Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old March 2nd, 2012, 01:11 PM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
I have doone all the steps. Hope I did the regedit step correctly.
Herb W
Reply With Quote


  #17  
Old March 3rd, 2012, 12:02 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,144
Is your system running better now? Please run and post a new OTL log.
Reply With Quote
  #18  
Old March 3rd, 2012, 07:01 PM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
OTL logfile created on: 3/3/2012 12:40:55 PM - Run 3
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\herbw2\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 55.05% Memory free
4.21 Gb Paging File | 3.12 Gb Available in Paging File | 74.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 49.24 Gb Free Space | 46.81% Space Free | Partition Type: NTFS

Computer Name: HERBW2-PC | User Name: herbw2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 12:40:14 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\herbw2\Downloads\OTL.exe
PRC - [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\herbw2\AppData\Local\Akamai\netsession_wi n.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/01/09 09:46:26 | 000,313,624 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2012/01/09 09:46:26 | 000,153,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/17 20:34:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe
PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/09/02 14:00:10 | 001,146,256 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
PRC - [2010/08/12 15:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/01 17:38:16 | 000,038,400 | R--- | M] () -- C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
PRC - [2007/03/14 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/13 18:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/02/13 18:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/02/09 13:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/02/05 14:22:08 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/22 23:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/11 20:36:34 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006/11/28 22:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/11/28 22:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/11/28 22:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/11/13 08:32:52 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/11/13 08:32:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/11/13 08:32:49 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 06:36:02 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 09:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 06:35:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xm l.ni.dll
MOD - [2012/02/16 06:35:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3 \System.Windows.Forms.ni.dll
MOD - [2012/02/16 06:34:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\137696d0416b65dbc1561152971488b4\Syste m.Drawing.ni.dll
MOD - [2012/02/16 06:32:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/12 05:52:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/12/01 17:38:16 | 000,038,400 | R--- | M] () -- C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
MOD - [2007/01/23 08:12:47 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/01/23 08:12:27 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/10 15:51:07 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/09 09:46:26 | 000,313,624 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/14 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/02/13 18:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/01/16 16:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 16:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/16 16:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/10 18:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/10 13:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/01/08 19:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 19:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/08 19:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/28 22:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/11/28 22:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/11/28 22:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Lavasoft Kernexplorer)
DRV - [2012/01/25 10:18:14 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/01/25 10:16:44 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/01/25 10:16:44 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/01/25 10:16:44 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 18:00:19 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/18 05:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/08 19:03:16 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/08 19:03:16 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/08 08:27:24 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/02/01 01:37:18 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/11/13 22:07:45 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 08:32:52 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/10/18 14:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 13:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\..\SearchScopes,DefaultScope = {8559919C-0A84-4B5D-A82C-54BD40405BC5}
IE - HKLM\..\SearchScopes\{8559919C-0A84-4B5D-A82C-54BD40405BC5}: "URL" = http://search.aol.com/aolcom/webhome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z192&install_date=20110828
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\..\SearchScopes,DefaultScope = {409F77EF-05DC-4EF1-80CB-13FDE0F637FF}
IE - HKU\..\SearchScopes\{011870E8-844A-4D10-8289-4978D6C84DA3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}
IE - HKU\..\SearchScopes\{409F77EF-05DC-4EF1-80CB-13FDE0F637FF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=I E-SearchBox
IE - HKU\..\SearchScopes\{8559919C-0A84-4B5D-A82C-54BD40405BC5}: "URL" = http://search.aol.com/aolcom/webhome
IE - HKU\..\SearchScopes\{F88C01AF-7259-4F87-AFE3-B5EC4BC642C3}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www22.verizon.com/foryourhome/MyAccount/Protected/Overview/MyOverView.aspx"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\herbw2\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/02/25 18:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 20:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/02 06:13:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\moveplayer@movenetworks.com: C:\Users\herbw2\AppData\Roaming\Move Networks [2009/10/11 08:04:32 | 000,000,000 | ---D | M]

[2012/02/25 16:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/10/11 08:04:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\HERBW2\APPDATA\ROAMING\MOVE NETWORKS
[2012/02/26 07:37:24 | 000,000,000 | ---D | M] (iGive Button) -- C:\USERS\HERBW2\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\LBT7PERA.DEFAULT\EXTENSIONS\{E68155BA-066F-4CC9-B128-4A2627664264}
() (No name found) -- C:\USERS\HERBW2\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\LBT7PERA.DEFAULT\EXTENSIONS\NOSQUINT@URANDO M.CA.XPI
[2009/07/01 17:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/15 17:23:17 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2010/11/22 17:04:00 | 000,865,632 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEnco ding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}{google:instantFieldTrialGroupParame ter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: YouTube = C:\Users\herbw2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\herbw2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjf jnkonk\1.5_0\

O1 HOSTS File: ([2009/02/14 21:35:11 | 000,293,112 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10094 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TBSB03657 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\iGive Button\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (iGive Button) - {43989788-13D1-4BE7-8404-DB58166E06CD} - C:\Program Files\iGive Button\tbcore3.dll ()
O3 - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickBooks Simple Start] C:\Program Files\Intuit\SimpleStartEntice\entice.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-359212865-3667773309-2497541235-1005..\Run: [Akamai NetSession Interface] C:\Users\herbw2\AppData\Local\Akamai\netsession_wi n.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\herbw2\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\herbw2\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\herbw2\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: iGive Button - {43989788-13D1-4BE7-8404-DB58166E06CD} - C:\Program Files\iGive Button\tbcore3.dll ()
O9 - Extra 'Tools' menuitem : iGive Button - {43989788-13D1-4BE7-8404-DB58166E06CD} - C:\Program Files\iGive Button\tbcore3.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedopt...zTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7EC5F23B-DDE9-4616-8DD9-3C78B2911781}: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8A1F874F-9E26-49BD-ADCA-208A805769E0}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6a757ba9-5c99-11d9-9087-001a804475aa}\Shell\AutoRun\command - "" = q9.cmd
O33 - MountPoints2\{6a757ba9-5c99-11d9-9087-001a804475aa}\Shell\open\Command - "" = q9.cmd
O33 - MountPoints2\{a1e302fb-5bb7-11d9-865b-001a804475aa}\Shell\AutoRun\command - "" = sm.exe
O33 - MountPoints2\{a1e302fb-5bb7-11d9-865b-001a804475aa}\Shell\open\Command - "" = sm.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/27 07:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/02/25 19:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/25 19:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/25 17:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2012/02/25 17:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012/02/24 05:04:18 | 000,000,000 | ---D | C] -- C:\LocalLow
[2012/02/24 05:04:18 | 000,000,000 | ---D | C] -- \LocalLow
[2012/02/19 12:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2012/02/16 06:12:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 06:12:17 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 06:12:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 06:12:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 06:12:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 06:12:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 05:26:10 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/12 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\herbw2\Documents\Amazon MP3
[2012/02/12 15:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/02/02 17:25:39 | 000,000,000 | ---D | C] -- C:\Users\herbw2\Musi****itled - 02-02-12
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\herbw2\*.tmp files -> C:\Users\herbw2\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 12:34:18 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/03/03 12:33:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/03 12:33:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 12:33:35 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 12:33:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 09:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 09:40:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2012/03/02 05:59:33 | 000,000,166 | ---- | M] () -- C:\Users\herbw2\fixer.reg
[2012/03/01 04:30:01 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/03/01 04:30:01 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/28 04:18:50 | 000,000,680 | ---- | M] () -- C:\Users\herbw2\AppData\Local\d3d9caps.dat
[2012/02/26 07:32:31 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\iGive Homepage.lnk
[2012/02/25 21:14:01 | 244,779,465 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/25 20:39:50 | 000,000,870 | ---- | M] () -- C:\Users\herbw2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/25 20:39:50 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/25 19:43:09 | 000,001,955 | ---- | M] () -- C:\Users\herbw2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/25 19:33:25 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/25 19:31:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/19 12:35:11 | 000,001,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2012/02/19 12:35:11 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2012/02/18 06:36:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/16 06:53:52 | 000,660,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/16 06:53:52 | 000,126,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/16 06:26:24 | 000,331,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/12 15:13:20 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/02/12 07:08:54 | 000,005,642 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/02/09 05:55:57 | 000,222,996 | ---- | M] () -- C:\test.xml
[2012/02/03 15:14:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\herbw2\*.tmp files -> C:\Users\herbw2\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/01 07:18:26 | 000,000,166 | ---- | C] () -- C:\Users\herbw2\fixer.reg
[2012/02/25 19:33:25 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/25 19:33:25 | 000,001,955 | ---- | C] () -- C:\Users\herbw2\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/19 12:35:11 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2012/02/19 12:35:11 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2012/02/12 15:13:20 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/01/10 06:12:40 | 000,222,996 | ---- | C] () -- \test.xml
[2011/11/23 20:02:20 | 000,000,680 | ---- | C] () -- C:\Users\herbw2\AppData\Local\d3d9caps.dat
[2011/07/19 13:59:55 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/04/26 03:52:31 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 03:52:31 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/24 06:04:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/07/27 13:48:03 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >

All the suspect software has been removed. Windows defender disabled.
Have not reinstalled avast yet. Malware bytes is still installed.
Thank you very much.
Herb Wasserman
Reply With Quote
  #19  
Old March 4th, 2012, 12:06 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,144
Very good. Now to deal with malware.

The malware has included an autorun type component, so if any external drives have been used on this computer recently be sure to install them now, and leave them installed until ALL repairs on it are completed. If not, they will remain infected and can re-infect the computer (or others).


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Click here and download Flash_Disinfector.exe and save it to your desktop.

Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

The utility may ask you to insert your flash drive and/or other external/removable drives. Please do so and allow the utility to clean up those drives as well.

Then leave any drives installed until all repairs here have been completed.

This will also create autorun.inf folders on all drives there, which serves to block autoloading infection from creating some of their bad files they need to infect other drives and systems.

-------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

Don't worry, we won't forget about removing Speedbit, soon as this all is done.
Reply With Quote
  #20  
Old March 4th, 2012, 01:06 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
Could not save Flash disinfector. It downloaded, but got message about its not being
installed correctly. I indicated it was bit it would not allow. Even when I clicked the install correctly option, it would not do it. All my malware programs are uninstalled. I even uninstalled ccleaner and auslogics
.
Herb W
Reply With Quote
  #21  
Old March 4th, 2012, 01:46 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,144
Go ahead with the ComboFix step please.
Reply With Quote
  #22  
Old March 4th, 2012, 02:29 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
ComboFix 12-03-03.02 - herbw2 03/03/2012 19:54:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1045 [GMT -5:00]
Running from: c:\users\herbw2\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\iGive Button\tbHElper.dll
c:\programdata\pswi_preloaded.exe
c:\users\herbw2\AppData\Roaming\MoveMediaPlayerWin Silent_071505000011.exe
c:\users\herbw2\GoToAssistDownloadHelper.exe
c:\users\herbw2\NTUSER.LMIRescue.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
.
.
2012-03-04 01:03 . 2012-03-04 01:04 -------- d-----w- c:\users\herbw2\AppData\Local\temp
2012-03-04 01:03 . 2012-03-04 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 11:04 . 2012-02-20 06:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A14AF6B5-E126-4F5B-B86D-88963910DA5C}\mpengine.dll
2012-03-01 12:18 . 2012-03-02 10:59 166 ----a-w- c:\users\herbw2\fixer.reg
2012-02-27 12:05 . 2012-02-27 12:05 -------- d-----w- c:\users\herbw2\AppData\Roaming\DriverCure
2012-02-27 12:05 . 2012-02-27 12:05 -------- d-----w- c:\users\herbw2\AppData\Roaming\SpeedyPC Software
2012-02-27 12:05 . 2012-02-28 09:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-02-26 00:30 . 2012-03-02 11:39 -------- d-----w- c:\programdata\AVAST Software
2012-02-25 22:39 . 2012-02-25 22:56 -------- d-----w- c:\users\herbw2\AppData\Roaming\FreeFileViewer
2012-02-25 22:36 . 2012-02-25 22:36 -------- d-----w- c:\program files\File Type Assistant
2012-02-25 22:35 . 2012-02-25 22:35 -------- d-----w- c:\program files\FreeFileViewer
2012-02-24 10:04 . 2012-02-24 10:04 -------- d-----w- C:\LocalLow
2012-02-19 17:35 . 2012-02-19 17:35 -------- d-----w- c:\programdata\Amazon
2012-02-16 10:26 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 10:26 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-16 10:26 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-18 11:36 . 2011-05-16 19:00 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 10:10 . 2009-10-03 10:58 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 15:16 . 2012-01-25 15:16 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-12-18 01:34 . 2003-03-19 04:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-12-18 01:34 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-02-16 14:40 . 2011-06-21 00:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{43989788-13D1-4BE7-8404-DB58166E06CD}"= "c:\program files\iGive Button\tbcore3.dll" [2011-07-01 2653016]
.
[HKEY_CLASSES_ROOT\clsid\{43989788-13d1-4be7-8404-db58166e06cd}]
[HKEY_CLASSES_ROOT\TBSB03657.TBSB03657.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB03657.TBSB03657]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Akamai NetSession Interface"="c:\users\herbw2\AppData\Local\Akamai\n etsession_win.exe" [2012-02-02 3329824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2006-12-07 577536]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-05 4317184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2007-01-23 81920]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-23 321656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-23 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-23 106496]
"Corel File Shell Monitor"="c:\program files\Corel\Corel MediaOne\CorelIOMonitor.exe" [2007-12-01 38400]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-03-05 1603152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-18 296056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\users\herbw2\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\herbw2\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-12-1 2624512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-02-13 23:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^herbw2^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^herbw2^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 10:07]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 10:07]
.
2005-01-06 c:\windows\Tasks\Vaio Service Utility.job
- c:\program files\Sony\Vaio Service Utility\VAIO-SU.exe [2007-02-16 12:34]
.
.
------- Supplementary Scan -------
.
IE: Free YouTube to MP3 Converter - c:\users\herbw2\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubetomp3converter.htm
IE: {{43989788-13D1-4BE7-8404-DB58166E06CD} - {43989788-13D1-4BE7-8404-DB58166E06CD} - c:\program files\iGive Button\tbcore3.dll
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB
FF - ProfilePath - c:\users\herbw2\AppData\Roaming\Mozilla\Firefox\Pr ofiles\lbt7pera.default\
FF - prefs.js: browser.startup.homepage - hxxp://www22.verizon.com/foryourhome/MyAccount/Protected/Overview/MyOverView.aspx
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 20:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\A kamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-03 20:08:06
ComboFix-quarantined-files.txt 2012-03-04 01:08
.
Pre-Run: 50,873,757,696 bytes free
Post-Run: 50,969,907,200 bytes free
.
- - End Of File - - E64632E5BC2DF4693F7D0AFDC7D52C19
Reply With Quote
  #23  
Old March 5th, 2012, 01:49 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,144
Looking better. Are things running better now?

Missed one item to remove.

Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

iGive Button - Adware, search hijacker.

----------

Go here and download and install the free trial version of Revo's Uninstaller, and see if that shows SpeedBit.

If so, right click SpeedBit, and select Uninstall, then follow the prompts to complete the uninstall. Be sure to leave the setting as "Moderate", and it is okay to use "Select All" to Delete what Revo finds.

If that was successful, reboot and run and post a new OTL log please.
Reply With Quote
  #24  
Old March 5th, 2012, 11:18 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
I posted otl log reply twice, but it disappeared. Computer running much better. However, when I click windows button start search the following shows: search.speedbit.com/aff=svd_VA/ This leads to a search box"powered by ask"

Last edited by herbw2; March 5th, 2012 at 11:28 AM.
Reply With Quote
  #25  
Old March 5th, 2012, 11:24 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
I am having trouble replying. Please advise. My last post seems to not be edited properly and my post of the otl log is not there
Reply With Quote
  #26  
Old March 5th, 2012, 11:25 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
OTL logfile created on: 3/5/2012 4:45:03 AM - Run 4
OTL by OldTimer - Version 3.2.35.0 Folder = c:\Users\herbw2\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.27% Memory free
4.21 Gb Paging File | 2.86 Gb Available in Paging File | 67.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 45.97 Gb Free Space | 43.71% Space Free | Partition Type: NTFS

Computer Name: HERBW2-PC | User Name: herbw2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/03 12:40:14 | 000,585,216 | ---- | M] (OldTimer Tools) -- c:\Users\herbw2\Downloads\OTL.exe
PRC - [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/02 02:44:30 | 003,329,824 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\herbw2\AppData\Local\Akamai\netsession_wi n.exe
PRC - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/01/09 09:46:26 | 000,313,624 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2012/01/09 09:46:26 | 000,153,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/17 20:34:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe
PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/09/02 14:00:10 | 001,146,256 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
PRC - [2010/08/12 15:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/01 17:38:16 | 000,038,400 | R--- | M] () -- C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
PRC - [2007/03/14 10:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/02/13 18:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/02/13 18:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/02/09 13:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/02/05 14:22:08 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/02/04 11:02:14 | 000,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
PRC - [2007/01/22 23:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/11 20:36:34 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2006/11/28 22:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/11/28 22:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2006/11/28 22:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2006/11/13 08:32:52 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/11/13 08:32:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/11/13 08:32:49 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/18 06:36:02 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/16 18:27:57 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\2598077ccea480c6120d3a1ad4455be0\System.We b.ni.dll
MOD - [2012/02/16 09:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 06:35:48 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xm l.ni.dll
MOD - [2012/02/16 06:35:13 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3 \System.Windows.Forms.ni.dll
MOD - [2012/02/16 06:34:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\137696d0416b65dbc1561152971488b4\Syste m.Drawing.ni.dll
MOD - [2012/02/16 06:32:12 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/12 05:52:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/12/01 17:38:16 | 000,038,400 | R--- | M] () -- C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
MOD - [2007/01/23 08:12:47 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/01/23 08:12:27 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/10 15:51:07 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2012/01/25 10:16:28 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/01/09 09:46:26 | 000,313,624 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMes sageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/08/12 15:15:34 | 000,187,792 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/14 10:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/02/13 18:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/01/16 16:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 16:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/16 16:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/10 18:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/10 13:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardware ResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/01/08 19:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 19:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/08 19:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/28 22:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/11/28 22:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2006/11/28 22:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Stopped] -- -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/01/25 10:18:14 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2012/01/25 10:16:44 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/01/25 10:16:44 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/01/25 10:16:44 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/12/15 18:00:19 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2008/08/18 05:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/08 19:03:16 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/08 19:03:16 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/08 08:27:24 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/02/01 01:37:18 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006/11/13 22:07:45 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/13 08:32:52 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/10/18 14:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/18 13:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {8559919C-0A84-4B5D-A82C-54BD40405BC5}
IE - HKLM\..\SearchScopes\{8559919C-0A84-4B5D-A82C-54BD40405BC5}: "URL" = http://search.aol.com/aolcom/webhome


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z192&install_date=20110828
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\..\SearchScopes,DefaultScope = {409F77EF-05DC-4EF1-80CB-13FDE0F637FF}
IE - HKU\..\SearchScopes\{011870E8-844A-4D10-8289-4978D6C84DA3}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}
IE - HKU\..\SearchScopes\{409F77EF-05DC-4EF1-80CB-13FDE0F637FF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=I E-SearchBox
IE - HKU\..\SearchScopes\{8559919C-0A84-4B5D-A82C-54BD40405BC5}: "URL" = http://search.aol.com/aolcom/webhome
IE - HKU\..\SearchScopes\{F88C01AF-7259-4F87-AFE3-B5EC4BC642C3}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www22.verizon.com/foryourhome/MyAccount/Protected/Overview/MyOverView.aspx"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\herbw2\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2012/02/25 18:46:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 20:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/02 06:13:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\moveplayer@movenetworks.com: C:\Users\herbw2\AppData\Roaming\Move Networks [2009/10/11 08:04:32 | 000,000,000 | ---D | M]

[2012/03/04 09:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/04 09:49:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2009/10/11 08:04:32 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\HERBW2\APPDATA\ROAMING\MOVE NETWORKS
() (No name found) -- C:\USERS\HERBW2\APPDATA\ROAMING\MOZILLA\FIREFOX\PR OFILES\LBT7PERA.DEFAULT\EXTENSIONS\NOSQUINT@URANDO M.CA.XPI
[2009/07/01 17:15:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/04 09:49:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/02/15 17:23:17 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2010/11/22 17:04:00 | 000,865,632 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\mozilla firefox\plugins\npzzatif.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/03 20:04:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickBooks Simple Start] C:\Program Files\Intuit\SimpleStartEntice\entice.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-359212865-3667773309-2497541235-1005..\Run: [Akamai NetSession Interface] C:\Users\herbw2\AppData\Local\Akamai\netsession_wi n.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\herbw2\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\herbw2\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-359212865-3667773309-2497541235-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\herbw2\AppData\Roaming\DVDVideoSoftIEHelp ers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://my.verizon.com/micro/speedopt...zTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{7EC5F23B-DDE9-4616-8DD9-3C78B2911781}: DhcpNameServer = 192.168.1.1 68.237.161.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{8A1F874F-9E26-49BD-ADCA-208A805769E0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 04:35:22 | 000,000,000 | ---D | C] -- C:\Users\herbw2\AppData\Local\VS Revo Group
[2012/03/05 04:35:19 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2012/03/05 04:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2012/03/05 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/03/04 09:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/04 09:49:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/04 09:49:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/04 09:49:41 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 20:08:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/03 20:08:12 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2012/03/03 20:08:08 | 000,000,000 | ---D | C] -- C:\Users\herbw2\AppData\Local\temp
[2012/03/03 19:50:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 19:50:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 19:50:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 19:50:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/03 19:50:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/03 19:50:26 | 000,000,000 | ---D | C] -- \ComboFix
[2012/03/03 19:50:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/03 19:50:22 | 000,000,000 | ---D | C] -- \Qoobox
[2012/02/27 07:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/02/25 19:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/02/25 17:36:01 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Assistant
[2012/02/25 17:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFileViewer
[2012/02/24 05:04:18 | 000,000,000 | ---D | C] -- C:\LocalLow
[2012/02/24 05:04:18 | 000,000,000 | ---D | C] -- \LocalLow
[2012/02/19 12:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Amazon
[2012/02/16 06:12:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 06:12:17 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 06:12:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 06:12:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 06:12:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 06:12:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 05:26:10 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/12 15:16:08 | 000,000,000 | ---D | C] -- C:\Users\herbw2\Documents\Amazon MP3
[2012/02/12 15:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/05 04:35:20 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/03/05 04:26:08 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/03/05 04:25:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 04:25:32 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/05 04:25:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/04 09:49:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/04 09:49:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/04 09:49:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/04 09:49:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/03 20:04:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/03 18:14:55 | 000,011,264 | ---- | M] () -- C:\Users\herbw2\Documents\HW Trust Financials 2011.xlr
[2012/03/02 09:40:52 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2012/03/02 05:59:33 | 000,000,166 | ---- | M] () -- C:\Users\herbw2\fixer.reg
[2012/03/01 04:30:01 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2012/03/01 04:30:01 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2012/02/28 04:18:50 | 000,000,680 | ---- | M] () -- C:\Users\herbw2\AppData\Local\d3d9caps.dat
[2012/02/25 21:14:01 | 244,779,465 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/25 20:39:50 | 000,000,870 | ---- | M] () -- C:\Users\herbw2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/02/25 20:39:50 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/25 19:31:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/02/19 12:35:11 | 000,001,807 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2012/02/19 12:35:11 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2012/02/18 06:36:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/16 06:53:52 | 000,660,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/16 06:53:52 | 000,126,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/16 06:26:24 | 000,331,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/12 15:13:20 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/02/12 07:08:54 | 000,005,642 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/02/09 05:55:57 | 000,222,996 | ---- | M] () -- C:\test.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/05 04:35:20 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/03/03 19:50:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 19:50:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 19:50:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 19:50:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 19:50:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 17:12:17 | 000,011,264 | ---- | C] () -- C:\Users\herbw2\Documents\HW Trust Financials 2011.xlr
[2012/03/01 07:18:26 | 000,000,166 | ---- | C] () -- C:\Users\herbw2\fixer.reg
[2012/02/19 12:35:11 | 000,001,807 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2012/02/19 12:35:11 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Unbox.lnk
[2012/02/12 15:13:20 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/01/10 06:12:40 | 000,222,996 | ---- | C] () -- \test.xml
[2011/11/23 20:02:20 | 000,000,680 | ---- | C] () -- C:\Users\herbw2\AppData\Local\d3d9caps.dat
[2011/07/19 13:59:55 | 000,000,106 | ---- | C] () -- C:\Windows\VaultMediaClient.INI
[2011/04/26 03:52:31 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/26 03:52:31 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/03/24 06:04:38 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010/07/27 13:48:03 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP1B5B4F1

< End of report >
Reply With Quote
  #27  
Old March 5th, 2012, 11:27 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
Sorry, I must have done something wrong in my previous postts
Reply With Quote
  #28  
Old March 6th, 2012, 12:45 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,144
Long as you can get it done. These next steps remove service of Ad-Aware, which I assume are remnants there. IF Ad-Aware is still installed, stop, and post back here before doing the steps.


Open Task Manager (press Ctrl - Alt - delete, then run Task Manager).

Under the Processes tab, locate and right click each of the following, then select End Process, and agree to any warnings:

VideoAcceleratorService.exe

VideoAcceleratorEngine.exe


---------

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc delete "Lavasoft Kernexplorer"

sc delete Lbd

sc delete VideoAcceleratorService


Then type exit and press Enter to close that window.

Reboot, and post a new OTL log please.
Reply With Quote
  #29  
Old March 6th, 2012, 01:19 AM
herbw2 herbw2 is offline
CTH Subscriber
 
Join Date: Feb 2007
O/S: Windows Vista
Location: Brooklyn, NY
Posts: 171
Task manager does not show either video accelerator process. Should I proceed with
cmd.exe step?
Also, to repeat when I click windows button start search the following shows: search.speedbit.com/aff=svd_VA/ This leads to a search box"powered by ask"
URL:http://search.speedbit.com/?aff=svd_VA
Thanks
HerbW
Reply With Quote
  #30  
Old March 6th, 2012, 01:39 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,144
Install HijackThis. Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

Click Config – Misc Tools – Open process manager.

In that list, see if those video accelerator processes show. If so, click each and click Kill Process. If not, just move to the next step, which will kill them after a reboot.

More importantly for now, you can use that Run button in that display to do the cmd.exe step (just click the Run button, type in cmd.exe and click OK) . It will automatically open with the correct permissions, so no need to right click etc.

Once the command window is open, do the "sc delete" procedure I posted earlier, reboot, then post a new OTL log please.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:24 PM.