|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
mywebsearch taking over Chrome
Hi,
Tried to open chrome for some browsing this evening and found the mywebsearch home page popping up instead. When I click the home button it reverts to the usual chrome page but when I close the browser and open it again it switches back to mywebsearch. I've tried looking in settings and my default browser is shown as google chrome with no mention of mywebsearch or any of the other names attached to it. Mywebsearch says to uninstall, look on the add/remove list in the control panel but it isn't on the list. An all files search shows no sign of it and according to mywebsearch it isn't ad/malware but to everyone else it's a curse. IE diverted to mws but that was removed easily, firefox shows no sign of it but chrome swaps back everytime. I've looked through some online ways to remove it but none seem to work. So, is it dangerous, does it slow the pc down and if so, what's the best way to get rid of it and keep it gone? As far as I know I'm careful where I browse and access nothing dodgy. Thanks in advance. Last edited by Buggs; May 16th, 2012 at 11:10 PM. |
#2
|
||||
|
||||
Hello Buggs,
Let's take a look. If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything. |
#3
|
|||
|
|||
Thanks, reports show:
OTL logfile created on: 17/05/2012 08:03:42 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = d:\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.31 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 81.38% Memory free 4.65 Gb Paging File | 4.06 Gb Available in Paging File | 87.28% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 91.73 Gb Total Space | 24.56 Gb Free Space | 26.77% Space Free | Partition Type: NTFS Drive D: | 19.53 Gb Total Space | 8.55 Gb Free Space | 43.77% Space Free | Partition Type: NTFS Drive F: | 3.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PAUL-CA8B037DBC | User Name: Paul Parker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/17 08:02:57 | 000,595,456 | ---- | M] (OldTimer Tools) -- d:\My Documents\Downloads\OTL.exe PRC - [2012/05/09 04:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe PRC - [2012/03/07 18:08:03 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012/03/01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012/01/24 18:24:26 | 004,200,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2011/07/12 09:27:35 | 000,026,576 | ---- | M] (RadioPI) -- C:\Program Files\RadioPI_4e\bar\1.bin\4ebrmon.exe PRC - [2011/03/30 19:46:06 | 001,721,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/29 00:19:16 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe PRC - [2008/03/28 16:23:58 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe PRC - [2007/03/28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe PRC - [2007/03/06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe ========== Modules (No Company Name) ========== MOD - [2012/05/09 04:04:52 | 000,441,840 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppgoog lenaclpluginchrome.dll MOD - [2012/05/09 04:04:51 | 003,921,904 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dl l MOD - [2012/05/09 04:03:36 | 000,553,456 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\libgle sv2.dll MOD - [2012/05/09 04:03:35 | 000,117,744 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\libegl .dll MOD - [2012/05/09 04:03:25 | 000,134,656 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avutil-51.dll MOD - [2012/05/09 04:03:24 | 000,250,368 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avform at-54.dll MOD - [2012/05/09 04:03:23 | 002,375,680 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\avcode c-54.dll MOD - [2012/05/09 03:09:13 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\gcswf3 2.dll MOD - [2012/03/07 18:08:03 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe MOD - [2011/11/03 16:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/30 22:19:19 | 001,841,000 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3050A_J611.dll MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2007/03/29 13:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Mouse Driver\keydll.dll MOD - [2005/05/04 20:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files\Mouse Driver\MouseHook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\RADIOP~2\bar\1.bin\4ebarsvc.exe -- (RadioPI_4eService) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/21 02:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/07 18:08:03 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/03/01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/03/29 00:19:16 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\mdxgthkn.sys -- (mdxgthkn) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011/03/03 16:59:22 | 000,119,272 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI) DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/07/27 15:15:24 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/03/22 12:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/05/10 11:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004/12/10 23:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel(R) DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2001/08/10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\URLSearchHook: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - C:\Program Files\RadioPI_4e\bar\1.bin\4eSrcAs.dll (RadioPI) IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={64CFFA73-18F0-43CA-9FE1-D9BE04AE9C2D}&mid=4c6c2f2960f4c0ba2e7665429de06063-7aa5d9813978f7fd7ba5c6dd5620e1459532de43&lang=en&d s=AVG&pr=fr&d=2011-11-07 16:25:58&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=kwd&searchfor=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4e\bar\1.bin\NP4eStub.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Paul Parker\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 16:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\4effxtbr@RadioPI_4e.com: C:\Program Files\RadioPI_4e\bar\1.bin [2012/05/16 23:08:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/05 21:21:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/11/05 21:21:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/07 18:08:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 22:25:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 22:25:56 | 000,000,000 | ---D | M] [2008/09/01 18:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Extensions [2012/03/16 12:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions [2011/06/07 17:19:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012/03/16 12:19:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011/10/06 17:03:58 | 000,000,000 | ---D | M] (RadioPI) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions\4effxtbr@RadioPI_4e.com [2011/07/12 17:34:20 | 000,009,946 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\sea rchplugins\RadioPI_4e.xml [2012/04/30 20:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/18 12:33:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/03/16 12:19:29 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PAUL PARKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MX86NT78.DEFAULT\EXT ENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2010/10/07 02:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/02/21 19:45:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010/10/07 02:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/03/07 18:07:45 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppGoog leNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dl l CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\gcswf3 2.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Paul Parker\Application Data\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\ CHR - Extension: Gmail = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2009/07/23 14:31:10 | 000,000,796 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 symantec. O1 - Hosts: 127.0.0.1 nod32.com O1 - Hosts: 127.0.0.1 nod32.ru O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Toolbar BHO) - {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Search Assistant BHO) - {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files\RadioPI_4e\bar\1.bin\4eSrcAs.dll (RadioPI) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (RadioPI) - {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\ShellBrowser: (RadioPI) - {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll (RadioPI) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RadioPI_4e Browser Plugin Loader] C:\Program Files\RadioPI_4e\bar\1.bin\4ebrmon.exe (RadioPI) O4 - HKLM..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.) O4 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - http://tbedits.mywebsearch.com/one-t...2&n=2011071211 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{852E78DE-1EC7-45C7-89A2-18B03551BB89}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - http://www.ddo-europe.com/images/mic..._event_036.jpg O24 - Desktop Components:1 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/20 15:07:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/02/04 08:15:39 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ] O32 - AutoRun File - [2006/02/04 07:54:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006/02/04 08:13:29 | 000,000,161 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2006/01/31 03:56:47 | 000,942,080 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/10 01:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Parker\Desktop\DDO Lamannia Install Files [2012/04/30 20:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/30 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/21 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2012/04/19 17:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2012/04/19 17:19:36 | 000,837,224 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco322040.dll [2012/04/19 17:19:34 | 000,026,216 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll [2012/04/19 17:19:32 | 000,119,272 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys [2012/04/18 23:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Parker\Application Data\NVIDIA [8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/17 08:02:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1563985344-1801674531-1003UA.job [2012/05/17 08:01:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2012/05/17 07:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/05/17 07:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/05/17 07:41:24 | 098,399,537 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/05/17 07:38:09 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/05/17 07:37:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/05/17 07:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/05/16 23:20:42 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Desktop\Google Chrome.lnk [2012/05/16 22:31:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/05/16 22:31:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/05/16 20:40:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012/05/16 17:02:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1563985344-1801674531-1003Core.job [2012/05/16 14:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012/05/16 11:05:32 | 000,002,314 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/05/16 10:10:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012/05/15 20:20:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012/05/12 11:53:28 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/12 11:27:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/05/12 01:20:23 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/12 01:20:23 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/05/10 08:36:14 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Desktop\DDO Unlimited (Preview).lnk [2012/05/09 21:53:23 | 000,001,642 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN16R4C04P05PJ.job [2012/04/30 20:37:07 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/04/30 20:37:06 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/04/21 13:52:27 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Desktop\DDO Unlimited.lnk [2012/04/19 19:59:19 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/04/19 19:59:19 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/04/19 19:59:12 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/04/19 19:58:32 | 000,000,550 | ---- | M] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2012/04/19 14:45:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/10 08:36:14 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Paul Parker\Desktop\DDO Unlimited (Preview).lnk [2012/04/19 17:46:35 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2012/04/17 16:57:29 | 000,001,002 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1563985344-1801674531-1003UA.job [2012/04/17 16:57:28 | 000,000,950 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1563985344-1801674531-1003Core.job [2012/03/26 20:07:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012/02/15 18:10:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/03 00:03:45 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2011/12/13 12:39:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2011/11/05 21:19:33 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3050A_J611.dll [2011/11/05 21:18:40 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini [2011/10/24 12:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/10/06 17:03:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\T8SETUP.EXE [2011/09/15 17:26:08 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/05/21 06:01:00 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/04/17 09:03:06 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/04/17 09:03:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/09/03 20:12:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD30FA91 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > Last edited by Jintan; May 18th, 2012 at 12:36 AM. |
#4
|
|||
|
|||
and:
OTL Extras logfile created on: 17/05/2012 08:03:42 - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = d:\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.31 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 81.38% Memory free 4.65 Gb Paging File | 4.06 Gb Available in Paging File | 87.28% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 91.73 Gb Total Space | 24.56 Gb Free Space | 26.77% Space Free | Partition Type: NTFS Drive D: | 19.53 Gb Total Space | 8.55 Gb Free Space | 43.77% Space Free | Partition Type: NTFS Drive F: | 3.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PAUL-CA8B037DBC | User Name: Paul Parker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "D:\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- D:\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [WINAMP.BOOKMARK] -- Reg Error: Value error. Directory [WINAMP.ENQUEUE] -- Reg Error: Value error. Directory [WINAMP.PLAY] -- Reg Error: Value error. Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "57054:TCP" = 57054:TCP:*:Enabled:Pando Media Booster "57054:UDP" = 57054:UDP:*:Enabled:Pando Media Booster "58408:TCP" = 58408:TCP:*:Enabled:Pando Media Booster "58408:UDP" = 58408:UDP:*:Enabled:Pando Media Booster "56114:TCP" = 56114:TCP:*:Enabled:Pando Media Booster "56114:UDP" = 56114:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "5985:TCP" = 5985:TCP:* ![]() "80:TCP" = 80:TCP:* ![]() "56114:TCP" = 56114:TCP:*:Enabled:Pando Media Booster "56114:UDP" = 56114:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] "E:\Dragon Age 2\bin_ship\DragonAge2.exe" = E:\Dragon Age 2\bin_ship\DragonAge2.exe:*:Enabled ![]() "E:\Dragon Age 2\DragonAge2Launcher.exe" = E:\Dragon Age 2\DragonAge2Launcher.exe:*:Enabled ![]() "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microso ft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Skype\Plugin Manager\skypePM.exe" = C:\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "D:\BitTorrent\bittorrent.exe" = D:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe" = C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun -- (Westwood Studios) "C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe" = C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer Red Alert(tm) II\RA2\game.exe:*:Enabled:Main executable for Red Alert 2 -- (Westwood Studios) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "D:\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "D:\Microsoft Office\Office12\GROOVE.EXE" = D:\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "D:\Microsoft Office\Office12\ONENOTE.EXE" = D:\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3050A J611 series) -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:E nabled:HP Network Communicator (HP Deskjet 3050A J611 series) -- (Hewlett-Packard Co.) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Skype\Phone\Skype.exe" = C:\Skype\Phone\Skype.exe:*:Enabled:Skype "C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Turbine\DDO Unlimited\dndclient.exe" = C:\Program Files\Turbine\DDO Unlimited\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.) "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.) "C:\Program Files\Turbine\DDO Unlimited\dndlauncher.exe" = C:\Program Files\Turbine\DDO Unlimited\dndlauncher.exe:*:Enabled ![]() "C:\Program Files\Turbine\DDO Unlimited\TurbineInvoker.exe" = C:\Program Files\Turbine\DDO Unlimited\TurbineInvoker.exe:*:Enabled:TurbineInvo ker.exe -- (Turbine, Inc.) "C:\Program Files\Turbine\DDO Unlimited\TurbineLauncher.exe" = C:\Program Files\Turbine\DDO Unlimited\TurbineLauncher.exe:*:Enabled:TurbineLau ncher.exe -- (Turbine, Inc.) "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled ![]() "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "D:\Program Files\Turbine\DDO Unlimited (Preview)\dndclient.exe" = D:\Program Files\Turbine\DDO Unlimited (Preview)\dndclient.exe:*:Enabled:dndclient -- (Turbine, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{14C35072-D7D0-4B29-B5BF-C94E426D77E9}" = Sky Broadband "{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012 "{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012 "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB2228C5-EA86-44E1-AFF6-58B9CC260CE3}" = HP Deskjet 3050A J611 series Basic Device Software "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{AD25A8FE-964F-48DB-B5C5-AD4DDB3895AD}" = System Requirements Lab "{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}" = Temple of Elemental Evil "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B4A3B14A-1C4B-47B9-A5B5-BF429237D568}" = muveeNow 2.1 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM) "{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Trust R-series Mouse And Keyboard "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C40DCEE3-A564-4692-B1D5-DA1F252BA3BC}" = HP Deskjet 3050A J611 series Product Improvement Study "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI "{C87E0D98-7955-4BF0-A6B0-5D81146A9CB8}" = Samsung PC Studio 3 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E39C74DF-58FD-4E52-9888-2CC59DFB0B34}" = PowerQuest PartitionMagic Pro 7.0 "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "579dbe90-e989-11dd-ba2f-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ (Preview) v01 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2012 "bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 "BitTorrent" = BitTorrent "com.ea.Activation.919CACB699904AC5D41B606703500DD 39747C02D.1" = EA Shared Game Component: Activation "com.ea.Vault.919CACB699904AC5D41B606703500DD39747 C02D.1" = EA Download Manager UI "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "EA Download Manager" = EA Download Manager "EA Installer.-49286475" = EA Installer "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "HijackThis" = HijackThis 2.0.2 "HP Photo Creations" = HP Photo Creations "ie8" = Windows Internet Explorer 8 "InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}" = Mouse Driver "InstallShield_{B910DD1A-49B1-4068-9C08-E3C3AEC0C30A}" = Trust R-series Mouse And Keyboard "Intel(R) 536EP Modem" = Intel(R) 536EP Modem "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "RadioPI_4ebar Uninstall" = RadioPI "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Secunia PSI" = Secunia PSI (2.0.0.4003) "SpywareBlaster_is1" = SpywareBlaster 4.6 "SystemRequirementsLab" = System Requirements Lab "TeamSpeak 3 Client" = TeamSpeak 3 Client "VDOTool_is1" = VDOTool 6.1 "VLC media player" = VLC media player 2.0.1 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "Facebook Plug-In" = Facebook Plug-In "Google Chrome" = Google Chrome "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/05/2012 16:06:25 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 12/05/2012 19:44:26 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 13/05/2012 18:18:35 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 14/05/2012 06:39:26 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application chrome.exe, version 18.0.1025.168, faulting module gcswf32.dll, version 11.2.202.235, fault address 0x0041ee91. Error - 14/05/2012 13:33:36 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 14/05/2012 17:23:37 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 14/05/2012 18:59:29 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 15/05/2012 13:08:21 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 15/05/2012 16:26:04 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. Error - 16/05/2012 08:51:41 | Computer Name = PAUL-CA8B037DBC | Source = Application Error | ID = 1000 Description = Faulting application dndclient.exe, version 1.18.2.8024, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053. [ System Events ] Error - 16/05/2012 05:08:02 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The RadioPI Service service failed to start due to the following error: %%2 Error - 16/05/2012 12:56:48 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The SDManager service failed to start due to the following error: %%3 Error - 16/05/2012 12:56:48 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The RadioPI Service service failed to start due to the following error: %%2 Error - 16/05/2012 15:36:05 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The SDManager service failed to start due to the following error: %%3 Error - 16/05/2012 15:36:05 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The RadioPI Service service failed to start due to the following error: %%2 Error - 16/05/2012 17:21:05 | Computer Name = PAUL-CA8B037DBC | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 16/05/2012 17:22:12 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The SDManager service failed to start due to the following error: %%3 Error - 16/05/2012 17:22:12 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The RadioPI Service service failed to start due to the following error: %%2 Error - 17/05/2012 02:38:04 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The SDManager service failed to start due to the following error: %%3 Error - 17/05/2012 02:38:04 | Computer Name = PAUL-CA8B037DBC | Source = Service Control Manager | ID = 7000 Description = The RadioPI Service service failed to start due to the following error: %%2 < End of report > If the code box hinders things please edit it out and I'll use full boxes from now on. Last edited by Jintan; May 18th, 2012 at 12:37 AM. |
#5
|
|||
|
|||
Wow! That was a huge long scan for a really small readout. Had to disable AVG2012 5-6 times as it only allows a 15 minute period each time. Not sure if that effects the result, hopefully not:
GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-05-17 10:04:12 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-19 ST3120026AS rev.3.56 Running: ndox3f2s.exe; Driver: C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\kftoqfog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB2F24F3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB2F24FE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB2F25080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB2F2511C] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6DF63C0, 0x95B7EA, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) ---- EOF - GMER 1.0.15 ---- Last edited by Jintan; May 18th, 2012 at 12:37 AM. |
#6
|
|||
|
|||
Not sure what happened here with Avast. I d-loaded it fine and it started running. After about 10-15 minutes of scanning various files it seemed to get stuck on scanning a facebook uninstall file but the line was longer than the box allowed me to see and there's no expand option. After about another 15 minutes of it not moving or the number at the start of the line changing at all I used the save log option which produced the saved successfully line.
I'll post the log I got and if I need to run the whole thing again please say so. aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-05-17 10:09:04 ----------------------------- 10:09:04.453 OS Version: Windows 5.1.2600 Service Pack 3 10:09:04.453 Number of processors: 2 586 0x4B02 10:09:04.453 ComputerName: PAUL-CA8B037DBC UserName: Paul Parker 10:09:05.390 Initialize success 10:33:39.828 AVAST engine defs: 12051601 10:35:10.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-19 10:35:10.625 Disk 0 Vendor: ST3120026AS 3.56 Size: 114473MB BusType: 3 10:35:10.640 Disk 0 MBR read successfully 10:35:10.640 Disk 0 MBR scan 10:35:10.656 Disk 0 Windows XP default MBR code 10:35:10.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 93934 MB offset 63 10:35:10.687 Disk 0 Partition - 00 0F Extended LBA 20536 MB offset 192378375 10:35:10.718 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20002 MB offset 192378438 10:35:10.734 Disk 0 scanning sectors +234436545 10:35:10.984 Disk 0 scanning C:\WINDOWS\system32\drivers 10:35:57.531 Service scanning 10:36:13.546 Modules scanning 10:37:13.968 Disk 0 trace - called modules: 10:37:14.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 10:37:14.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b26bab8] 10:37:14.015 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8b26e9e8] 10:37:14.015 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-19[0x8b2a0d98] 10:37:14.687 AVAST engine scan C:\WINDOWS 10:38:05.437 AVAST engine scan C:\WINDOWS\system32 10:48:43.125 AVAST engine scan C:\WINDOWS\system32\drivers 10:50:03.328 AVAST engine scan C:\Documents and Settings\Paul Parker 10:55:47.718 Disk 0 MBR has been saved successfully to "d:\My Documents\Downloads\MBR.dat" 10:55:47.750 The log file has been saved successfully to "d:\My Documents\Downloads\aswMBR.txt" Last edited by Jintan; May 18th, 2012 at 12:38 AM. |
#7
|
||||
|
||||
Yes, we do need the post with Code or Quote, to be better able to review them. Which I will do in a moment.
I received your PM, but better to respond to it here, where others might see the infi. Our Helpers are always vigilant of log info that may show personal data, and any that does show (other than things like a name) are quickly removed. Plenty of others review all the threads here in the forum often, usually so that they also can benefit from the cleaning process info. |
#8
|
||||
|
||||
None of the tougher malware I would expect on a system that uses torrent software. Just know that is the number one way of getting a seriously infected system. But I see it - RadioPI is MyWebSearch. Too often these installers make changes where their uninstall process still eaves their settings behind.
Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. RadioPI Then reboot after, and run and post a new OTL log please. |
#9
|
|||
|
|||
Quote:
Uses torrent software? I looked on my program list, the only thing with torrent is bittorrent but that says it it hasn't been used since December 2009. I remember my girlfriend was looking for some books and downloaded something or other, I assume that's what it's for. Is it something I'm better getting rid of if it's risky? Anyway as to the radiopi, I installed it a year or so ago to be able to listen to local radio stations on the PC but didn't use it beyond that day and thought I'd removed it, apparently not. I tried to use add/remove programs to get rid of it again today but got this message: ---------------------------------------------------------------------------- RUNDLL Error loading C:\PROGRA~1\RADIOPI~2\bar\1.bin\t8unpat.dll The specified module could not be found. OK ---------------------------------------------------------------------------- Any idea how I can remove this? The mywebsearch problem only appeared a couple days ago but I'd removed most of what I thought was the radiopi several months ago, I'm not sure what woke it up. So any new OTL log would produce the same as the first. |
#10
|
||||
|
||||
Some scan may have removed the .dll file.
Go here and download and install the free trial version of Revo's Uninstaller, and see if that shows RadioPI. If so, right click RadioPI, and select Uninstall, then follow the prompts to complete the uninstall. Be sure to leave the setting as "Moderate", and it is okay to use "Select All" to Delete what Revo finds. Reboot, then follow the earlier steps. A Caution - Revo is honestly a tool of last resort. I suggest never using it in lieu of the program's own uninstaller, and never for any security programs. |
#11
|
|||
|
|||
AAAARRRRGGGGHHHH!!!!!
D-loaded and installed Revo and followed the instructions. At step 2 the same RUNDLL information box popped up as post 7 but it seemed to proceed and found a lot of leftover files, all removed, and some files that needed a restart to remove which I did. I started up again, checked my add/remove program list, no radiopi. Checked Revo again, no radiopi. Opened Chrome again.... up pops mywebsearch again!! I'll do another OTL run to see what they brings up. |
#12
|
|||
|
|||
I didn't get an extras file appear this time, not sure why.
The radiopi has gone from the hosts, although the mywebsearch still appears in lieu of the chrome homepage showing the 8 favourite visited sites. ------------------------------------------------------ OTL logfile created on: 18/05/2012 12:50:05 - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = D:\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.31 Gb Total Physical Memory | 2.82 Gb Available Physical Memory | 85.19% Memory free 4.65 Gb Paging File | 4.23 Gb Available in Paging File | 90.89% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 91.73 Gb Total Space | 26.11 Gb Free Space | 28.46% Space Free | Partition Type: NTFS Drive D: | 19.53 Gb Total Space | 8.87 Gb Free Space | 45.41% Space Free | Partition Type: NTFS Drive F: | 3.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: PAUL-CA8B037DBC | User Name: Paul Parker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/17 08:02:57 | 000,595,456 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe PRC - [2012/03/07 18:08:03 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe PRC - [2012/03/01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011/11/28 02:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe PRC - [2011/10/10 07:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2011/09/08 21:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2011/08/15 07:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2011/03/30 19:46:06 | 001,721,192 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- D:\Microsoft Office\Office12\GrooveMonitor.exe PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/29 00:19:16 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMWDSrv.exe PRC - [2008/03/28 16:23:58 | 000,331,776 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMProcess.exe PRC - [2007/03/28 01:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\KMCONFIG.exe PRC - [2007/03/06 15:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files\Mouse Driver\StartAutorun.exe ========== Modules (No Company Name) ========== MOD - [2012/03/07 18:08:03 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe MOD - [2012/01/16 19:06:51 | 000,692,224 | ---- | M] () -- C:\Program Files\AVG Secure Search\iGearedHelper.dll MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/30 22:19:19 | 001,841,000 | ---- | M] () -- C:\WINDOWS\system32\HPScanTRDrv_DJ3050A_J611.dll MOD - [2007/03/29 13:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files\Mouse Driver\keydll.dll MOD - [2005/05/04 20:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files\Mouse Driver\MouseHook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\RADIOP~2\bar\1.bin\4ebarsvc.exe -- (RadioPI_4eService) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/21 02:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/07 18:08:03 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0) SRV - [2012/03/01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008/03/29 00:19:16 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE) SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\SpywareDetector\SDManager.sys -- (SDManager) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PAULPA~1\LOCALS~1\Temp\mdxgthkn.sys -- (mdxgthkn) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011/10/07 07:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2011/10/04 07:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011/09/13 07:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/08/08 07:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/07/11 02:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011/07/11 02:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011/07/11 02:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV - [2011/07/11 02:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011/03/03 16:59:22 | 000,119,272 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI) DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/07/27 15:15:24 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/03/22 12:31:58 | 000,017,024 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS -- (KMWDFilter) DRV - [2007/07/03 16:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 16:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 16:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/05/10 11:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007/03/16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004/12/10 23:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (IntelS51) Intel(R) DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl) DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2001/08/10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source? } IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\URLSearchHook: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - No CLSID value found IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{031949b3-28b6-43a4-90e2-dde1cfe21390}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=sb&searchfor={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={64CFFA73-18F0-43CA-9FE1-D9BE04AE9C2D}&mid=4c6c2f2960f4c0ba2e7665429de06063-7aa5d9813978f7fd7ba5c6dd5620e1459532de43&lang=en&d s=AVG&pr=fr&d=2011-11-07 16:25:58&v=9.0.0.18&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Y9xdm003YYgb&ptb=ADCA9B2F-1B75-4D38-9003-2EF1327E8602&ind=2011071211&ptnrS=Y9xdm003YYgb&si= &n=77de82eb&psa=&st=kwd&searchfor=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4e\bar\1.bin\NP4eStub.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Paul Parker\Application Data\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/02/04 16:22:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\4effxtbr@RadioPI_4e.com: C:\Program Files\RadioPI_4e\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/11/05 21:21:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/11/05 21:21:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\ [2012/03/07 18:08:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/16 22:25:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/16 22:25:56 | 000,000,000 | ---D | M] [2008/09/01 18:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Extensions [2012/05/18 01:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions [2011/06/07 17:19:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2012/03/16 12:19:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Paul Parker\Application Data\Mozilla\Firefox\Profiles\mx86nt78.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/04/30 20:37:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/01/18 12:33:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/03/16 12:19:29 | 000,634,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PAUL PARKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MX86NT78.DEFAULT\EXT ENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PAUL PARKER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MX86NT78.DEFAULT\EXT ENSIONS\4EFFXTBR@RADIOPI_4E.COM [2012/04/21 02:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008/08/16 17:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008/08/16 17:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008/08/16 17:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2008/05/21 08:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2008/05/21 08:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2008/05/21 08:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2010/10/07 02:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll [2012/02/21 19:45:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2008/08/16 17:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010/10/07 02:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll [2008/08/16 17:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2012/04/21 03:09:17 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/03/07 18:07:45 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/04/21 03:09:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:09:17 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/04/21 03:09:17 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/04/21 03:09:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012/04/21 03:09:18 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\ppGoog leNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\pdf.dl l CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.46\gcswf3 2.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Paul Parker\Application Data\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\ CHR - Extension: Gmail = C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\ O1 HOSTS File: ([2009/07/23 14:31:10 | 000,000,796 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 symantec. O1 - Hosts: 127.0.0.1 nod32.com O1 - Hosts: 127.0.0.1 nod32.ru O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\s wg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [GrooveMonitor] D:\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe (Palit Microsystems, Inc.) O4 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - http://tbedits.mywebsearch.com/one-t...2&n=2011071211 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub...irector/sw.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{852E78DE-1EC7-45C7-89A2-18B03551BB89}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - http://www.ddo-europe.com/images/mic..._event_036.jpg O24 - Desktop Components:1 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul Parker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/20 15:07:59 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/02/04 08:15:39 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ] O32 - AutoRun File - [2006/02/04 07:54:04 | 000,724,992 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2006/02/04 08:13:29 | 000,000,161 | R--- | M] () - F:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2006/01/31 03:56:47 | 000,942,080 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/18 12:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Parker\Local Settings\Application Data\VS Revo Group [2012/05/18 12:24:15 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys [2012/05/18 12:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro [2012/05/18 12:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/05/10 01:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Parker\Desktop\DDO Lamannia Install Files [2012/04/30 20:37:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2012/04/30 20:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/04/21 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2012/04/19 17:21:29 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS [2012/04/19 17:19:36 | 000,837,224 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdagenco322040.dll [2012/04/19 17:19:34 | 000,026,216 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvhdap32.dll [2012/04/19 17:19:32 | 000,119,272 | R--- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvhda32.sys [2012/04/18 23:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul Parker\Application Data\NVIDIA [8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/05/18 12:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/05/18 12:32:13 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/05/18 12:32:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/05/18 12:30:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/05/18 12:24:17 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2012/05/18 12:21:15 | 098,543,313 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2012/05/18 01:02:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1563985344-1801674531-1003UA.job [2012/05/18 01:01:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2012/05/18 00:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/05/17 20:40:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012/05/17 20:20:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012/05/17 17:02:00 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1563985344-1801674531-1003Core.job [2012/05/17 14:00:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012/05/17 10:10:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012/05/16 23:20:42 | 000,002,336 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Desktop\Google Chrome.lnk [2012/05/16 22:31:08 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/05/16 22:31:08 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/05/16 11:05:32 | 000,002,314 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/05/12 11:53:28 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/12 11:27:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/05/12 01:20:23 | 000,444,494 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/12 01:20:23 | 000,072,370 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/05/10 08:36:14 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Desktop\DDO Unlimited (Preview).lnk [2012/05/09 21:53:23 | 000,001,642 | ---- | M] () -- C:\WINDOWS\tasks\hpwebreg_CN16R4C04P05PJ.job [2012/04/30 20:37:07 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2012/04/30 20:37:06 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2012/04/21 13:52:27 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Paul Parker\Desktop\DDO Unlimited.lnk [2012/04/19 19:59:19 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012/04/19 19:59:19 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012/04/19 19:59:12 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012/04/19 19:58:32 | 000,000,550 | ---- | M] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2012/04/19 14:45:52 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [8 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/05/18 12:24:17 | 000,000,931 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2012/05/10 08:36:14 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Paul Parker\Desktop\DDO Unlimited (Preview).lnk [2012/04/19 17:46:35 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2012/03/26 20:07:29 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2012/02/15 18:10:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/03 00:03:45 | 000,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2011/12/13 12:39:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2011/11/05 21:19:33 | 001,841,000 | ---- | C] () -- C:\WINDOWS\System32\HPScanTRDrv_DJ3050A_J611.dll [2011/11/05 21:18:40 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini [2011/10/24 12:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/10/06 17:03:55 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\T8SETUP.EXE [2011/09/15 17:26:08 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/05/21 06:01:00 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/04/17 09:03:06 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/04/17 09:03:06 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010/09/03 20:12:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD30FA91 @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report > |
#13
|
|||
|
|||
GOT IT!!!!
As usual the simplest solution seems to work. The reason I was still getting the mywebsearch page on startup was that it was set up as the startup page in my settings for chrome. I assume that means it actually searched for it each time because it thought I wanted it to. I think I missed it because whenever I looked up for ways to remove it, all the instructions told me to use options or under the hood to alter chrome settings but for some reason in my version of chrome I haven't got an under the hood, it's all included in settings. So unless you see anything else in the files to be concerned about and it doesn't return I THINK we've solved the problem. I also decided in appreciation of the help to add a 3 year subscription to the site, thanks for all the help with the issues I've had. Last edited by Buggs; May 18th, 2012 at 02:18 PM. |
#14
|
||||
|
||||
Always helpful when folks subscribe here. All volunteers, but subscriptions help offset site costs.
Good you figured out the home page hijack. Still a bit more entries left behind, by MyWebSearch adware and others. Follow the steps here to reset Internet Explorer 8 back to it's default setting. Again just too many search hijacker etc. changes done to it. --------- Follow the steps here to reset Google Chrome, to remove the adware/search hijackers showing loading in it. ---------- In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart". Reset toolbars and controls Reset all user preferences to Firefox defaults Restore default search engines You can change those later to whatever you prefer, but for now, too many search hijackers have altered things there. Then you can go ahead and choose and change all the browser settings you wish, and be rid of the unwanted stuff. Reboot after you have made all those changes, then after, post back how everything is running now please. |
#15
|
|||
|
|||
Hi Jintan,
The IE and Firefox went fine, exactly as explained. However the chrome explanations bear little resemblance to the chrome I have. Where the instructions show customize and control Google chrome, I see nothing even vaguely like that but I do have the wrench symbol, where the instructions ask to click options I only have settings and in settings I don't have basics, minor tweaks and under the hood, I do have history, extensions, settings and help and it's in settings that I've done everything you've asked so far like start-up settings and default browser. Does this all mean the instructions are out of date or that my chrome is so messed up that it looks nothing like it's meant to? The mywebsearch is still gone and I don't know if any connection is possible but since I started using the downloads you suggested I've started having some strange problems with an mmo I play with a few people saying they think it might be my graphics card which is very new. Is there any chance there could be any link between the downloads and the problems I'm having. If you think it might be worth looking into I can add some details later. Last edited by Buggs; May 19th, 2012 at 03:01 PM. |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Both Firefox and Chrome taking up too much CPU | Liz81 | Windows 8 | 3 | March 4th, 2020 01:19 PM |
mywebsearch | Jimmu | Malware Removal | 21 | December 30th, 2009 02:26 AM |
mywebsearch | Jimmu | Windows XP | 4 | December 17th, 2009 02:37 AM |
MyWebSearch | 4harpers | Malware Removal | 1 | May 29th, 2006 05:07 AM |
All times are GMT +1. The time now is 02:35 AM.