB110FDCD1714688E -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\Program Files\Internet Explorer\IEXPLORE.EXE

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-27122324.PF >
[2012/02/27 21:17:00 | 000,077,204 | ---- | M] () MD5=D273D85B9A03800AB6355846E452C328 -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf

< MD5 for: IEXPLORE.HLP >
[2004/08/04 20:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp
[1999/04/24 14:22:00 | 000,085,280 | ---- | M] () MD5=D49D121E4A6D19C87720016D85D1EEBD -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\HELP\IEXPLORE.HLP

< MD5 for: IEXPLORE.LGC >
[2002/09/12 14:26:16 | 000,001,227 | ---- | M] () MD5=B8CC58701AE55B7162CB796B7F631B6D -- C:\Documents and Settings\Alfonso\Desktop\Desktop\backup\WINDOWS\APPLOG\IEXPLORE.LGC

< MD5 for: WINLOGON.EXE >
[2004/08/04 20:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINLOGON.EXE-32C57D49.PF >
[2012/02/28 06:18:51 | 000,075,030 | ---- | M] () MD5=2C08C9B081AA6BF9A0F05E8EB2FC89D3 -- C:\WINDOWS\Prefetch\WINLOGON.EXE-32C57D49.pf

< MD5 for: WINSRV.DLL >
[2008/04/14 04:42:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\ServicePackFiles\i386\winsrv.dll
[2008/04/14 04:42:10 | 000,293,376 | ---- | M] (Microsoft Corporation) MD5=1618F36D4F7F6CCCEB3EE44BA95BE85C -- C:\WINDOWS\system32\winsrv.dll
[2004/08/04 20:00:00 | 000,290,816 | ---- | M] (Microsoft Corporation) MD5=442D0EAD5534E4ADCF6D4469043C82C0 -- C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Extras:

OTL Extras logfile created on: 2/28/2012 6:47:46 AM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Alfonso\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.54% Memory free
3.25 Gb Paging File | 2.38 Gb Available in Paging File | 73.21% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 433.85 Gb Free Space | 93.15% Space Free | Partition Type: NTFS

Computer Name: ALFONSO | User Name: Alfonso | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\Alfonso\Local Settings\Temporary Internet Files\Content.IE5\G26E9FIL\SweetImSetup[1].exe" = C:\Documents and Settings\Alfonso\Local Settings\Temporary Internet Files\Content.IE5\G26E9FIL\SweetImSetup[1].exe:*:Enabled:SweetIM Installer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.® L2 Fast Ethernet Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F581DF68-CAE9-4064-A6CD-705D95D1C756}" = Notebook Software
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NAV" = Norton AntiVirus
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Speed Dial Utility" = Canon Speed Dial Utility
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2012 6:33:39 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/29/2012 6:37:24 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/29/2012 6:38:26 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/29/2012 6:40:19 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/29/2012 7:30:56 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/29/2012 8:13:38 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/29/2012 8:14:07 PM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/30/2012 8:27:33 AM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

Error - 1/30/2012 8:50:10 AM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x002535c4.

Error - 2/1/2012 6:46:03 AM | Computer Name = ALFONSO | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x00265067.

[ System Events ]
Error - 2/27/2012 6:33:52 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:52 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 2/27/2012 6:33:53 AM | Computer Name = ALFONSO | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

aswMBR log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-28 06:54:01
-----------------------------
06:54:01.306 OS Version: Windows 5.1.2600 Service Pack 3
06:54:01.306 Number of processors: 2 586 0xF0D
06:54:01.306 ComputerName: ALFONSO UserName: Alfonso
06:54:05.853 Initialize success
07:06:36.666 AVAST engine defs: 12022701
07:15:35.166 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
07:15:35.166 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
07:15:35.181 Disk 0 MBR read successfully
07:15:35.181 Disk 0 MBR scan
07:15:35.213 Disk 0 Windows VISTA default MBR code
07:15:35.244 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
07:15:35.244 Disk 0 scanning sectors +976771120
07:15:35.306 Disk 0 scanning C:\WINDOWS\system32\drivers
07:15:41.635 Service scanning
07:15:52.135 Modules scanning
07:15:56.088 Disk 0 trace - called modules:
07:15:56.103 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:15:56.119 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a69bab8]
07:15:56.119 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\00000075[0x8a702278]
07:15:56.119 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a6f5940]
07:15:57.697 AVAST engine scan C:\WINDOWS
07:16:07.775 AVAST engine scan C:\WINDOWS\system32
07:17:30.306 AVAST engine scan C:\WINDOWS\system32\drivers
07:17:50.135 AVAST engine scan C:\Documents and Settings\Alfonso
07:33:19.041 File: C:\Documents and Settings\Alfonso\My Documents\PetSetup.exe **INFECTED** Win32:CIH-G@dam
07:34:04.306 AVAST engine scan C:\Documents and Settings\All Users
07:38:57.822 Scan finished successfully
07:39:15.978 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Alfonso\Desktop\MBR.dat"
07:39:15.978 The log file has been saved successfully to "C:\Documents and Settings\Alfonso\Desktop\aswMBR.txt"

[Sunyata]

Hello bananna

Please run an OTL Fix

• Please reopen .
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  

  :processes
  killallprocesses
  
  :Services
  
  :OTL
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.commsec.com.au/
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.com.au/tickler/default.aspx
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 4D 68 5E 50 8A CC 01 [binary data]
  FF - prefs.js..browser.search.defaultenginename: ""
  FF - prefs.js..browser.search.defaulturl: ""
  FF - prefs.js..browser.search.order.1: "Search Results"
  FF - prefs.js..browser.search.selectedEngine: "Search Results"
  FF - prefs.js..browser.search.update: false
  [2012/02/15 17:41:22 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\SweetIM Search.xml
  [2012/02/15 17:41:10 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\sweetim.xml
  CHR - default_search_provider: SweetIM Search ()
  CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6...6-DB654AFDFC3F}
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found
  O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll File not found
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O4 - HKLM..\Run: [SigmatelSysTrayApp] sttray.exe File not found
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
  O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/AUW/Core/Pl..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
  [9 C:\Documents and Settings\Alfonso\My Documents\*.tmp files -> C:\Documents and Settings\Alfonso\My Documents\*.tmp -> ]
  [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
  [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
  [2011/11/15 22:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Alfonso\Application Data\searchquband
  [2011/10/14 16:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
  "C:\Documents and Settings\Alfonso\Local Settings\Temporary Internet Files\Content.IE5\G26E9FIL\SweetImSetup[1].exe" = C:\Documents and Settings\Alfonso\Local Settings\Temporary Internet Files\Content.IE5\G26E9FIL\SweetImSetup[1].exe:*:Enabled:SweetIM Installer
  
  :Files
  C:\Documents and Settings\Alfonso\My Documents\PetSetup.exe
  
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
  "C:\Documents and Settings\Alfonso\Local Settings\Temporary Internet Files\Content.IE5\G26E9FIL\SweetImSetup[1].exe"=-
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Next,

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  *Bandoo*
  *Searchqu*
  *iLivid*
  *sparklebox*
  *sweetim*
  
  :folderfind
  *Bandoo*
  *Searchqu*
  *iLivid*
  *datamngr*
  *sparklebox*
  *sweetim*
  
  :Regfind
  Bandoo
  Searchqu
  iLivid
  datamngr
  sparklebox
  sweetim

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

In your next post please include:

• The OTL log
• SystemLook.txt

How is the machine behaving now? What are the issues?

[bananna]

Thanks, Sunyata. When firefox opens, and when subsequent tabs are opened, there is no more sparklebox/bandoo etc etc. Same goes with Internet explorer. so its definitely looking a lot cleaner! OTL Log: All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== OTL ========== HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! Prefs.js: "" removed from browser.search.defaultenginename Prefs.js: "" removed from browser.search.defaulturl Prefs.js: "Search Results" removed from browser.search.order.1 Prefs.js: "Search Results" removed from browser.search.selectedEngine Prefs.js: false removed from browser.search.update C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\SweetIM Search.xml moved successfully. C:\Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\sweetim.xml moved successfully. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully. Starting removal of ActiveX control {1ABA5FAC-1417-422B-BA82-45C35E2C908B} C:\WINDOWS\Downloaded Program Files\2020Player_IKEA.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found. C:\Documents and Settings\Alfonso\My Documents\~WRL0407.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL1111.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL1550.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL1641.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL1648.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL1953.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL2141.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL2196.tmp deleted successfully. C:\Documents and Settings\Alfonso\My Documents\~WRL2816.tmp deleted successfully. C:\WINDOWS\002522_.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\Documents and Settings\Alfonso\Application Data\searchquband folder moved successfully. C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully. C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully. ========== FILES ========== C:\Documents and Settings\Alfonso\My Documents\PetSetup.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Alfonso\Local Settings\Temporary Internet Files\Content.IE5\G26E9FIL\SweetImSetup[1].exe deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Alfonso ->Temp folder emptied: 248739436 bytes ->Temporary Internet Files folder emptied: 35106528 bytes ->FireFox cache emptied: 77339708 bytes ->Google Chrome cache emptied: 41602088 bytes ->Flash cache emptied: 8208547 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 3348938 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 940706 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 48978 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 396.00 mb [EMPTYFLASH] User: Alfonso ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.33.2 log created on 02282012_165327 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Alfonso\Local Settings\Temp\etilqs_imSYRGqyUHVi8vB not found! File\Folder C:\WINDOWS\temp\Perflib_Perfdata_254.dat not found! Registry entries deleted on Reboot... System Look log - SystemLook 30.07.11 by jpshortstuff Log created at 16:59 on 28/02/2012 by Alfonso Administrator - Elevation successful ========== filefind ========== Searching for "*Bandoo*" No files found. Searching for "*Searchqu*" C:\Documents and Settings\Alfonso\Cookies\alfonso@searchqu[2].txt --a---- 580 bytes [06:25 11/02/2012] [01:20 21/02/2012] FF7AB917C460E747724DA6F093F8359C C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\SetupDataMngr_Searchqu.exe.66b9ee9c9d8352dc6823474f1d41d9bf.5a5bfcee355d475 577b8e9abdbb744df.aawqff --a---- 3521252 bytes [10:23 27/02/2012] [10:23 27/02/2012] B2DA54F77F1EC9F7431F125FD66EABC2 Searching for "*iLivid*" C:\Documents and Settings\Alfonso\Cookies\alfonso@ilivid[2].txt --a---- 374 bytes [14:05 15/11/2011] [14:11 15/11/2011] B970A2C4210E98E4C0410143F5A62A24 Searching for "*sparklebox*" C:\Documents and Settings\Alfonso\Cookies\alfonso@sparklebox.co[1].txt --a---- 544 bytes [23:05 16/02/2012] [10:37 27/02/2012] D72DD2BE847518A055B16964FD3CE0F2 C:\Documents and Settings\Alfonso\Cookies\alfonso@sparklebox.ourtoolbar[2].txt --a---- 478 bytes [12:11 15/02/2012] [10:38 27/02/2012] 95F9DCB843572591CFFAD8D394C18BA0 C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sparklebox.co[2].txt --a---- 93 bytes [10:25 27/02/2012] [10:25 27/02/2012] BCC16FC5F68DEB1C6B7CF81E27EC4769 Searching for "*sweetim*" C:\Documents and Settings\Alfonso\Cookies\alfonso@home.sweetim[3].txt --a---- 271 bytes [10:32 15/02/2012] [10:32 15/02/2012] A8D43974EE879C610D35D7E810ECCDBB C:\Documents and Settings\Alfonso\Cookies\alfonso@lp.sweetim[1].txt --a---- 400 bytes [09:40 15/02/2012] [09:40 15/02/2012] 5280305AEB3D677DC93E31FCC88BD990 C:\Documents and Settings\Alfonso\Cookies\alfonso@search.sweetim[2].txt --a---- 294 bytes [09:59 15/02/2012] [10:29 15/02/2012] 97647AE494FF02013092A9CB725E1D75 C:\Documents and Settings\Alfonso\Cookies\alfonso@sweetim[1].txt --a---- 119 bytes [09:58 15/02/2012] [09:58 15/02/2012] 93C723C3A07BCADDEC65B25792D29EE7 C:\Documents and Settings\Alfonso\Cookies\alfonso@sweetim[2].txt --a---- 1737 bytes [10:33 27/02/2012] [10:33 27/02/2012] F434C7BDD9B96B44272BC3DAEE9017B2 C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sweetim[1].txt --a---- 93 bytes [09:39 15/02/2012] [09:39 15/02/2012] ED2D4A75715E6E10941DD45E0D9DD25D C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sweetim[2].txt --a---- 74 bytes [09:39 15/02/2012] [09:39 15/02/2012] C0D9BBD5BF095CFFF0DF22D123B20DFC C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\mgSweetIM.dll.f17e712ddb43a3304ba6b87e42e3a3ca.26cf6527a994f85527deecefdf66 373c.aawqff --a---- 626996 bytes [10:23 27/02/2012] [10:23 27/02/2012] 47844538D0DCA3846841A8E3E8FD2217 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\SweetIM.exe.b71a33d0cac1f75d8c6beec28dcaecd.92dccd7ad8fb9fb475a4f4808693883 8.aawqff --a---- 114996 bytes [10:23 27/02/2012] [10:23 27/02/2012] 8C6499D5673377752301E80C231709F8 C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Quarantine\SweetImSetup[1].exe.9b8385f9758eee89ff16e8cdf1c9bec.e5aaf71bac582ad252758c5 ecbb1395.aawqff --a---- 459572 bytes [10:23 27/02/2012] [10:23 27/02/2012] F62AD56358A414E4D2EB1651B8EF7A2B C:\_OTL\MovedFiles\02282012_165327\C_Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\SweetIM Search.xml --a---- 3915 bytes [09:40 15/02/2012] [09:41 15/02/2012] EF691DD0310399372EAD6FACEEDBE1BB C:\_OTL\MovedFiles\02282012_165327\C_Documents and Settings\Alfonso\Application Data\Mozilla\Firefox\Profiles\y1vwtt3l.default\searchplugins\sweetim.xml --a---- 3915 bytes [09:41 15/02/2012] [09:41 15/02/2012] EF691DD0310399372EAD6FACEEDBE1BB ========== folderfind ========== Searching for "*Bandoo*" No folders found. Searching for "*Searchqu*" C:\_OTL\MovedFiles\02282012_165327\C_Documents and Settings\Alfonso\Application Data\searchquband d------ [14:09 15/11/2011] Searching for "*iLivid*" C:\Documents and Settings\Alfonso\Local Settings\Application Data\Ilivid Player d------ [14:11 15/11/2011] Searching for "*datamngr*" C:\Documents and Settings\Alfonso\AppData\LocalLow\DataMngr d------ [14:09 15/11/2011] Searching for "*sparklebox*" No folders found. Searching for "*sweetim*" No folders found. ========== Regfind ========== Searching for "Bandoo" No data found. Searching for "Searchqu" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] "SuggestionsURL_JSON"="http://www.searchqu....Terms}&ft=json" [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "002"="searchqu" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] "SuggestionsURL_JSON"="http://www.searchqu....Terms}&ft=json" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] "SuggestionsURL_JSON"="http://www.searchqu....Terms}&ft=json" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Search Assistant\ACMru\5603] "002"="searchqu" Searching for "iLivid" [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "000"="ilivid" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid] [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"="iLivid Installation " [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid] [HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid] [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Search Assistant\ACMru\5603] "000"="ilivid" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid] [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Documents and Settings\All Users\Application Data\{08E30618-5D06-461B-BBD3-4ADFB0810824}\iLividSetupV1.exe"="iLivid Installation " [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid] [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid] Searching for "datamngr" [HKEY_CURRENT_USER\Software\Datamngr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"="Data Manager" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Datamngr] [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"="Data Manager" Searching for "sparklebox" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] "DisplayName"="SparkleBox Customized Web Search" [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "004"="sparklebox" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains\sparklebox.co.uk] [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\SparkleBox\SparkleBoxToolbarHelper.exe"="ToolbarH Application" [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\SparkleBox\uninstall.exe"="Conduit Engine Uninstall" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}] "DisplayName"="SparkleBox Customized Web Search" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Search Assistant\ACMru\5603] "004"="sparklebox" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains\sparklebox.co.uk] [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\SparkleBox\SparkleBoxToolbarHelper.exe"="ToolbarH Application" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\SparkleBox\uninstall.exe"="Conduit Engine Uninstall" Searching for "sweetim" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] "URL"="http://search.sweeti...-DB654AFDFC3F}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] "DisplayName"="SweetIM Search" [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "003"="sweetim" [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\SweetIM\Messenger\SweetIM.exe"="SweetIM Instant Messenger Enhancer" [HKEY_CURRENT_USER\Software\SweetIM] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\InprocServer32] @="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}] @="SweetIM ToolbarURLSearchHook Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\InprocServer32] @="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ProgID] @="SweetIM_URLSearchHook.ToolbarURLSearchHook.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\VersionIndependentProgID] @="SweetIM_URLSearchHook.ToolbarURLSearchHook" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook] @="SweetIM ToolbarURLSearchHook Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] @="SweetIM ToolbarURLSearchHook Class" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}\1.0\0\win32] @="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}\1.0\HELPDIR] @="C:\Program Files\SweetIM\Toolbars\Internet Explorer" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}\1.0] @="SweetIM URLSearchHook 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}\1.0\0\win32] @="C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}\1.0\HELPDIR] @="C:\Program Files\SweetIM\Toolbars\Internet Explorer" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] "URL"="http://search.sweeti...-DB654AFDFC3F}" [HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM] [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] "URL"="http://search.sweeti...-DB654AFDFC3F}" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}] "DisplayName"="SweetIM Search" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Search Assistant\ACMru\5603] "003"="sweetim" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\Program Files\SweetIM\Messenger\SweetIM.exe"="SweetIM Instant Messenger Enhancer" [HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\SweetIM] -= EOF =-

[Sunyata]

Hello bananna

definitely looking a lot cleaner!

awesome!

Let's lose the rest of the garbage then...

• Download ERUNT from Here and save it to your desktop.
• Double click erunt-setup.exe to install the program
• Follow the prompts, and then uncheck Create NTREGOPT desktop icon at the Additional Tasks screen.
• Click No when you are prompted about creating an ERUNT entry in the startup folder.
• At the next screen, uncheck Show documentation and check Launch ERUNT
• If ERUNT doesn't start by itself, launch it from the desktop shortcut.
• At the configuration screen, make sure all 3 checkboxes are checked
• Click Ok to run the backup process

Next,

• Please reopen .
• Copy and Paste the following code into the textbox. Do not include the word "Code"
  

  :Services
  
  :Files
  C:\Documents and Settings\Alfonso\Cookies\alfonso@searchqu[2].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@ilivid[2].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@sparklebox.co[1].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@sparklebox.ourtoolbar[2].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sparklebox.co[2].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@home.sweetim[3].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@lp.sweetim[1].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@search.sweetim[2].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@sweetim[1].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@sweetim[2].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sweetim[1].txt
  C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sweetim[2].txt
  C:\Documents and Settings\Alfonso\Local Settings\Application Data\Ilivid Player
  C:\Documents and Settings\Alfonso\AppData\LocalLow\DataMngr
  
  :Reg
  [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
  [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
  [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
  [-HKEY_CURRENT_USER\Software\Datamngr]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Datamngr]
  [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains\sparklebox.co.uk]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains\sparklebox.co.uk]
  [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
  [-HKEY_CURRENT_USER\Software\SweetIM]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
  [-HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\SweetIM]
  
  :Commands
  [createrestorepoint]
  [Reboot]

• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click .
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Scan For Malware:

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Do An Online Scan For Viruses:

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the Start button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as MyEsetScan. Include the contents of this report in your next reply.
• Push the Back button.
• Push Finish

In your next reply please post the logs created by OTL, Malwarebytes and the ESET Online Scan.

[bananna]

Thanks Sunyata ESET Online Scanner: C:\My Downloads\MsgPlusLive-460.exe a variant of Win32/Adware.CiDHelp application Malware: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.29.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Alfonso :: ALFONSO [administrator] Protection: Enabled 2/29/2012 5:08:15 PM mbam-log-2012-02-29 (17-08-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 173492 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) OTL: ========== SERVICES/DRIVERS ========== ========== FILES ========== C:\Documents and Settings\Alfonso\Cookies\alfonso@searchqu[2].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@ilivid[2].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@sparklebox.co[1].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@sparklebox.ourtoolbar[2].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sparklebox.co[2].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@home.sweetim[3].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@lp.sweetim[1].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@search.sweetim[2].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@sweetim[1].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@sweetim[2].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sweetim[1].txt moved successfully. C:\Documents and Settings\Alfonso\Cookies\alfonso@www.sweetim[2].txt moved successfully. C:\Documents and Settings\Alfonso\Local Settings\Application Data\Ilivid Player folder moved successfully. C:\Documents and Settings\Alfonso\AppData\LocalLow\DataMngr folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid\ not found. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid\ not found. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid\ not found. Registry key HKEY_CURRENT_USER\Software\Datamngr\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Datamngr\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains\sparklebox.co.uk\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore\AllowedDomains\sparklebox.co.uk\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_CURRENT_USER\Software\SweetIM\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found. Registry key HKEY_USERS\S-1-5-21-2747457527-3239048399-1508684776-1008\Software\SweetIM\ not found. ========== COMMANDS ========== Restore point Set: OTL Restore Point (0) OTL by OldTimer - Version 3.2.33.2 log created on 02292012_165906

[Sunyata]

Hello Anna bananna

Thanks Sunyata

My pleasure

There is just one little bit of malware found by ESET that we can just remove manually...

Please navigate to the following directory and delete the file indicated:

C:\My Downloads\MsgPlusLive-460.exe

After which your machine appears to be ALL CLEAN



Time to clean up our tools then...

Please remove from your desktop:

• All the logs we created
• aswMBR.exe
• MBR.dat
• SystemLook.exe

Next,

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

I suggest you keep MBAM. Keep it updated and use it regularly.
ESET online scan can be removed via add/remove programs.

Next, we have a few recommendations to help you stay malware-free:

Update Adobe Reader

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

• Go to Add/Remove Programs and remove all versions of Adobe Reader.
• Click here to download the latest version of Adobe Reader.

Please download JavaRa and unzip it to its own folder

• Run JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista or Windows 7), pick the language of your choice and click "Select".
• Then click "Remove Older Versions".
• Accept any prompts.
• Open JavaRa.exe (double-click for XP/right-click and Run as Administrator for Vista or Windows 7) again and select "Search For Updates".
• Select "Update Using Sun Java's Website".
• Then click "Search" and click on the "Open Webpage" button.
• Download and install the latest Java Runtime Environment (JRE) version for your computer.

Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
(Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
Without a firewall your computer is succeptible to being hacked and taken over.
I am very serious about this and see it happen almost every day with my clients.
Simply using a Firewall in its default configuration can lower your risk greatly.


WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for both Firefox and IE.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site
until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:
PC Safety and Security--What Do I Need?
How to Prevent Malware

If there is nothing else, we will close this thread
Take care and safe computing

[bananna]

Thank you so much for your time and expertise, Sunyata. I am so happy that my computer is clean again, I very much appreciate your help. All the best!!

[Sunyata]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.