Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Getting rid of MALware

Started By jillr , Jan 17 2012 11:52 AM

Please log in to reply

19 replies to this topic

#1 jillr

Active Member

Active Members
10 posts

Posted 17 January 2012 - 11:52 AM

Opened a forwarded email from friend and my entire hotmail contact list was SPAMMED. How do I get rid of it?

Not picked up on AVG.

Malwarebytes log: (Sorry file won't attach)
Malwarebytes' Anti-Malware 1.36
Database version: 2098
Windows 5.1.2600 Service Pack 3

17/01/2012 02:30:56
mbam-log-2012-01-17 (02-30-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216788
Time elapsed: 1 hour(s), 34 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\issacapi_bs-2.3.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\issacapi_pe-2.3.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\issacapi_se-2.3.dll (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\cis-2.4.dll (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-220523388-813497703-725345543-1003\Dc37\Engine\3.1.2.9\msl.dll (Adware.Agent) -> No action taken.
C:\System Volume Information\_restore{D10E0643-F04D-497F-9F95-78AF65D9066A}\RP1194\A0128991.dll (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\issacapi_bs-2.3.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\issacapi_pe-2.3.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\issacapi_se-2.3.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\cis-2.4.dll (Trojan.FakeAlert) -> No action taken.

Attached Files

mbam_log_2012_01_17__02_30_48_.txt 1.91KB 1 downloads

#2 sempai

3 stars and a sun

Admin
1,038 posts

Posted 17 January 2012 - 02:16 PM

Hi jillr and welcome to GSF,

Please post all the required logs so we can have a better look about the problem, you can follow the preparation guide here => http://gladiator-ant...showtopic=82676

#3 jillr

Active Member

Active Members
10 posts

Posted 18 January 2012 - 10:34 AM

"Trojan.Fake Alert" (Malwarebytes)
Virus has infected hotmail account. When PC rebooted this morning have a fake sign-in page
personal Gmail account also infected (I think)
work gmail unnaffected (I hope!)

Exported AVG Anti-virus log of whole computer scan (CSV file) run on 16/1/12 at 23.46 GMT won't upload - but "no infection found".
Malwarebytes log says it's attached this time...

Attached Files

mbam_log_2012_01_17__02_30_48_.txt 1.91KB 1 downloads

#4 sempai

3 stars and a sun

Admin
1,038 posts

Posted 18 January 2012 - 12:39 PM

I can't help you without the logs needed so please read our preparation guide, run the scans and post the logs so we can start with the cleaning process.

http://gladiator-ant...showtopic=82676

#5 jillr

Active Member

Active Members
10 posts

Posted 18 January 2012 - 05:38 PM

Really confused now...
Malwarebytes' report is attached to the last two posts. Am attaching it again. This is the one that documents the fake trojan.
[it didn't appear to upload the 1st time so I pasted it into the post just in case] The attachment is listed under "my controls"

The AVG scan detected nothing...
- your system won't allow me to upload the CSV export file - but there's nothing on it anyhow.

Please advise if you've been able to access it or not.
Many thanks

#6 sempai

3 stars and a sun

Admin
1,038 posts

Posted 19 January 2012 - 05:26 AM

Hi,

Did you read the preparation guide? I wasn't only referring to MBAM but to all the required logs namely:

the contents of the MBAM log (Step 1)
the contents of OTL.txt (Step 5)
the contents of Extras.txt (Step 5)
the contents of checkup.txt (Step 6)

P.S. : Please do not attach logs unless instructed, just post the contents when you reply.

#7 jillr

Active Member

Active Members
10 posts

Posted 19 January 2012 - 11:30 PM

Really , really sorry... bit stressed and misread the instructions, just a bit! - thought the clean up came after I'd sent the general reports.

Opened a forwarded email on Monday night, it immediately spammed a mailout to my hotmail contacts. When PC rebooted following day, had fake home page on hotmail, and suspicious requests for phone numbers on my personal gmail account. Work email not affected. Nothing picked up in AVG scan. Malwarebytes reported fake.trojan in registry.
Now run all scans as per instructions (See below).
Malwarebytes - no problems encountered removing spyware.
OldTimer TFC - given no option to save it so ran programme (v. quick). Desktop blank. Only option then "Exit", which took ages, so I Ctl/deleted and rebooted. Tried again. Same thing.
No problems encountered with obtaining remaining logs.

Just tried opening hotmail, but fake page still there.... (haven't rebooted since TFC, which I had problems with - see below)

Look forward to hearing from you...

1. MALWAREBYTES QUICK SCAN.
(Already installed as spyware)
No problem removing infected files:
Malwarebytes' Anti-Malware 1.36
Database version: 2098
Windows 5.1.2600 Service Pack 3

19/01/2012 21:30:51
mbam-log-2012-01-19 (21-30-51).txt

Scan type: Quick Scan
Objects scanned: 116744
Time elapsed: 20 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\issacapi_bs-2.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\issacapi_pe-2.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\issacapi_se-2.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\cis-2.4.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\issacapi_bs-2.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\issacapi_pe-2.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\issacapi_se-2.3.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cis-2.4.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

5a. OTL
(no option given to download to desktop). Scan completed without problem.

OTL.txt[b]
OTL logfile created on: 19/01/2012 22:13:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Samsung\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 55.22% Memory free
2.96 Gb Paging File | 2.44 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82.62 Gb Total Space | 50.46 Gb Free Space | 61.08% Space Free | Partition Type: NTFS

Computer Name: JILL-LAPTOP | User Name: Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 22:08:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Samsung\My Documents\Downloads\OTL.exe
PRC - [2012/01/15 11:50:41 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
PRC - [2012/01/15 11:50:27 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/29 19:28:52 | 000,019,768 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Linkury.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/26 10:46:22 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2009/03/28 14:19:53 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/05/15 17:26:02 | 000,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/03/09 10:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/01/09 11:21:44 | 000,038,976 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE
PRC - [2007/01/09 11:14:12 | 000,145,552 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2SWK.EXE
PRC - [2007/01/09 08:55:00 | 000,073,560 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CAP2RSK.EXE
PRC - [2006/06/20 12:25:46 | 002,764,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2006/02/06 16:47:22 | 008,683,520 | ---- | M] (SAMSUNG) -- C:\Program Files\Samsung\DisplayManager\DisplayManager.exe
PRC - [2005/11/28 19:06:02 | 000,031,744 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe
PRC - [2005/10/29 23:27:14 | 000,364,544 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2005/09/20 18:05:44 | 001,265,748 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2005/09/19 23:02:54 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005/05/28 15:35:56 | 000,036,864 | R--- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2005/02/02 19:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/12/11 11:20:14 | 000,163,840 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
PRC - [2000/11/08 20:01:58 | 000,045,056 | ---- | M] (WayTech Development, Inc.) -- C:\Program Files\Slim Multimedia Keyboard\OSD.exe

========== Modules (No Company Name) ==========

MOD - [2012/01/19 21:37:02 | 000,910,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2012/01/19 21:36:51 | 008,013,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2012/01/19 21:36:39 | 000,145,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2012/01/15 11:50:41 | 000,909,152 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
MOD - [2012/01/15 11:50:27 | 000,939,872 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/01/05 10:31:47 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
MOD - [2012/01/04 23:58:17 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/01/04 23:57:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/04 23:57:35 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/12/29 19:29:40 | 000,016,184 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.Utilities.dll
MOD - [2011/12/29 19:29:36 | 000,024,888 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2011/12/29 19:29:34 | 000,019,256 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.SideBySide.dll
MOD - [2011/12/29 19:29:32 | 000,035,640 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll
MOD - [2011/12/29 19:29:30 | 000,013,112 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2011/12/29 19:29:26 | 000,066,872 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2011/12/29 19:29:24 | 000,331,576 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.FilesManager.dll
MOD - [2011/12/29 19:29:24 | 000,033,592 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2011/12/29 19:29:20 | 000,015,672 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Personalization.Common.dll
MOD - [2011/12/29 19:29:18 | 000,077,112 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2011/12/29 19:29:12 | 000,018,232 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2011/12/29 19:29:08 | 000,052,024 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2011/12/29 19:29:02 | 000,011,064 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2011/12/29 19:29:00 | 000,024,376 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Infrastructure.Core.dll
MOD - [2011/12/29 19:29:00 | 000,012,088 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2011/12/29 19:28:58 | 000,013,112 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2011/12/29 19:28:56 | 001,035,064 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.GUI.MainClient.dll
MOD - [2011/12/29 19:28:54 | 000,080,184 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.GUI.Docking.dll
MOD - [2011/12/29 19:28:52 | 000,541,496 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Smartbar.GUI.Controls.dll
MOD - [2011/12/29 19:28:52 | 000,019,768 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Linkury.exe
MOD - [2011/12/29 19:28:00 | 000,046,904 | ---- | M] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\MACTrackBarLib.dll
MOD - [2011/10/14 10:48:49 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll
MOD - [2011/10/14 10:48:24 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll
MOD - [2011/10/14 10:46:25 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll
MOD - [2011/10/14 10:46:17 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/14 00:45:25 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/14 00:45:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/14 00:45:04 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/14 00:44:19 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll
MOD - [2011/10/13 15:01:02 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 15:00:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/06/20 12:25:46 | 002,764,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
MOD - [2005/09/19 23:04:10 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2005/07/12 23:34:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Samsung\MagicKBD\EasyBoxDll.dll
MOD - [2005/05/28 15:35:56 | 000,036,864 | R--- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
MOD - [2005/05/28 05:03:06 | 000,364,666 | R--- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMCoreDll.dll
MOD - [2003/12/11 11:20:14 | 000,163,840 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
MOD - [2003/12/11 10:18:38 | 000,009,728 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\vdhidwdm.dll
MOD - [2003/06/11 12:15:58 | 000,053,248 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\MediaCtl.dll
MOD - [2003/06/10 10:31:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\WTMenu.dll
MOD - [2002/06/21 15:39:06 | 000,040,960 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\WDAccess.dll
MOD - [2001/06/28 12:09:58 | 000,073,815 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\WTSystem.dll
MOD - [2001/04/24 13:41:28 | 000,045,056 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\WTInter.dll
MOD - [2000/09/04 16:44:30 | 000,114,688 | ---- | M] () -- C:\Program Files\Slim Multimedia Keyboard\WTBTNRES.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/01/15 11:50:41 | 000,909,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008/12/01 10:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2005/11/28 19:06:02 | 000,031,744 | ---- | M] (SRS Labs, Inc.) [Auto | Running] -- C:\Program Files\SRS Labs\WOWXT and TSXT Driver\SRS_PostInstaller.exe -- (SRS_PostInstaller)
SRV - [2005/05/28 15:35:56 | 000,036,864 | R--- | M] () [Auto | Running] -- C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)

========== Driver Services (SafeList) ==========

DRV - [2011/10/27 01:25:40 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/10/27 01:25:40 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/10/27 01:25:40 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2011/10/27 01:25:40 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011/10/27 01:25:40 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/27 20:07:52 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2006/05/30 11:02:54 | 000,010,112 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\BsStor.sys -- (BsStor)
DRV - [2006/05/17 10:03:24 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/12/22 23:44:56 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2005/12/12 23:08:44 | 001,124,097 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 07:55:30 | 001,428,096 | ---- | M] (Intel? Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 19:06:22 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WOWFilter.sys -- (wowfilter)
DRV - [2005/11/17 03:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/11/02 01:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/11/02 00:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/09/20 22:26:16 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/09/19 22:44:52 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005/09/19 22:44:46 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005/09/19 22:41:36 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/06/13 10:08:36 | 000,085,664 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/06/13 10:06:58 | 000,087,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/06/13 10:05:16 | 000,096,224 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/06/13 10:05:08 | 000,009,264 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/06/13 10:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/05/24 22:26:02 | 000,019,840 | R--- | M] (Samsung) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SUE_PD.sys -- (SUEPD)
DRV - [2005/01/08 00:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2002/02/08 09:00:00 | 000,023,232 | ---- | M] (CANON INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CAP2LPT.SYS -- (RapidPort2)
DRV - [2001/11/27 15:07:20 | 000,011,886 | ---- | M] (WayTech Development, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\kbfilter.sys -- (kbfilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com/newtab.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search....rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search....rch.linkury.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1894
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..keyword.URL: "http://cloud-search....linkury.com&q="
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 10:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/26 10:47:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.0.0.7\ [2012/01/15 11:51:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 14:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/29 14:59:26 | 000,000,000 | ---D | M]

[2011/02/25 10:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Extensions
[2012/01/16 22:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions
[2011/01/20 18:59:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/30 16:40:15 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/01/19 21:38:07 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com
[2011/11/14 22:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\staged
[2012/01/19 21:37:57 | 000,002,412 | ---- | M] () -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\searchplugins\Linkury Smartbar Search.xml
[2012/01/16 22:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/28 14:20:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/28 14:20:22 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2011/12/18 22:26:53 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\9.0.0.22
[2011/10/26 10:47:05 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/12/23 10:10:38 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2007/08/25 03:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
[2012/01/15 11:50:19 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Samsung\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: BBC iPlayer Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Samsung\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Samsung\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Samsung\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Samsung\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Documents and Settings\Samsung\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [CAP2ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2ONN.EXE (CANON INC.)
O4 - HKLM..\Run: [DisplayManager] C:\Program Files\Samsung\DisplayManager\DMLoader.exe (SAMSUNG)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SUPBackGround] C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [kdx] C:\Program Files\KHost.exe -all File not found
O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Linkury.exe ()
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [Power2GoExpress] NA File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1210 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1210 Statusvindue.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon LASER SHOT LBP-1210 ???A????.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP2LAK.EXE (CANON INC.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe ()
O4 - Startup: C:\Documents and Settings\Samsung\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritag...EngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://software.news...k1/isetupml.cab (InstallShield International Setup Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.168.3.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83D24B4F-BA80-4912-817C-9F6FE13EBF5C}: DhcpNameServer = 10.168.3.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Samsung\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Samsung\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/08 13:23:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 21:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury
[2012/01/19 21:33:05 | 000,000,000 | ---D | C] -- C:\Avenger
[2012/01/19 20:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samsung\Application Data\OpenCandy
[2012/01/19 20:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2012/01/19 20:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\KeyFinder
[2011/12/23 16:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MyFree Codec
[2011/12/23 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2011/12/23 16:03:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samsung\My Documents\SelfMV
[2011/12/23 16:01:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Samsung
[2011/12/23 16:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samsung\My Documents\samsung
[2011/12/23 15:53:03 | 000,114,280 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadserd.sys
[2011/12/23 15:53:01 | 000,136,808 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdm.sys
[2011/12/23 15:53:01 | 000,012,776 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadmdfl.sys
[2011/12/23 15:53:01 | 000,010,472 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadcmnt.sys
[2011/12/23 15:52:58 | 000,030,312 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\ssadadb.sys
[2011/12/23 15:52:56 | 000,121,064 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadbus.sys
[2011/12/23 15:52:56 | 000,010,344 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssadwhnt.sys
[2011/12/23 15:47:16 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2011/12/23 15:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2011/12/23 15:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/12/23 15:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Samsung\Local Settings\Application Data\Downloaded Installations
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 22:12:33 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-813497703-725345543-1003.job
[2012/01/19 22:12:33 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-813497703-725345543-1003.job
[2012/01/19 21:59:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/19 21:57:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/19 21:57:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/19 21:37:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2012/01/19 21:28:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 20:04:25 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2012/01/19 17:25:13 | 087,031,186 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/01/19 17:24:39 | 000,247,868 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/01/18 10:21:23 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Samsung\My Documents\AGV Antivirus Free edition 2012 16 Jan 2012.csv
[2012/01/17 00:55:16 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Samsung\My Documents\AVG scan 16 jan 12.csv
[2012/01/12 01:33:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/07 10:35:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/07 10:29:22 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/04 23:58:44 | 000,433,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/04 23:58:44 | 000,068,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/04 15:31:38 | 000,000,372 | ---- | M] () -- C:\Documents and Settings\Samsung\My Documents\spider.sav
[2012/01/02 20:00:00 | 000,000,748 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Samsung.job
[2011/12/29 11:48:27 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\Samsung\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2011/12/23 15:02:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/12/23 15:00:51 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/12/23 15:00:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/12/23 10:46:44 | 000,009,926 | ---- | M] () -- C:\Documents and Settings\Samsung\My Documents\xmas card list.csv
[2011/12/23 10:10:39 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/19 20:04:25 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KeyFinder.lnk
[2012/01/18 10:21:23 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Samsung\My Documents\AGV Antivirus Free edition 2012 16 Jan 2012.csv
[2012/01/17 00:55:16 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Samsung\My Documents\AVG scan 16 jan 12.csv
[2011/12/23 17:20:02 | 000,103,048 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/23 15:00:51 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2011/12/23 15:00:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011/12/23 10:39:07 | 000,009,926 | ---- | C] () -- C:\Documents and Settings\Samsung\My Documents\xmas card list.csv
[2011/11/24 00:34:03 | 000,002,235 | ---- | C] () -- C:\Documents and Settings\Samsung\Application Data\SAS7_000.DAT
[2011/07/10 18:27:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2011/07/10 18:13:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/08 23:20:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/06 07:16:02 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/01 19:25:09 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Samsung\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/04 11:58:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/05/31 18:30:08 | 000,001,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/17 13:58:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/05/11 22:49:12 | 000,000,049 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/11 23:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/02 15:06:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 10:06:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/10/27 18:15:24 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/10/10 08:18:25 | 000,000,629 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/10/08 13:46:31 | 000,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2006/10/08 13:46:31 | 000,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2006/10/08 13:45:16 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2006/10/08 13:45:16 | 000,001,520 | ---- | C] () -- C:\WINDOWS\System32\Samsung_KBD.ini
[2006/10/08 13:45:15 | 000,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2006/10/08 13:45:15 | 000,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2006/10/08 13:45:15 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2006/10/08 13:45:15 | 000,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2006/10/08 13:45:15 | 000,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2006/10/08 13:45:15 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2006/10/08 13:45:15 | 000,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2006/10/08 13:45:15 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2006/10/08 13:45:15 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2006/10/08 13:45:15 | 000,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2006/10/08 13:45:15 | 000,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2006/10/08 13:45:15 | 000,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2006/10/08 13:45:15 | 000,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2006/10/08 13:45:15 | 000,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2006/10/08 13:45:00 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2006/10/08 13:37:01 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/10/08 13:26:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/08 13:20:43 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/08 06:15:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/08 06:14:02 | 000,173,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/25 22:00:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioAmp.dll
[2006/01/25 22:00:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\AVSAudioWideStereoDMO.dll
[2005/11/28 19:06:22 | 000,038,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005/11/28 19:06:22 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWFilter.sys
[2005/11/28 19:06:20 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005/09/19 22:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,433,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,068,162 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/08/31 05:32:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 05:30:56 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999/01/22 18:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/05/09 11:19:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\9073267
[2012/01/15 11:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2011/10/12 17:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/04/26 19:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/06/26 21:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/03/15 09:12:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/20 23:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2012/01/19 22:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2012/01/19 17:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/01/26 14:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009/09/15 18:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2011/12/29 15:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/05/07 21:47:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\SystemFeed
[2011/10/14 10:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/19 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/12 17:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\AVG Secure Search
[2011/10/12 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\AVG2012
[2010/11/09 22:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/04/17 19:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/01/20 14:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\Leadertech
[2009/01/26 14:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\MyHeritage
[2012/01/19 20:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\OpenCandy
[2011/12/23 16:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\Samsung
[2006/10/09 13:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\Template
[2007/05/17 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Samsung\Application Data\Thunderbird
[2012/01/19 21:37:08 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job

========== Purity Check ==========

< End of report >

5.b [b]Extras.txt
OTL Extras logfile created on: 19/01/2012 22:13:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Samsung\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.24 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 55.22% Memory free
2.96 Gb Paging File | 2.44 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82.62 Gb Total Space | 50.46 Gb Free Space | 61.08% Space Free | Partition Type: NTFS

Computer Name: JILL-LAPTOP | User Name: Samsung | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe" = C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe:*:Enabled:AluSchedulerSvc
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2
"{17283B95-21A8-4996-97DA-547A48DB266F}" = DisplayManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Magic Doctor
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{56804746-90E4-4CAC-900B-4DD3DD76F32F}" = Get into Spanish
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC15160-A49B-4A89-B181-D4619C025FFF}" = Samsung Samples Installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8715FC88-4ED3-4B10-ABCE-F74090AF96C3}" = Linkury Smartbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A48A8684-A104-44DA-B3DF-0178A125D8D9}" = WOW XT and TSXT Filter Driver
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe? Photoshop? Album Starter Edition 3.2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A999CE76-D054-4684-80C7-53FC9243E019}" = EasyBox
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 1.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC047FA6-E83D-4326-9195-E7D306C5B9A2}" = OLYMPUS muvee theaterPack
"{EF99C14B-17C2-4994-B5C1-EB204A343A6F}" = User's Guide
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe? Photoshop? Album Starter Edition 3.2" = Adobe? Photoshop? Album Starter Edition 3.2
"Agere Systems Soft Modem" = SENS LT56ADW Modem
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Canon LASER SHOT LBP-1210" = Canon LASER SHOT LBP-1210
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"Slim Multimedia Keyboard" = Slim Multimedia Keyboard
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/01/2012 18:47:27 | Computer Name = JILL-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 16/01/2012 19:01:55 | Computer Name = JILL-LAPTOP | Source = .NET Runtime | ID = 1023
Description = Application: chrome.exe CoreCLR Version: 4.0.60831.0 Description: The
process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 16/01/2012 19:02:01 | Computer Name = JILL-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 16.0.912.75, faulting module
coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 16/01/2012 19:10:45 | Computer Name = JILL-LAPTOP | Source = .NET Runtime | ID = 1023
Description = Application: chrome.exe CoreCLR Version: 4.0.60831.0 Description: The
process was terminated due to an internal error in the .NET Runtime at IP 7928D2A6
(79150000) with exit code 8013150a.

Error - 16/01/2012 19:10:46 | Computer Name = JILL-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 16.0.912.75, faulting module
coreclr.dll, version 4.0.60831.0, fault address 0x0013d2a6.

Error - 16/01/2012 20:26:07 | Computer Name = JILL-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.3822, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16/01/2012 20:26:47 | Computer Name = JILL-LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 01965599.

Error - 19/01/2012 17:45:57 | Computer Name = JILL-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application TFC.exe, version 3.1.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/01/2012 17:45:57 | Computer Name = JILL-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application TFC.exe, version 3.1.7.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 19/01/2012 18:11:01 | Computer Name = JILL-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.31.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly.
It has done this 1 time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The SRS PostInstaller Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Bluetooth Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The KService service terminated unexpectedly. It has done this 1
time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The SNM WLAN Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 19/01/2012 17:52:30 | Computer Name = JILL-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The vToolbarUpdater service terminated unexpectedly. It has done
this 1 time(s).

< End of report >

6. SECURITY CHECK
(again, no option given to download to desktop). Scan completed without problem.

checkup.txt
Results of screen317's Security Check version 0.99.30
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG 2012
AVG Security Toolbar
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 13
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java version out of date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (3.6.23) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#8 sempai

3 stars and a sun

Admin
1,038 posts

Posted 21 January 2012 - 04:46 AM

Hi,

Please do not put the log in bolded text or do not edit the log, I am reading every entry in your log and putting them in bold will just make the reading more difficult.

Did you install "Linkury" by yourself?

#9 jillr

Active Member

Active Members
10 posts

Posted 21 January 2012 - 10:22 PM

Hi Sempai,
Haven't heard of Linkury, so wouldn't have knowingly installed it....

#10 sempai

3 stars and a sun

Admin
1,038 posts

Posted 22 January 2012 - 12:52 AM

Please reopen OTL on your desktop.

Copy and Paste the following code into the Custom Scan/Fixes text box.

CODE
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.ht...rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.ht...rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.linkury.com/newtab.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.ht...rch.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.ht...rch.linkury.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://search.linkury.com"
FF - prefs.js..keyword.URL: "http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
[2012/01/19 21:38:07 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com
[2012/01/19 21:37:57 | 000,002,412 | ---- | M] () -- C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\searchplugins\Linkury Smartbar Search.xml
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKCU..\Run: [kdx] C:\Program Files\KHost.exe -all File not found
O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Linkury.exe ()
O4 - Startup: C:\Documents and Settings\Samsung\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[CREATERESTOREPOINT]
Push the Run Fix button.
OTL may ask to reboot the machine. Please do so if asked.
A massage box "Fix complete! Click OK to open the fix log." will pop-up.
Click the OK button and a report will open.
Copy and Paste that report in your next reply.

#11 jillr

Active Member

Active Members
10 posts

Posted 22 January 2012 - 12:09 PM

OTL "Run Fix" scan report below.
NB, desktop lost during process, had to Ctrl-Alt-Dlt and reboot.

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "http://search.linkury.com" removed from browser.startup.homepage
Prefs.js: "http://cloud-search....linkury.com&q=" removed from keyword.URL
Prefs.js: "Linkury Smartbar Search" removed from browser.search.selectedEngine
C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\components folder moved successfully.
C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\chrome\PublisherImages folder moved successfully.
C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\chrome\images folder moved successfully.
C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\chrome folder moved successfully.
C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com folder moved successfully.
C:\Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\searchplugins\Linkury Smartbar Search.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\kdx deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Linkury Chrome Smartbar deleted successfully.
C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\Linkury.exe moved successfully.
C:\Documents and Settings\Samsung\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Samsung\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Samsung\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Samsung
->Temp folder emptied: 1884331 bytes
->Temporary Internet Files folder emptied: 61321364 bytes
->Java cache emptied: 101528663 bytes
->FireFox cache emptied: 54499481 bytes
->Google Chrome cache emptied: 394059721 bytes
->Flash cache emptied: 201759 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 452864672 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 275513213 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1202938 bytes
RecycleBin emptied: 24522951 bytes

Total Files Cleaned = 1,306.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 01222012_114519

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 sempai

3 stars and a sun

Admin
1,038 posts

Posted 22 January 2012 - 02:39 PM

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here to run the scan.
QUOTE
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close, but make sure you copy the logfile first.
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

#13 jillr

Active Member

Active Members
10 posts

Posted 23 January 2012 - 08:25 AM

ESET Log.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=80c46d8eaf14a64e9aa38cf14dd0b885
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 03:22:27
# local_time=2012-01-23 03:22:27 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 8845345 8845345 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 39098 39098 0 0
# scanned=73408
# found=10
# cleaned=10
# scan_time=4137
C:\Documents and Settings\Samsung\Application Data\OpenCandy\9DE436CB998D4622AC8175826E1F827F\LinkuryInstaller.msi Win32/Toolbar.Linkury application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Samsung\Local Settings\Application Data\Linkury\Application\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_8.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Samsung\My Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01222012_114519\C_Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_5.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01222012_114519\C_Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_6.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01222012_114519\C_Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_7.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\01222012_114519\C_Documents and Settings\Samsung\Application Data\Mozilla\Firefox\Profiles\xyethcgs.default\extensions\helperbar@helperbar.com\components\LinkuryFireFoxRemotePlugin_8.dll Win32/Toolbar.Linkury application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#14 sempai

3 stars and a sun

Admin
1,038 posts

Posted 23 January 2012 - 04:04 PM

How's the computer running?

#15 jillr

Active Member

Active Members
10 posts

Posted 16 February 2012 - 10:49 AM

Hi Sempai,
Unexpected family emergency, so have only just looked at your last post.
Sadly, email still infected.

Any other solutions?
I updated adobe a week or so ago, but other than that have installed nothing else.
Look forward to hearing from you

Back to HELP! Think you are Infected?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Getting rid of MALware

#1 jillr

Attached Files

#2 sempai

#3 jillr

Attached Files

#4 sempai

#5 jillr

#6 sempai

#7 jillr

#8 sempai

#9 jillr

#10 sempai

#11 jillr

#12 sempai

#13 jillr

#14 sempai

#15 jillr

0 user(s) are reading this topic

Sign In