Jump to content

jacem5397
 Share

Recommended Posts

OK I'm so sorry about previously not being able to get online,but Ive tested this method of staying on and on this forum and it has worked the past few days,so here it goes.

 

OTLOTL logfile created on: 2/3/2012 2:27:36 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\jonathan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.75 Gb Total Physical Memory | 4.47 Gb Available Physical Memory | 77.67% Memory free

11.50 Gb Paging File | 8.19 Gb Available in Paging File | 71.25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.24 Gb Total Space | 852.78 Gb Free Space | 92.67% Space Free | Partition Type: NTFS

Drive D: | 11.17 Gb Total Space | 1.36 Gb Free Space | 12.22% Space Free | Partition Type: NTFS

Drive E: | 516.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: JONATHAN-HP | User Name: jonathan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/02/03 02:26:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\jonathan\Downloads\OTL.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/31 07:42:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

PRC - [2011/12/29 16:43:30 | 000,620,376 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe

PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe

PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe

PRC - [2011/11/29 12:28:04 | 002,177,536 | ---- | M] (Jackpot Rewards) -- C:\Program Files (x86)\Shop To Win\ShopToWin.exe

PRC - [2011/11/28 06:59:56 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

PRC - [2011/10/13 14:24:54 | 000,790,624 | ---- | M] (Jackpot Rewards) -- C:\Program Files (x86)\DealRunner\DealRunner.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

PRC - [2011/08/11 13:53:06 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe

PRC - [2011/06/01 13:10:00 | 000,821,080 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccsvchst.exe

PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/01 00:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2011/01/12 18:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

PRC - [2010/11/26 06:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/10/20 11:15:45 | 004,519,792 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\hsplayer.exe

PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/11/13 11:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/01/08 13:50:02 | 000,076,800 | ---- | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}\components\RadioWMPCoreGecko9.dll

MOD - [2011/12/31 07:42:10 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/12/30 00:05:36 | 000,095,744 | ---- | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\textlinks@epicplay.com\components\epicPlayGames.dll

MOD - [2011/11/19 22:14:13 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/10/12 22:23:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011/10/12 22:23:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011/10/12 22:23:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011/10/12 22:23:11 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011/10/12 22:23:05 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl

MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl

MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl

MOD - [2011/01/12 17:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll

MOD - [2011/01/12 17:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll

MOD - [2009/04/22 13:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll

MOD - [2009/04/09 15:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll

MOD - [2009/03/03 14:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll

MOD - [2009/03/03 14:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll

MOD - [2009/03/03 14:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll

MOD - [2009/03/03 14:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll

MOD - [2009/03/03 14:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll

MOD - [2009/03/03 14:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll

MOD - [2009/03/03 14:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll

MOD - [2009/03/03 14:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll

MOD - [2009/03/03 14:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/08/11 15:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011/07/13 18:23:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2011/02/16 21:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)

SRV:64bit: - [2010/10/11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/12/29 22:29:04 | 000,497,496 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)

SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)

SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)

SRV - [2011/06/01 13:10:00 | 000,821,080 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [unknown | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe -- (NAV)

SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/01 00:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2010/11/26 06:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/11/20 19:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2008/11/13 11:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)

SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/07/02 13:50:51 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)

DRV:64bit: - [2011/06/24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)

DRV:64bit: - [2011/05/13 02:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/05/13 02:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011/05/13 02:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011/05/13 02:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/20 17:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)

DRV:64bit: - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2011/03/30 19:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 19:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 18:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/23 15:50:14 | 000,018,232 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV:64bit: - [2011/01/26 22:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/26 21:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207000.00D\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/12/28 11:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/12/20 21:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/12/20 21:55:02 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)

DRV:64bit: - [2010/12/20 21:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2010/12/20 21:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/04 20:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2010/11/04 05:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/11/04 05:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)

DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008/12/12 17:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2008/12/12 17:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV - [2012/01/22 03:17:40 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120201.003\EX64.SYS -- (NAVEX15)

DRV - [2012/01/22 03:17:40 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120201.003\ENG64.SYS -- (NAVENG)

DRV - [2011/12/15 15:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120201.002\IDSviA64.sys -- (IDSVia64)

DRV - [2011/11/30 18:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2011/11/09 20:07:17 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/11/09 20:07:17 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/05/08 17:29:40 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2011/04/27 18:17:28 | 000,020,336 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)

DRV - [2011/03/22 23:58:10 | 000,021,328 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)

DRV - [2011/03/22 23:58:06 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKCU\..\URLSearchHook: {081d3cbe-4cb2-42f5-a343-14fdf38e1a22} - No CLSID value found

IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

IE - HKCU\..\URLSearchHook: {edc8d02a-7ae5-1094-ddc0-16d2381944d0} - C:\Program Files (x86)\SocialRibbons LP 1\Helper.dll ()

IE - HKCU\..\URLSearchHook: {ee9aab28-7d67-44a3-aefc-c66aef34af76} - No CLSID value found

IE - HKCU\..\URLSearchHook: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()

IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "A Free Ride Games Bar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p="

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=685749&ilc=12"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@meadco.com/neptune plugin,version=2.0.0.29: C:\PROGRA~2\MEADCO~1\npmeadax.dll (MeadCo Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found

FF - HKLM\Software\MozillaPlugins\@Playfin_1t.com/Plugin: C:\Program Files (x86)\Playfin_1t\bar\1.bin\NP1tStub.dll File not found

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jonathan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jonathan\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jonathan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2012/01/31 19:47:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/31 19:45:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/11/28 07:00:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1tffxtbr@Playfin_1t.com: C:\Program Files (x86)\Playfin_1t\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/31 07:42:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/22 21:02:08 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files (x86)\Object\facetheme

 

[2011/08/23 18:27:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Extensions

[2012/02/01 02:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions

[2012/01/08 06:22:22 | 000,000,000 | ---D | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}

[2012/01/31 21:02:33 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}

[2012/01/04 00:04:07 | 000,000,000 | ---D | M] (Verizon Toolbar) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13}

[2012/01/09 03:24:27 | 000,000,000 | ---D | M] (A Free Ride Games Bar Community Toolbar) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}

[2012/01/07 05:48:04 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\m3ffxtbr@mywebsearch.com

[2011/12/30 00:05:36 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\textlinks@epicplay.com

[2011/07/02 07:32:55 | 000,000,000 | ---D | M] (The Search Sidebar) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\webmynd@yourentirelife.com

[2011/12/28 11:54:14 | 000,000,945 | ---- | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\searchplugins\conduit.xml

[2011/11/08 00:37:17 | 000,009,979 | ---- | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\searchplugins\FestiveBar_3g.xml

[2012/01/31 19:38:34 | 000,001,276 | ---- | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\searchplugins\search-the-web.xml

[2011/07/08 10:31:40 | 000,002,497 | ---- | M] () -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\searchplugins\SearchResults.xml

[2011/12/19 09:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/10/22 02:36:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/12/31 07:42:12 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM

[2011/12/19 09:43:07 | 000,000,000 | ---D | M] (IObit Toolbar) -- C:\PROGRAM FILES (X86)\IOBIT TOOLBAR\FF

() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMMW6QKN.DEFAULT\EXTENSIONS\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.XPI

() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMMW6QKN.DEFAULT\EXTENSIONS\{6E6347BC-3CF0-AA94-8D40-B0F3E4B41E92}.XPI

() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMMW6QKN.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI

() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMMW6QKN.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI

() (No name found) -- C:\USERS\JONATHAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMMW6QKN.DEFAULT\EXTENSIONS\RUNTIME@PANDA3D.ORG.XPI

[2011/12/31 07:42:11 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/08/11 13:53:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/12/31 07:42:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/07/08 10:31:40 | 000,002,497 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

[2011/12/31 07:42:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2010/09/20 05:17:26 | 000,002,566 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\verizontb.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Conduit (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=ct3001739

CHR - default_search_provider: suggest_url = http://search.conduit.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jonathan\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\jonathan\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jonathan\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll

CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Skype Click to Call = C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: EpicPlay = C:\Users\jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plccnhhjonaiagjelpfkclblmlppjcik\

 

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Shop to Win) - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll (Shop To Win, LLC)

O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (SocialRibbons LP 1) - {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:\Program Files (x86)\SocialRibbons LP 1\Toolbar.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Updater For Verizon Toolbar) - {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll (Visicom Media)

O2 - BHO: (no name) - {9d4f812f-17c3-4867-a2b5-99bd6b43a5be} - No CLSID value found.

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)

O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.

O2 - BHO: (no name) - {d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} - No CLSID value found.

O2 - BHO: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()

O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files (x86)\IObit Toolbar\IE\4.9\iobitToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {d30bc29f-19f6-40b3-a91f-d4707048ade6} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Verizon Toolbar) - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {081D3CBE-4CB2-42F5-A343-14FDF38E1A22} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [Playfin_1t Browser Plugin Loader] C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbrmon.exe File not found

O4 - HKLM..\Run: [searchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)

O4 - HKCU..\Run: [DealRunner] C:\Program Files (x86)\DealRunner\DealRunner.exe (Jackpot Rewards)

O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)

O4 - HKCU..\Run: [shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe (Jackpot Rewards)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()

O4:64bit: - HKLM..\RunOnce: [WinSATRestorePower] C:\Windows\SysNative\powercfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()

O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()

O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()

O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domain

Link to comment
Share on other sites

And I wasn't sure if you needed DDS but here it is.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by jonathan at 9:18:03 on 2012-01-31

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.3322 [GMT -8:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe

C:Windowssystem32svchost.exe -k RPCSS

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32atieclxx.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)IObitIObit Malware FighterIMFsrv.exe

C:Program FilesSUPERAntiSpywareSASCORE64.EXE

C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program Files (x86)Application UpdaterApplicationUpdater.exe

C:Program FilesBonjourmDNSResponder.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe

C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe

C:Program Files (x86)VerizonIHA_MessageCenterBinVerizon_IHAMessageCenter.exe

c:Program Files (x86)Common FilesLightScribeLSSrvc.exe

C:Program Files (x86)LinksysLinksys UpdaterbinLinksysUpdater.exe

C:Program Files (x86)Norton AntiVirusEngine18.6.0.29ccSvcHst.exe

C:WindowsSysWOW64java.exe

C:Windowssystem32conhost.exe

C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe

C:Program Files (x86)PDF Completepdfsvc.exe

C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe

C:Program Files (x86)VERIZONDMbinsprtsvc.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program Files (x86)VERIZONDMbintgsrvc.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesHewlett-PackardHP AutoHPAuto.exe

C:Program Files (x86)Common FilesPure Networks SharedPlatformnmsrvc.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32WUDFHost.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program Files (x86)Norton AntiVirusEngine18.6.0.29ccSvcHst.exe

C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe

C:WindowsWindowsMobilewmdc.exe

C:Program Files (x86)LogitechVid HDVid.exe

C:Windowssystem32svchost.exe -k WindowsMobile

C:Windowssystem32SearchIndexer.exe

C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe

C:Program Files (x86)Siber SystemsAI RoboFormrobotaskbaricon.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)Shop To WinShopToWin.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Program Files (x86)DealRunnerDealRunner.exe

C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

C:Program Files (x86)HpHP Software Updatehpwuschd2.exe

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

C:Program Files (x86)Common FilesSpigotSearch SettingsSearchSettings.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)VERIZONDMbinsprtcmd.exe

C:Program FilesiPodbiniPodService.exe

C:Windowssystem32DllHost.exe

C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticMOM.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

C:Windowssystem32svchost.exe -k SDRSVC

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32vssvc.exe

C:WindowsSystem32svchost.exe -k swprv

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:WindowsSysWOW64cmd.exe

C:Windowssystem32conhost.exe

C:WindowsSysWOW64cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:Program Files (x86)IObit ToolbarIE4.9iobitToolbarIE.dll

uURLSearchHooks: H - No File

uURLSearchHooks: FCToolbarURLSearchHook Class: {edc8d02a-7ae5-1094-ddc0-16d2381944d0} - C:Program Files (x86)SocialRibbons LP 1Helper.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

uURLSearchHooks: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:Program Files (x86)verizontbverizonDx.dll

mWinlogon: Userinit=userinit.exe,

BHO: Shop to Win: {0095c290-a428-4bdd-b98c-e0a116f1c702} - C:Program Files (x86)Shop to Win 9Shop to Win 9.dll

BHO: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:Program Files (x86)IObit ToolbarIE4.9iobitToolbarIE.dll

BHO: SocialRibbons LP 1: {2f3d5040-d8e1-f5b4-150e-f532a5f23615} - C:Program Files (x86)SocialRibbons LP 1Toolbar.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:Program Files (x86)Norton AntiVirusEngine18.6.0.29IPSIPSBHO.DLL

BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:Program Files (x86)Javajre6binssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:Program Files (x86)verizontbauxiverizonAu.dll

BHO: {9d4f812f-17c3-4867-a2b5-99bd6b43a5be} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - C:Program Files (x86)Common FilesFreeCauseDCAdca-bho.dll

BHO: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File

BHO: {d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:Program Files (x86)verizontbverizonDx.dll

BHO: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File

TB: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll

TB: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - C:Program Files (x86)IObit ToolbarIE4.9iobitToolbarIE.dll

TB: {d30bc29f-19f6-40b3-a91f-d4707048ade6} - No File

TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:Program Files (x86)verizontbverizonDx.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {081D3CBE-4CB2-42F5-A343-14FDF38E1A22} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File

uRun: [Logitech Vid] "C:Program Files (x86)LogitechVid HDVid.exe" -bootmode

uRun: [Xvid] C:Program Files (x86)XvidCheckUpdate.exe

uRun: [Advanced SystemCare 5] "C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe" /AutoStart

uRun: [RoboForm] "C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe"

uRun: [Google Update] "C:UsersjonathanAppDataLocalGoogleUpdateGoogleUpdate.exe" /c

uRun: [shop To Win] C:Program Files (x86)Shop To WinShopToWin.exe

uRun: [DealRunner] C:Program Files (x86)DealRunnerDealRunner.exe

uRun: [sUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe

mRun: [HP Software Update] c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

mRun: [Norton Online Backup] C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe

mRun: [PDF Complete] C:Program Files (x86)PDF Completepdfsty.exe

mRun: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun: [searchSettings] "C:Program Files (x86)Common FilesSpigotSearch SettingsSearchSettings.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [Playfin_1t Browser Plugin Loader] C:PROGRA~2PLAYFI~1bar1.bin1tbrmon.exe

mRun: [VERIZONDM] "C:Program Files (x86)VERIZONDMbinsprtcmd.exe" /P VERIZONDM

StartupFolder: C:UsersjonathanAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupLOGITE~1.LNK - C:Program Files (x86)LogitechEregeReg.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComShowToolbar.html

IE: Save Forms - file://C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComShowToolbar.html

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:Program Files (x86)PokerStars.NETPokerStarsUpdate.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces{08D0D9D5-C45B-426C-98FE-56118636302B} : DhcpNameServer = 192.168.1.1

TCP: Interfaces{08D0D9D5-C45B-426C-98FE-56118636302B}3486F63686F6 : DhcpNameServer = 192.168.1.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:Program Files (x86)Common FilesPure Networks SharedPlatformpuresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

BHO-X64: Shop to Win: {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:Program Files (x86)Shop to Win 9Shop to Win 9.dll

BHO-X64: Freecause Shopping BHO - No File

BHO-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:Program Files (x86)IObit ToolbarIE4.9iobitToolbarIE.dll

BHO-X64: SocialRibbons LP 1: {2F3D5040-D8E1-F5B4-150E-F532A5F23615} - C:Program Files (x86)SocialRibbons LP 1Toolbar.dll

BHO-X64: FCTBPos00Pos - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton AntiVirusEngine18.6.0.29IPSIPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:Program Files (x86)verizontbauxiverizonAu.dll

BHO-X64: Updater For Verizon Toolbar - No File

BHO-X64: {9d4f812f-17c3-4867-a2b5-99bd6b43a5be} - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:Program Files (x86)Common FilesFreeCauseDCAdca-bho.dll

BHO-X64: DCA - No File

BHO-X64: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File

BHO-X64: MediaBar - No File

BHO-X64: {d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

BHO-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:Program Files (x86)verizontbverizonDx.dll

BHO-X64: Verizon Toolbar - No File

BHO-X64: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File

BHO-X64: Yontoo Layers - No File

TB-X64: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No File

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program Files (x86)Siber SystemsAI RoboFormroboform.dll

TB-X64: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:Program Files (x86)IObit ToolbarIE4.9iobitToolbarIE.dll

TB-X64: {d30bc29f-19f6-40b3-a91f-d4707048ade6} - No File

TB-X64: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:Program Files (x86)verizontbverizonDx.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {081D3CBE-4CB2-42F5-A343-14FDF38E1A22} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {F92A9FE4-2850-4198-B9D5-279880E49B16} - No File

mRun-x64: [HP Software Update] c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe

mRun-x64: [Norton Online Backup] C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe

mRun-x64: [PDF Complete] C:Program Files (x86)PDF Completepdfsty.exe

mRun-x64: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun-x64: [searchSettings] "C:Program Files (x86)Common FilesSpigotSearch SettingsSearchSettings.exe"

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun-x64: [Playfin_1t Browser Plugin Loader] C:PROGRA~2PLAYFI~1bar1.bin1tbrmon.exe

mRun-x64: [VERIZONDM] "C:Program Files (x86)VERIZONDMbinsprtcmd.exe" /P VERIZONDM

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:Program Files (x86)Siber SystemsAI RoboFormRoboFormComShowToolbar.html

IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:Program Files (x86)PokerStars.NETPokerStarsUpdate.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.default

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=685749&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrlui.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpdeployJava1.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnu.dll

FF - plugin: C:Program Files (x86)Mozilla Firefoxpluginsnpdnupdater2.dll

FF - plugin: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

FF - plugin: C:UsersjonathanAppDataLocalGoogleUpdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: C:UsersjonathanAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

FF - plugin: C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{000F1EA4-5E08-4564-A29B-29076F63A37A}pluginsnpsoe.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:Windowssystem32driversamd_sata.sys --> C:Windowssystem32driversamd_sata.sys [?]

R0 amd_xata;amd_xata;C:Windowssystem32driversamd_xata.sys --> C:Windowssystem32driversamd_xata.sys [?]

R0 SmartDefragDriver;SmartDefragDriver;C:Windowssystem32DriversSmartDefragDriver.sys --> C:Windowssystem32DriversSmartDefragDriver.sys [?]

R0 SymDS;Symantec Data Store;C:Windowssystem32driversNAVx641206000.01DSYMDS64.SYS --> C:Windowssystem32driversNAVx641206000.01DSYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:Windowssystem32driversNAVx641206000.01DSYMEFA64.SYS --> C:Windowssystem32driversNAVx641206000.01DSYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_18.5.0.125DefinitionsBASHDefs20120121.002BHDrvx64.sys [2012-1-24 1157240]

R1 IDSVia64;IDSVia64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NAV_18.5.0.125DefinitionsIPSDefs20120128.002IDSviA64.sys [2012-1-31 488568]

R1 SASDIFSV;SASDIFSV;C:Program FilesSUPERAntiSpywaresasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:Program FilesSUPERAntiSpywaresaskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:Windowssystem32driversNAVx641206000.01DIronx64.SYS --> C:Windowssystem32driversNAVx641206000.01DIronx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:Windowssystem32DriversNAVx641206000.01DSYMNETS.SYS --> C:Windowssystem32DriversNAVx641206000.01DSYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:Windowssystem32DRIVERSvwififlt.sys --> C:Windowssystem32DRIVERSvwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:Program FilesSUPERAntiSpywareSASCore64.exe [2011-8-11 140672]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe [2011-11-28 497496]

R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe [2011-3-9 365568]

R2 Application Updater;Application Updater;C:Program Files (x86)Application UpdaterApplicationUpdater.exe [2011-12-14 748440]

R2 HP Support Assistant Service;HP Support Assistant Service;C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe [2011-6-21 85560]

R2 HPAuto;HP Auto;C:Program FilesHewlett-PackardHP AutoHPAuto.exe [2011-2-16 682040]

R2 HPClientSvc;HP Client Services;C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [2011-3-28 94264]

R2 IHA_MessageCenter;IHA_MessageCenter;C:Program Files (x86)VerizonIHA_MessageCenterBinVerizon_IHAMessageCenter.exe [2011-12-12 290832]

R2 IMFservice;IMF Service;C:Program Files (x86)IObitIObit Malware FighterIMFsrv.exe [2011-8-12 821080]

R2 LinksysUpdater;Linksys Updater;C:Program Files (x86)LinksysLinksys UpdaterbinLinksysUpdater.exe [2008-11-13 204800]

R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-1-17 652872]

R2 NAV;Norton AntiVirus;C:Program Files (x86)Norton AntiVirusEngine18.6.0.29ccsvchst.exe [2011-7-2 130008]

R2 NOBU;Norton Online Backup;C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe [2010-6-1 2804568]

R2 pdfcDispatcher;PDF Document Manager;C:Program Files (x86)PDF Completepdfsvc.exe [2011-4-30 1127448]

R2 RoxioNow Service;RoxioNow Service;C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-11-26 399344]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:Program Files (x86)VERIZONDMbinsprtsvc.exe [2011-12-1 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:Program Files (x86)VERIZONDMbintgsrvc.exe [2011-12-1 185640]

R2 UMVPFSrv;UMVPFSrv;C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe [2011-4-1 428640]

R3 amdiox64;AMD IO Driver;C:Windowssystem32DRIVERSamdiox64.sys --> C:Windowssystem32DRIVERSamdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2012-1-15 138360]

R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:Windowssystem32DRIVERSnetr28x.sys --> C:Windowssystem32DRIVERSnetr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:Windowssystem32DRIVERSRt64win7.sys --> C:Windowssystem32DRIVERSRt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:Windowssystem32driversusbfilter.sys --> C:Windowssystem32driversusbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:Windowssystem32DRIVERSvwifimp.sys --> C:Windowssystem32DRIVERSvwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:Windowssystem32Driversssadadb.sys --> C:Windowssystem32Driversssadadb.sys [?]

S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]

S3 LVRS64;Logitech RightSound Filter Driver;C:Windowssystem32DRIVERSlvrs64.sys --> C:Windowssystem32DRIVERSlvrs64.sys [?]

S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:Windowssystem32DRIVERSlvuvc64.sys --> C:Windowssystem32DRIVERSlvuvc64.sys [?]

S3 PCPitstop Scheduling;PCPitstop Scheduling;C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe [2011-8-4 91816]

S3 RegFilter;RegFilter;C:Program Files (x86)IObitIObit Malware FighterDriverswin7_amd64RegFilter.sys [2011-8-12 33184]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:Windowssystem32DRIVERSssadbus.sys --> C:Windowssystem32DRIVERSssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:Windowssystem32DRIVERSssadmdfl.sys --> C:Windowssystem32DRIVERSssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:Windowssystem32DRIVERSssadmdm.sys --> C:Windowssystem32DRIVERSssadmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:Windowssystem32driverstsusbflt.sys --> C:Windowssystem32driverstsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:Windowssystem32driversTsUsbGD.sys --> C:Windowssystem32driversTsUsbGD.sys [?]

S3 UrlFilter;UrlFilter;C:Program Files (x86)IObitIObit Malware FighterDriverswin7_amd64UrlFilter.sys [2011-8-12 21328]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]

S4 FileMonitor;FileMonitor;C:Program Files (x86)IObitIObit Malware FighterDriverswin7_amd64FileMonitor.sys [2011-8-12 20336]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:Program FilesWindows LiveMeshwlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-01-31 16:47:43 -------- d-----w- C:UsersjonathanAppDataLocal{D1C7D23E-B01A-4D52-AD3C-29A1DAB56D0F}

2012-01-25 07:06:49 -------- d-----w- C:UsersjonathanAppDataRoamingSUPERAntiSpyware.com

2012-01-25 07:06:18 -------- d-----w- C:ProgramDataSUPERAntiSpyware.com

2012-01-25 07:06:18 -------- d-----w- C:Program FilesSUPERAntiSpyware

2012-01-25 07:05:51 388096 ----a-r- C:UsersjonathanAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-25 07:05:51 -------- d-----w- C:Program Files (x86)Trend Micro

2012-01-23 12:49:35 -------- d-----w- C:UsersjonathanAppDataRoamingUnity

2012-01-23 12:46:23 -------- d-----w- C:UsersjonathanAppDataLocalUnity

2012-01-17 18:58:15 709968 ----a-w- C:WindowsisRS-000.tmp

2012-01-16 12:59:49 -------- d-----w- C:ProgramDataWild Tangent

2012-01-12 09:49:19 -------- d-----w- C:UsersjonathanAppDataRoamingMagic Academy

2012-01-11 20:10:38 514560 ----a-w- C:WindowsSysWow64qdvd.dll

2012-01-11 20:10:38 366592 ----a-w- C:WindowsSystem32qdvd.dll

2012-01-11 20:10:38 1572864 ----a-w- C:WindowsSystem32quartz.dll

2012-01-11 20:10:38 1328128 ----a-w- C:WindowsSysWow64quartz.dll

2012-01-11 20:10:35 77312 ----a-w- C:WindowsSystem32packager.dll

2012-01-11 20:10:35 67072 ----a-w- C:WindowsSysWow64packager.dll

2012-01-11 20:10:35 1731920 ----a-w- C:WindowsSystem32ntdll.dll

2012-01-11 20:10:35 1292080 ----a-w- C:WindowsSysWow64ntdll.dll

2012-01-08 14:25:38 -------- d-----w- C:UsersjonathanAppDataLocalSCE

2012-01-06 14:05:52 -------- d-----w- C:WindowsWindowsMobile

2012-01-04 08:04:38 -------- d-----w- C:Program FilesVerizon

2012-01-04 08:04:12 260 ----a-w- C:WindowsSysWow64cmdVBS.vbs

2012-01-04 08:04:12 256 ----a-w- C:WindowsSysWow64MSIevent.bat

2012-01-04 08:04:07 -------- d-----w- C:Program Files (x86)verizontb

2012-01-04 08:03:52 23896576 ----a-w- C:WindowsVzInHomeAgentInstaller.msi

2012-01-04 07:49:58 -------- d-----w- C:UsersjonathanAppDataLocalSupportSoft

2012-01-04 07:49:50 -------- d-----w- C:Program Files (x86)VERIZONDM

2012-01-04 07:49:45 9795072 ----a-w- C:WindowsVerizonDM.msi

2012-01-04 07:49:43 -------- d-----w- C:Program Files (x86)Verizon

2012-01-04 07:49:43 -------- d-----w- C:Program Files (x86)Common FilesSupportSoft

2012-01-04 07:15:37 -------- d-----w- C:UsersjonathanAppDataLocalDiagnostics

.

==================== Find3M ====================

.

2011-12-29 14:09:59 1700352 ----a-w- C:WindowsSysWow64gdiplus.dll

2011-12-10 23:24:08 23152 ----a-w- C:WindowsSystem32driversmbam.sys

2011-11-24 04:52:09 3145216 ----a-w- C:WindowsSystem32win32k.sys

2011-11-20 06:14:13 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2011-11-17 06:49:14 95600 ----a-w- C:WindowsSystem32driversksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:WindowsSystem32driversksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:WindowsSystem32driverscng.sys

2011-11-17 06:35:28 395776 ----a-w- C:WindowsSystem32webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:WindowsSystem32sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:WindowsSystem32sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:WindowsSystem32schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:WindowsSystem32secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:WindowsSystem32lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:WindowsSystem32lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:WindowsSysWow64webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:WindowsSysWow64schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:WindowsSysWow64secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:WindowsSysWow64sspicli.dll

2011-11-05 05:41:43 1188864 ----a-w- C:WindowsSystem32wininet.dll

2011-11-05 05:32:50 2048 ----a-w- C:WindowsSystem32tzres.dll

2011-11-05 04:35:00 981504 ----a-w- C:WindowsSysWow64wininet.dll

2011-11-05 04:26:03 2048 ----a-w- C:WindowsSysWow64tzres.dll

2011-11-05 03:32:47 1638912 ----a-w- C:WindowsSystem32mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:WindowsSysWow64mshtml.tlb

.

============= FINISH: 9:18:27.72 ===============

Link to comment
Share on other sites

Hello jacem5397

 

Lets make a start with the following:

 

First, please make sure that OTL is placed directly onto your desktop before doing the following:

  • IOBIT Products

  • We note you are using one or more products from IOBit (Advanced SystemCare 5, IObit Malware Fighter, IObit Toolbar v4.9).
  • IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
  • Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.
  • A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”
  • From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, we do not recommend the use of IOBit products.
  • You can remove IOBit products by clicking on "Windows Orb" and then on "Computer" and then on the "Uninstall or Change a Program" tab.
  • Please un-install the following

    • Click on "Start" then on "Control Panel" and then on the "Programs and Features" tab.
    • Find the "Shop To Win" program, click on it once and then click on the "uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.
    • Repeat for SocialRibbons LP 1 and Verizon Toolbar
  • Please open OTL

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      PRC - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
      PRC - [2011/11/29 12:28:04 | 002,177,536 | ---- | M] (Jackpot Rewards) -- C:\Program Files (x86)\Shop To Win\ShopToWin.exe
      PRC - [2011/12/13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
      SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
      IE - HKCU\..\URLSearchHook: {081d3cbe-4cb2-42f5-a343-14fdf38e1a22} - No CLSID value found
      IE - HKCU\..\URLSearchHook: {ee9aab28-7d67-44a3-aefc-c66aef34af76} - No CLSID value found
      IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
      FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
      FF - HKLM\Software\MozillaPlugins\@Playfin_1t.com/Plugin: C:\Program Files (x86)\Playfin_1t\bar\1.bin\NP1tStub.dll File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1tffxtbr@Playfin_1t.com: C:\Program Files (x86)\Playfin_1t\bar\1.bin
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
      [2012/01/31 21:02:33 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}
      [2012/01/07 05:48:04 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\immw6qkn.default\extensions\m3ffxtbr@mywebsearch.com
      O2 - BHO: (Shop to Win) - {0095C290-A428-4BDD-B98C-E0A116F1C702} - C:\Program Files (x86)\Shop to Win 9\Shop to Win 9.dll (Shop To Win, LLC)
      O2 - BHO: (no name) - {9d4f812f-17c3-4867-a2b5-99bd6b43a5be} - No CLSID value found.
      O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
      O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
      O2 - BHO: (no name) - {d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} - No CLSID value found.
      O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {d30bc29f-19f6-40b3-a91f-d4707048ade6} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {081D3CBE-4CB2-42F5-A343-14FDF38E1A22} - No CLSID value found.
      O4 - HKLM..\Run: [Playfin_1t Browser Plugin Loader] C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbrmon.exe File not found
      O4 - HKCU..\Run: [Shop To Win] C:\Program Files (x86)\Shop To Win\ShopToWin.exe (Jackpot Rewards)
      O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
      O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O33 - MountPoints2\{3f5f9ca6-7399-11e0-9f9f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Start.exe
      O33 - MountPoints2\{3f5f9ca6-7399-11e0-9f9f-806e6f6e6963}\Shell\Install\Command - "" = E:\Start.exe
      [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
      [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:CF31AEF5
      @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:4FCF116E
      @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:BDEBC850
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E5DE9C8F
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
      @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:91730504
      
      :Services
      Application Updater
      
      :Files
      C:\Program Files (x86)\Shop to Win 9
      C:\Program Files (x86)\MyWebSearch
      C:\Program Files (x86)\Common Files\FreeCause
      C:\Program Files (x86)\Application Updater
      C:\Program Files (x86)\Common Files\Spigot
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
    Please post the OTL fix log, the MBAM log and a new OTL system scan log in your next reply.

     

    You may need to make more than one post to fit all of the required information in.

Link to comment
Share on other sites

All processes killed

========== OTL ==========

Process ApplicationUpdater.exe killed successfully!

No active process named ShopToWin.exe was found!

No active process named SearchSettings.exe was found!

Service Application Updater stopped successfully!

Service Application Updater deleted successfully!

C:Program Files (x86)Application UpdaterApplicationUpdater.exe moved successfully.

Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{081d3cbe-4cb2-42f5-a343-14fdf38e1a22} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{081d3cbe-4cb2-42f5-a343-14fdf38e1a22} not found.

Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{ee9aab28-7d67-44a3-aefc-c66aef34af76} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{ee9aab28-7d67-44a3-aefc-c66aef34af76} not found.

Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{f92a9fe4-2850-4198-b9d5-279880e49b16} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{f92a9fe4-2850-4198-b9d5-279880e49b16} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@mywebsearch.com/Plugin deleted successfully.

Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@Playfin_1t.com/Plugin deleted successfully.

File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions1tffxtbr@Playfin_1t.com: C:Program Files (x86)Playfin_1tbar1.bin not found.

File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin not found.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{46d606b0-a645-11df-981c-0800200c9a66}META-INF folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{46d606b0-a645-11df-981c-0800200c9a66}chromeskin folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{46d606b0-a645-11df-981c-0800200c9a66}chromecontentlocale folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{46d606b0-a645-11df-981c-0800200c9a66}chromecontent folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{46d606b0-a645-11df-981c-0800200c9a66}chrome folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensions{46d606b0-a645-11df-981c-0800200c9a66} folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensionsm3ffxtbr@mywebsearch.comchrome folder moved successfully.

C:UsersjonathanAppDataRoamingMozillaFirefoxProfilesimmw6qkn.defaultextensionsm3ffxtbr@mywebsearch.com folder moved successfully.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0095C290-A428-4BDD-B98C-E0A116F1C702} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0095C290-A428-4BDD-B98C-E0A116F1C702} not found.

File C:Program Files (x86)Shop to Win 9Shop to Win 9.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9d4f812f-17c3-4867-a2b5-99bd6b43a5be} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9d4f812f-17c3-4867-a2b5-99bd6b43a5be} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} not found.

File C:Program Files (x86)Common FilesFreeCauseDCAdca-bho.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} not found.

64bit-Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 deleted successfully.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{d30bc29f-19f6-40b3-a91f-d4707048ade6} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{d30bc29f-19f6-40b3-a91f-d4707048ade6} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 deleted successfully.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{081D3CBE-4CB2-42F5-A343-14FDF38E1A22} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{081D3CBE-4CB2-42F5-A343-14FDF38E1A22} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunPlayfin_1t Browser Plugin Loader deleted successfully.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunShop To Win not found.

File C:Program Files (x86)Shop To WinShopToWin.exe not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunSearchSettings deleted successfully.

C:Program Files (x86)Common FilesSpigotSearch SettingsSearchSettings.exe moved successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsclonewarsadventures.com deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfreerealms.com deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssoe.com deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssony.com deleted successfully.

Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}

C:ProgramDatawebexieatgpc.inf moved successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerlivecall deleted successfully.

File ProtocolHandlerlivecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlermsnim deleted successfully.

File ProtocolHandlermsnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerskype-ie-addon-data deleted successfully.

File ProtocolHandlerskype-ie-addon-data - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerwlmailhtml deleted successfully.

File ProtocolHandlerwlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerwlpg deleted successfully.

File ProtocolHandlerwlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadWebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoadWebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{3f5f9ca6-7399-11e0-9f9f-806e6f6e6963} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3f5f9ca6-7399-11e0-9f9f-806e6f6e6963} not found.

File E:Start.exe not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerMountPoints2{3f5f9ca6-7399-11e0-9f9f-806e6f6e6963} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3f5f9ca6-7399-11e0-9f9f-806e6f6e6963} not found.

File E:Start.exe not found.

C:WindowsSysWow64ConduitEngine.tmp deleted successfully.

C:WindowsSysNativeSET736C.tmp deleted successfully.

ADS C:ProgramDataTemp:CF31AEF5 deleted successfully.

ADS C:ProgramDataTemp:4FCF116E deleted successfully.

ADS C:ProgramDataTemp:BDEBC850 deleted successfully.

ADS C:ProgramDataTemp:E5DE9C8F deleted successfully.

ADS C:ProgramDataTemp:D1B5B4F1 deleted successfully.

ADS C:ProgramDataTemp:91730504 deleted successfully.

========== SERVICES/DRIVERS ==========

Error: No service named Application Updater was found to stop!

ServiceDriver key Application Updater not found.

========== FILES ==========

FileFolder C:Program Files (x86)Shop to Win 9 not found.

FileFolder C:Program Files (x86)MyWebSearch not found.

C:Program Files (x86)Common FilesFreeCause folder moved successfully.

C:Program Files (x86)Application Updater folder moved successfully.

C:Program Files (x86)Common FilesSpigotwtxpcomcomponents folder moved successfully.

C:Program Files (x86)Common FilesSpigotwtxpcom folder moved successfully.

C:Program Files (x86)Common FilesSpigotSearch SettingsRes folder moved successfully.

C:Program Files (x86)Common FilesSpigotSearch SettingsLang folder moved successfully.

C:Program Files (x86)Common FilesSpigotSearch Settings folder moved successfully.

C:Program Files (x86)Common FilesSpigot folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: jonathan

->Temp folder emptied: 161140843 bytes

->Temporary Internet Files folder emptied: 9123363 bytes

->Java cache emptied: 33504831 bytes

->FireFox cache emptied: 207269290 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 33895 bytes

 

User: Kids

->Temp folder emptied: 54156532 bytes

->Temporary Internet Files folder emptied: 19758139 bytes

->Java cache emptied: 1822156 bytes

->FireFox cache emptied: 1078775514 bytes

->Google Chrome cache emptied: 386409546 bytes

->Flash cache emptied: 485898 bytes

 

User: KIDS.jonathan-HP

->Temp folder emptied: 32799 bytes

->Temporary Internet Files folder emptied: 622616 bytes

->FireFox cache emptied: 18687254 bytes

->Flash cache emptied: 41620 bytes

 

User: Mcx1-JONATHAN-HP

->Temp folder emptied: 516 bytes

->Temporary Internet Files folder emptied: 210417 bytes

->Flash cache emptied: 41620 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18795902 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 50199 bytes

RecycleBin emptied: 3064587 bytes

 

Total Files Cleaned = 1,902.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: jonathan

->Flash cache emptied: 0 bytes

 

User: Kids

->Flash cache emptied: 0 bytes

 

User: KIDS.jonathan-HP

->Flash cache emptied: 0 bytes

 

User: Mcx1-JONATHAN-HP

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

C:WindowsSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.0 log created on 02192012_181638

 

FilesFolders moved on Reboot...

C:UsersjonathanAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

 

Registry entries deleted on Reboot...

Link to comment
Share on other sites

Nothing detected,also I wanted to thank you for your patience I know this hasn't been a quick process.

 

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.19.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

jonathan :: JONATHAN-HP [administrator]

 

Protection: Enabled

 

2/19/2012 6:40:56 PM

mbam-log-2012-02-19 (18-40-56).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 236574

Time elapsed: 3 minute(s), 6 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to comment
Share on other sites

Hello Jacem5397

 

Things seem to be working,everything is loading real slow though.I don't know if it's a cookies thing,or?

Glad to hear that things appear to be improving. We cleaned out a lot of rubbish with OTL.

 

Lets continue with the following:

 

  • Please make all files and folders VISIBLE:

  • Close all open programs.
  • Click on the "Windows Orb" (bottom left hand corner of your screen).
  • Click on "Control Panel", and then on "Appearance and Personalization".
  • Under Folder Options, click on "Show hidden files and folders".
  • Remove the checkmark from the checkbox labeled "Hide extensions for known file types".
  • Remove the checkmark from the checkbox labeled "Hide protected operating system files (Recommended)".
  • Press the "Apply" button and then the "OK" button.
  • For more detail, please see here.
  • Please delete the following folder

    • Right-click your "Start" button and select "Explore".
    • Navigate to and delete the following folder in bold.
    C:\Users\jonathan\AppData\Roaming\Babylon <===== Delete this folder.

     

    • Once deleted, Empty your Recycle Bin.
  • Please run the following scan

    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the ESET log in your next reply along with a new OTL scan log.
Link to comment
Share on other sites

Due to inactivity, this topic has been closed.

 

If you are the topic starter and need this topic reopened, please PM a staff member (include the address of this thread in your request).

 

Everyone else please start a new topic.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...