Jump to content
Sign in to follow this  
edwin lang

hijackthis and dds logs can someone check them please,

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:30:46 PM, on 4/3/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

E:\TOMTOM\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\YCIII\YankClip.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\PROGRAM FILES (X86)\PICPICK\PICPICK.EXE

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe

C:\Users\Lan-Ed-Tul\Desktop\HijackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Users\Lan-Ed-Tul\Desktop\dds.scr

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe

O4 - HKLM\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\TOMTOM\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1625047142-631539774-3324415824-1007\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1625047142-631539774-3324415824-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: Yankee Clipper III.lnk = C:\Program Files (x86)\YCIII\YankClip.exe

O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/da/PCPitStop.CAB

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} (Java Plug-in 1.6.0_25) -

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} (Java Plug-in 1.6.0_27) -

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - E:\New folder\ReflectService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TomTomHOMEService - TomTom - E:\TOMTOM\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--

End of file - 16796 bytes

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • The fixes are specific to your problem and should only be used for the issues on this machine.

  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

  • It's often worth reading through these instructions and printing them for ease of reference.

  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

 

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

 

First we need to make all files and folders VISIBLE:

 

  • Go to start>control panel>folder options>view
  • Choose to "show hidden files and folders,"
  • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
  • Close the window with OK
Download CKScanner by askey127 from Here & save it to your Desktop.
  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
----------

 

What is it that is making you think you are having problems with malware? What symptoms are you experiencing?

----------

 

 

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Posted Image

Click the image to enlarge it

----------

 

In your next reply please post the logs made by ckscanner and aswMBR.

Share this post


Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-04 17:26:17

-----------------------------

17:26:17.166 OS Version: Windows x64 6.1.7601 Service Pack 1

17:26:17.166 Number of processors: 4 586 0x1707

17:26:17.166 ComputerName: NCC1701CPTKIRK UserName: Lan-Ed-Tul

17:26:19.475 Initialize success

17:27:06.579 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-0

17:27:06.579 Disk 0 Vendor: WDC_WD6400AAKS-22A7B0 01.03B01 Size: 610480MB BusType: 3

17:27:06.595 Disk 0 MBR read successfully

17:27:06.595 Disk 0 MBR scan

17:27:06.595 Disk 0 Windows 7 default MBR code

17:27:06.610 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 15915 MB offset 63

17:27:06.610 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 594561 MB offset 32595885

17:27:06.626 Disk 0 scanning C:Windowssystem32drivers

17:27:20.432 Service scanning

17:27:36.547 Modules scanning

17:27:36.547 Disk 0 trace - called modules:

17:27:36.563 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

17:27:36.563 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8006284060]

17:27:36.563 3 CLASSPNP.SYS[fffff88001b5043f] -> nt!IofCallDriver -> [0xfffffa8005f37520]

17:27:36.578 5 ACPI.sys[fffff88000f1f7a1] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-0[0xfffffa8005f39060]

17:27:36.578 Scan finished successfully

17:27:54.409 Disk 0 MBR has been saved successfully to "C:UsersLan-Ed-TulDesktopMBR.dat"

17:27:54.425 The log file has been saved successfully to "C:UsersLan-Ed-TulDesktopaswMBR.txt"

 

CKScanner - Additional Security Risks - These are not necessarily bad

 

 

 

 

 

scanner sequence 3.RP.11.EQAARI

----- EOF -----

 

only things have been IE8 been loading a lil slowly sometimes, and the main thing is in the hijackthis log i see alot of lines with file missing at the end, i was thinking i could delete those file missing lines in HJT but needed a pro opinion before i did that. it took me some fineggling to get the ck scanner to run, had to turn off norton AV temporarily to get it to run, but the above is all it come up with. i used to be into doing these HJT log evaluations myself from a friend who got me interested in it a few years ago, but havent kept up in last couple years so i kinda lost the knowledge to evaluate the logs. my wife just had her laptop taken in to best buy geek squad and she had viruses and stuff they said, told her to get the titanium trend micro suite, but before she had webroot, it messed up did odd things to it, we removed it and installed NIS2012, same as i have on THIS machine. they tried to say it wasnt doing the job, but i never had any issues with NIS on mine. so i decided to just find out if it was doing its job on mine. i also use spybot search and destroy, ad aware, spywareblaster, superantispyware(ocassionally run) and NIS2012, also i run online scanners housecall and emisisoft. also i have securnia psi that helps to keep my stuff updated. i have had problems with my machine sometimes freezing, not too often, but i reboot, and it wont, if i go to the bios screen, it doesnt show my hdd. so i leave it off for a while then try powerup later on, and it boots, dont know why its losing the hdd in bios like that, only thing i can think of is maybe hdd is failing, but i run the WD data lifeguard prg, and hdd passes with flying colors. i know some of this stuff prolly has nothing to do with malware or viruses, but i just wanted to check with a pro on this to make sure system is clean and if its ok to delete off the HJT lines that said file missing.

Share this post


Link to post
Share on other sites

Hi,

 

I see some entries that do need to go but so far nothing particularly bad. :)

 

 

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

 

**Note: It is important that it is saved directly to your desktop**

 

--------------------------------------------------------------------

 

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

 

--------------------------------------------------------------------

 

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

Share this post


Link to post
Share on other sites

yah i am just havent been online in a couple days, i will download and run the next thing you suggest, thats good that you dont see anything bad yet.

Share this post


Link to post
Share on other sites

Ok...let's try another way.

 

 

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C: drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/8/2012 12:10:02 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.00 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 61.47% Memory free

11.99 Gb Paging File | 9.72 Gb Available in Paging File | 81.06% Paging File free

Paging file location(s): ?:pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 580.63 Gb Total Space | 441.04 Gb Free Space | 75.96% Space Free | Partition Type: NTFS

Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 804.76 Gb Free Space | 86.39% Space Free | Partition Type: NTFS

 

Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersLan-Ed-TulDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios)

PRC - C:Program Files (x86)PicPickpicpick.exe (NTeWORKS)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited)

PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia)

PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation)

SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (CDScheduler) -- C:Program Files (x86)CyberDefenderSchedulerServiceSchedulerService.exe (CyberDefender Corp.)

SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

SRV - (ReflectService) -- E:New folderReflectService.exe ()

SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe ()

SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation)

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation)

DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software)

DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB)

DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software)

DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys ()

DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys ()

DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia)

DRV:64bit: - (MEMSWEEP2) -- C:WindowsSysNative91A6.tmp (Sophos Plc)

DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation)

DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.)

DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.)

DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant)

DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120407.016ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120407.016eng64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120406.002IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120317.002BHDrvx64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation)

DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH)

DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys ()

DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH)

DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies)

DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys ()

DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594#_pg=showFolder&fid=Inbox&order=down&tt=8&pSize=50&.rand=825442203&hash=22dc51734967b08b823fee4cfb1bb762&.jsrand=1458432

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - user.js - File not found

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

FF - [email protected]/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts)

FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

 

FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/02/08 18:38:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/01/31 04:58:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/08 00:13:12 | 000,000,000 | ---D | M]

FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

 

[2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions

[2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected]

[2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected]

 

O1 HOSTS File: ([2012/04/08 00:08:09 | 000,441,327 | R--- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15191 more lines...

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios)

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip ()

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O15 - HKCU..Trusted Domains: ebay.com ([my] https in Trusted sites)

O15 - HKCU..Trusted Domains: ebay.com ([signin] https in Trusted sites)

O15 - HKCU..Trusted Domains: facebook.com ([apps] https in Trusted sites)

O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites)

O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: secunia.com ([]https in Trusted sites)

O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1

O18:64bit: - ProtocolHandlergopher - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/08 12:07:50 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:UsersLan-Ed-TulDesktopOTL.exe

[2012/04/07 20:53:34 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/04/07 17:22:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/04/07 17:22:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/04/07 17:22:39 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/04/07 17:22:30 | 000,000,000 | ---D | C] -- C:WindowsERDNT

[2012/04/07 17:22:29 | 000,000,000 | ---D | C] -- C:ComboFix

[2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/04/07 17:17:39 | 004,452,637 | R--- | C] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe

[2012/04/03 17:27:41 | 000,607,260 | R--- | C] (Swearware) -- C:UsersLan-Ed-TulDesktopdds.scr

[2012/04/03 17:19:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:UsersLan-Ed-TulDesktopHijackThis.exe

[2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss

[2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes

[2012/03/27 22:33:54 | 000,000,000 | ---D | C] -- C:ProgramDataiolo

[2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll

[2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll

[2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll

[2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe

[2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll

[2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll

[17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ]

[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/08 12:26:01 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job

[2012/04/08 12:07:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:UsersLan-Ed-TulDesktopOTL.exe

[2012/04/08 12:04:02 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/04/08 09:38:34 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat

[2012/04/08 09:38:34 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat

[2012/04/08 00:20:39 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/08 00:20:39 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/08 00:12:37 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/04/08 00:12:35 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys

[2012/04/08 00:08:09 | 000,441,327 | R--- | M] () -- C:WindowsSysNativedriversetchosts

[2012/04/07 17:37:23 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120408-000809.backup

[2012/04/07 17:18:04 | 004,452,637 | R--- | M] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe

[2012/04/03 22:21:56 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/04/03 22:21:56 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/04/03 22:21:56 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2012/04/03 17:27:49 | 000,607,260 | R--- | M] (Swearware) -- C:UsersLan-Ed-TulDesktopdds.scr

[2012/04/03 17:19:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:UsersLan-Ed-TulDesktopHijackThis.exe

[2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 05:04:16 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk

[2012/03/27 04:51:02 | 001,557,464 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB

[2012/03/27 04:50:49 | 000,008,727 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120301.009

[2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS

[2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT

[2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF

[2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini

[2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup

[2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2012/03/12 04:44:34 | 000,001,246 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk

[2012/03/12 04:43:04 | 000,001,281 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk

[2012/03/12 04:28:52 | 000,003,380 | ---- | M] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg

[2012/03/12 04:25:30 | 000,853,690 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120316-022158.backup

[17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ]

[1 C:Windows*.tmp files -> C:Windows*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/04/07 17:22:39 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/04/07 17:22:39 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/04/07 17:22:39 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/04/07 17:22:39 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/04/07 17:22:39 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/03/12 04:44:34 | 000,001,246 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk

[2012/03/12 04:43:03 | 000,001,281 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk

[2012/03/12 04:28:51 | 000,003,380 | ---- | C] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg

[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe

[2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat

[2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI

[2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache

[2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc

[2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat

[2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol

[2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

 

========== LOP Check ==========

 

[2010/09/29 05:42:01 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAcreon

[2010/09/29 05:42:05 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAcronis

[2011/08/31 07:07:46 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAnvSoft

[2010/09/29 05:42:06 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAscentive

[2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAuslogics

[2011/03/08 12:04:25 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingAvery

[2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingBlitware

[2011/12/07 12:47:56 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingConverterLite

[2012/01/20 19:52:16 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingCyberDefender

[2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingDriverCure

[2011/08/01 20:33:35 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingElectronic Arts

[2011/10/30 06:03:47 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingFreshDiagnose

[2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingGrisoft

[2010/09/29 05:42:07 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingLeadertech

[2011/12/07 12:35:39 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingMP3Rocket

[2011/04/20 18:20:08 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingNCH Swift Sound

[2008/09/27 01:24:38 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingPeerNetworking

[2012/01/28 18:29:44 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingpicpick

[2010/04/18 05:16:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingSanDisk

[2009/10/05 10:08:33 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingSecunia CSI

[2010/09/29 05:42:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingTific

[2010/09/29 05:42:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingTomTom

[2011/09/08 04:02:04 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingUnity

[2011/12/24 00:26:02 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingVisan

[2011/09/04 22:31:19 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingWindows Live Writer

[2010/09/29 05:42:11 | 000,000,000 | ---D | M] -- C:UsersLan-Ed-TulAppDataRoamingWinPatrol

[2011/08/21 01:03:05 | 000,032,630 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34

< End of report >

 

OTL Extras logfile created on: 4/8/2012 12:10:02 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.00 Gb Total Physical Memory | 3.69 Gb Available Physical Memory | 61.47% Memory free

11.99 Gb Paging File | 9.72 Gb Available in Paging File | 81.06% Paging File free

Paging file location(s): ?:pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 580.63 Gb Total Space | 441.04 Gb Free Space | 75.96% Space Free | Partition Type: NTFS

Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 804.76 Gb Free Space | 86.39% Space Free | Partition Type: NTFS

 

Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl[@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

.hlp[@ = hlpfile] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%SysWow64control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:Windowssystem32rundll32.exe" "C:Windowssystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%SysWow64rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%SysWow64control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%SysWow64rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol

"{0D9D38E1-B123-4CC6-A575-0C5CE8667CD4}" = Macrium Reflect - Free Edition

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" =

"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java 6 Update 31 (64-bit)

"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol

"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3

"{88BA7C21-7287-4EE9-855A-7FF1B311CAA0}"

Share this post


Link to post
Share on other sites

Hi,

 

Sorry about the delay...

 

 

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

----------

 

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    :Services
    
    :OTL
    
    SRV - (CDScheduler) -- C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe (CyberDefender Corp.)
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O15 - HKCU\..Trusted Domains: ebay.com ([my] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    O34 - HKLM BootExecute: (autocheck lsdelete)
    [17 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2012/01/20 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Lan-Ed-Tul\AppData\Roaming\CyberDefender
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

Share this post


Link to post
Share on other sites

trying to let prg run, but it keeps on goin not responding on me. keeps hanging on the lsdelete lines . those are part of the adaware prg. its also while trying to run the fix, my icons for adaware, malwarebytes and others in my systray are disappearing, while prg stays locked up in not responding. all very similar to when i tried to run combofix it kept hanging up. i do a manual reboot and everythings back as it should be

Edited by edwin lang

Share this post


Link to post
Share on other sites

Hi,

 

Since it seems to hang try this fix instead...

 

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    SRV - (CDScheduler) -- C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe (CyberDefender Corp.)
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
    IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O15 - HKCU\..Trusted Domains: ebay.com ([my] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    [17 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2012/01/20 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Lan-Ed-Tul\AppData\Roaming\CyberDefender
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/10/2012 4:30:27 PM - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktopHJT stuff

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.00 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 67.91% Memory free

11.99 Gb Paging File | 9.90 Gb Available in Paging File | 82.54% Paging File free

Paging file location(s): ?:pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 580.63 Gb Total Space | 440.24 Gb Free Space | 75.82% Space Free | Partition Type: NTFS

Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 809.99 Gb Free Space | 86.95% Space Free | Partition Type: NTFS

 

Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersLan-Ed-TulDesktopHJT stuffOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited)

PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia)

PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation)

SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

SRV - (ReflectService) -- E:New folderReflectService.exe ()

SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe ()

SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation)

DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation)

DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software)

DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB)

DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software)

DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys ()

DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys ()

DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia)

DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation)

DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.)

DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.)

DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant)

DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120410.003ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120410.003eng64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120402.001BHDrvx64.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120406.003IDSviA64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation)

DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH)

DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys ()

DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH)

DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies)

DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys ()

DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594#_pg=showFolder&fid=Inbox&order=down&tt=8&pSize=50&.rand=825442203&hash=22dc51734967b08b823fee4cfb1bb762&.jsrand=1458432

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - user.js - File not found

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts)

 

FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/02/08 18:38:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/01/31 04:58:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/10 16:24:11 | 000,000,000 | ---D | M]

FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

 

[2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions

[2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected]

[2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected]

 

O1 HOSTS File: ([2012/04/08 00:08:09 | 000,441,327 | R--- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 15191 more lines...

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios)

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip ()

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O15 - HKCU..Trusted Domains: yahoo.com ([us.mc1612.mail] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1

O18:64bit: - ProtocolHandlergopher - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/10 02:57:10 | 000,000,000 | ---D | C] -- C:ComboFix

[2012/04/09 23:23:10 | 000,000,000 | ---D | C] -- C:_OTL

[2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsERUNT

[2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT

[2012/04/09 04:17:14 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulDesktopHJT stuff

[2012/04/07 20:53:34 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/04/07 17:22:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/04/07 17:22:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/04/07 17:22:39 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/04/07 17:22:30 | 000,000,000 | ---D | C] -- C:WindowsERDNT

[2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/04/07 17:17:39 | 004,452,637 | R--- | C] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe

[2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss

[2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes

[2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll

[2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll

[2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll

[2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe

[2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll

[2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/10 16:31:49 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/10 16:31:49 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/10 16:28:32 | 000,000,000 | -HS- | M] () -- C:DkHyperbootSync

[2012/04/10 16:26:00 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job

[2012/04/10 16:23:54 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/04/10 16:23:45 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys

[2012/04/10 16:08:31 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/04/10 15:22:50 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat

[2012/04/10 15:22:50 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat

[2012/04/10 04:04:04 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/04/10 03:43:44 | 011,796,480 | -HS- | M] () -- C:UsersLan-Ed-Tulntuser.bak

[2012/04/09 04:31:37 | 000,000,623 | ---- | M] () -- C:UsersPublicDesktopWorld of Warcraft.lnk

[2012/04/09 04:25:26 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/04/08 00:08:09 | 000,441,327 | R--- | M] () -- C:WindowsSysNativedriversetchosts

[2012/04/07 17:37:23 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120408-000809.backup

[2012/04/07 17:18:04 | 004,452,637 | R--- | M] (Swearware) -- C:UsersLan-Ed-TulDesktopComboFix.exe

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2012/04/03 22:21:56 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/04/03 22:21:56 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/04/03 22:21:56 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk

[2012/03/27 04:51:02 | 001,557,464 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB

[2012/03/27 04:50:49 | 000,008,727 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120301.009

[2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS

[2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT

[2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF

[2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini

[2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup

[2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2012/03/12 04:44:34 | 000,001,246 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk

[2012/03/12 04:43:04 | 000,001,281 | ---- | M] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk

[2012/03/12 04:28:52 | 000,003,380 | ---- | M] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg

[2012/03/12 04:25:30 | 000,853,690 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120316-022158.backup

 

========== Files Created - No Company Name ==========

 

[2012/04/10 16:28:32 | 000,000,000 | -HS- | C] () -- C:DkHyperbootSync

[2012/04/07 17:22:39 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/04/07 17:22:39 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/04/07 17:22:39 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/04/07 17:22:39 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/04/07 17:22:39 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/03/12 04:44:34 | 000,001,246 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Disk Defrag.lnk

[2012/03/12 04:43:03 | 000,001,281 | ---- | C] () -- C:UsersLan-Ed-TulDesktopAuslogics Registry Cleaner.lnk

[2012/03/12 04:28:51 | 000,003,380 | ---- | C] () -- C:UsersLan-Ed-TulDocumentscc_20120312_042846.reg

[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe

[2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat

[2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI

[2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache

[2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc

[2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat

[2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol

[2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34

< End of report >

 

 

 

 

the prg run, had a few momentary not respondings thruout but continued to run to end nonetheless. i just checked the windows defender prg, and now the module cant be found, and service will NOT start, i beleive that was the cyberdefender thing that kept showing up on log reports. so what do i do about windows defender no longer working after these scan/fixes?

Share this post


Link to post
Share on other sites

Hi,

 

Let's take a look at Windows Defender...

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
----------

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan as shown below.

     

    Posted Image

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
The log can also be found here:

C:Documents and Settings<User name>Application DataMalwarebytesMalwarebytes' Anti-MalwareLogsmbam-log-date (time).txt

----------

 

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image
  • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

----------

 

In your next reply please post the logs created by Farbar Service Scanner, Malwarebytes and ESET online scanner. :)

Edited by jeffce

Share this post


Link to post
Share on other sites

i already run malwarebytes pro paid version and run it as requested. malwarebytes scan came up clean.

 

 

Farbar Service Scanner Version: 01-03-2012

Ran by Lan-Ed-Tul (administrator) on 11-04-2012 at 01:05:10

Running from "C:UsersLan-Ed-TulDesktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

 

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"EnableFirewall"=DWORD:0

 

System Restore:

============

System Restore Disabled Policy:

========================

 

Action Center:

============

Windows Update:

============

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend: "%ProgramFiles(x86)%Windows Defendermpsvc.dll".

 

File Check:

========

C:WindowsSystem32nsisvc.dll => MD5 is legit

C:WindowsSystem32driversnsiproxy.sys => MD5 is legit

C:WindowsSystem32dhcpcore.dll => MD5 is legit

C:WindowsSystem32driversafd.sys => MD5 is legit

C:WindowsSystem32driverstdx.sys => MD5 is legit

C:WindowsSystem32Driverstcpip.sys => MD5 is legit

C:WindowsSystem32dnsrslvr.dll => MD5 is legit

C:WindowsSystem32mpssvc.dll => MD5 is legit

C:WindowsSystem32bfe.dll => MD5 is legit

C:WindowsSystem32driversmpsdrv.sys => MD5 is legit

C:WindowsSystem32SDRSVC.dll => MD5 is legit

C:WindowsSystem32vssvc.exe => MD5 is legit

C:WindowsSystem32wscsvc.dll => MD5 is legit

C:WindowsSystem32wbemWMIsvc.dll => MD5 is legit

C:WindowsSystem32wuaueng.dll => MD5 is legit

C:WindowsSystem32qmgr.dll => MD5 is legit

C:WindowsSystem32es.dll => MD5 is legit

C:WindowsSystem32cryptsvc.dll => MD5 is legit

C:Program FilesWindows DefenderMpSvc.dll => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSystem32rpcss.dll => MD5 is legit

 

**** End of log ****

 

 

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.10.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Lan-Ed-Tul :: NCC1701CPTKIRK [administrator]

Protection: Enabled

4/11/2012 1:03:23 AM

mbam-log-2012-04-11 (01-03-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 218995

Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

 

i run the eset scan, came up clean with no option to print a list out, since it found nothing

Share this post


Link to post
Share on other sites

ok i got windows defender working again, but had to do a system restore back bout a week ago on a windows update i did. it only messed up when we commenced doing these scans, so one of those scans did whatever it did to foul up WD. all those malware scans are comin up clean so far, thinkin it all goes back to that HJT scan with whatever the file missing lines were all about.

Share this post


Link to post
Share on other sites

Ok...since Malwarebytes and ESET are good lets get a fresh scan with OTL and see what we have. :)

Share this post


Link to post
Share on other sites

how do you want it run? minimal output and just scan or also the lop and purity check? im hoping this isnt the scan that messed up the windows defender. right now since i did a week old restore point restore and reupdated the security prgs of adware, spybot S&D, spywareblaster, malwarebytes, NIS 2012, etc.., and run scans with them and all came up clean. and also computer is running pretty good right now.

Edited by edwin lang

Share this post


Link to post
Share on other sites

Hi,

 

Don't worry about OTL. This is just a diagnostic run to see what is left over. :) This time select Minimal Output and don't worry about LOP or Purity being checked and just press Scan....not Quick Scan.

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/11/2012 5:01:57 PM - Run 2

OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktopHJT stuff

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.00 Gb Total Physical Memory | 3.22 Gb Available Physical Memory | 53.63% Memory free

11.99 Gb Paging File | 9.10 Gb Available in Paging File | 75.86% Paging File free

Paging file location(s): ?:pagefile.sys

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 580.63 Gb Total Space | 444.36 Gb Free Space | 76.53% Space Free | Partition Type: NTFS

Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 810.00 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

 

Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersLan-Ed-TulDesktopHJT stuffOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios)

PRC - C:Program Files (x86)PicPickpicpick.exe (NTeWORKS)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)

PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

PRC - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe (Google Inc.)

PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited)

PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia)

PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (CDScheduler) -- C:Program Files (x86)CyberDefenderSchedulerServiceSchedulerService.exe (CyberDefender Corp.)

SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

SRV - (ReflectService) -- E:New folderReflectService.exe ()

SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe ()

SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation)

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation)

DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software)

DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB)

DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software)

DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys ()

DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys ()

DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia)

DRV:64bit: - (MEMSWEEP2) -- C:WindowsSysNative91A6.tmp (Sophos Plc)

DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation)

DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.)

DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.)

DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant)

DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.003ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.003eng64.sys (Symantec Corporation)

DRV - (EraserUtilDrv11122) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilDrv11122.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120410.002_5faIDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120402.001_5dfBHDrvx64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation)

DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH)

DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys ()

DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH)

DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies)

DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys ()

DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = Preserve

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - user.js - File not found

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/Plugin: File not found

FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/NpWinExt,version=5.0: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0npwinext.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

FF - [email protected]/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts)

FF - HKCUSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll (Pando Networks)

 

FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/04/11 07:40:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/04/11 07:40:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/11 04:43:32 | 000,000,000 | ---D | M]

FF - [email protected].com: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0Firefox [2012/04/11 07:40:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{27182e60-b5f3-411c-b545-b44205977502}: C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperfirefoxextensionSearchHelperExtension [2012/04/11 07:40:21 | 000,000,000 | ---D | M]

FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

 

[2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions

[2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected]

[2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected]

 

O1 HOSTS File: ([2012/04/11 05:05:52 | 000,854,337 | R--- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost # Loopback

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 15192 more lines...

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [Display] C:Program Files (x86)APCPowerChute Personal EditionDataCollectionLauncher.exe (Schneider Electric)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerupdaterealsched.exe (RealNetworks, Inc.)

O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios)

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip ()

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU..Trusted Domains: ebay.com ([my] https in Trusted sites)

O15 - HKCU..Trusted Domains: ebay.com ([signin] https in Trusted sites)

O15 - HKCU..Trusted Domains: facebook.com ([apps] https in Trusted sites)

O15 - HKCU..Trusted Domains: facebook.com ([www] https in Trusted sites)

O15 - HKCU..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: secunia.com ([]https in Trusted sites)

O15 - HKCU..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O16 - DPF: ppctlcab http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1

O18:64bit: - ProtocolHandlergopher - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (lsdelete)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/11 01:15:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET

[2012/04/09 23:23:10 | 000,000,000 | ---D | C] -- C:_OTL

[2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT

[2012/04/09 04:17:14 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulDesktopHJT stuff

[2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss

[2012/03/30 16:46:21 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingvlc

[2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes

[2012/03/27 05:01:52 | 000,000,000 | ---D | C] -- C:Program Files (x86)MSN Toolbar

[2012/03/27 05:01:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)Bing Bar Installer

[2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll

[2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll

[2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll

[2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe

[2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll

[2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll

[3 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

[2 C:Windows*.tmp files -> C:Windows*.tmp -> ]

[17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/11 17:04:02 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/04/11 17:01:40 | 000,000,000 | -HS- | M] () -- C:DkHyperbootSync

[2012/04/11 16:26:00 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job

[2012/04/11 15:41:07 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat

[2012/04/11 15:41:07 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat

[2012/04/11 05:05:52 | 000,854,337 | R--- | M] () -- C:WindowsSysNativedriversetchosts

[2012/04/11 05:00:34 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/04/11 04:52:59 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/11 04:52:59 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/11 04:43:02 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/04/11 04:42:51 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys

[2012/04/10 03:43:44 | 011,796,480 | -HS- | M] () -- C:UsersLan-Ed-Tulntuser.bak

[2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 04:58:56 | 000,853,622 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120411-050552.backup

[2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk

[2012/03/27 04:51:02 | 001,557,464 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB

[2012/03/27 04:50:49 | 000,008,727 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120301.009

[2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS

[2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT

[2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF

[2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini

[2012/03/17 13:05:13 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/03/17 13:05:13 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/03/17 13:05:13 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup

[2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[3 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

[2 C:Windows*.tmp files -> C:Windows*.tmp -> ]

[17 C:WindowsSysNative*.tmp files -> C:WindowsSysNative*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/04/11 17:01:40 | 000,000,000 | -HS- | C] () -- C:DkHyperbootSync

[2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 05:02:07 | 000,001,380 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Default Manager.lnk

[2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/02/09 21:05:44 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe

[2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat

[2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI

[2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache

[2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc

[2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat

[2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol

[2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:ProgramDataTEMP:5C321E34

< End of report >

Share this post


Link to post
Share on other sites

Hi,

 

I was afraid that this happened. When you restored your system it was to a point that the infections were still present so we have some more work to do.

 

Print out these instructions as we may need to close every window that is open later in the fix.

 

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

 

Do not reboot your computer after running rkill as the malware programs will start again.

 

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

Do not reboot your computer after running rkill as the malware programs will start again.

----------

 

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    SRV - (CDScheduler) -- C:\Program Files (x86)\CyberDefender\SchedulerService\SchedulerService.exe (CyberDefender Corp.)
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.mc1612.mai...?.tm=1315028594
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...&q={SEARCHTERMS}
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O15 - HKCU\..Trusted Domains: ebay.com ([my] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ebay.com ([signin] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([apps] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: secunia.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: ppctlcab http://ppupdates.ca....er/ppctlcab.cab (Reg Error: Key error.)
    [2012/03/27 05:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [17 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Share this post


Link to post
Share on other sites

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Service CDScheduler stopped successfully!

Service CDScheduler deleted successfully!

C:Program Files (x86)CyberDefenderSchedulerServiceSchedulerService.exe moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.

HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} not found.

Registry key [email protected]/PandoWebPlugin deleted successfully.

C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll moved successfully.

Registry key HKEY_CURRENT_USERSoftwareMozillaPluginspandonetworks.com/PandoWebPlugin deleted successfully.

File C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsebay.commy deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsebay.comsignin deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfacebook.comapps deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfacebook.comwww deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsfreerealms.com deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssecunia.com deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssoe.com deleted successfully.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainssony.com deleted successfully.

Starting removal of ActiveX control ppctlcab

Registry error reading value HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution UnitsppctlcabDownloadInformationINF .

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Unitsppctlcab deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Componentsppctlcab not found.

C:Program Files (x86)Bing Bar InstallerOFFLINEJS folder moved successfully.

C:Program Files (x86)Bing Bar InstallerOFFLINE folder moved successfully.

C:Program Files (x86)Bing Bar Installer folder moved successfully.

C:WindowsSysWow64SET667D.tmp deleted successfully.

C:WindowsSysWow64SET6A40.tmp deleted successfully.

C:WindowsSysWow64SETB8E4.tmp deleted successfully.

C:WindowsSysWow64SETE32B.tmp deleted successfully.

C:Windows1C4551A64743409391E41477CD655043.TMPWiseCustomCalla.dll deleted successfully.

C:Windows1C4551A64743409391E41477CD655043.TMP folder deleted successfully.

C:WindowsisRS-000.tmp deleted successfully.

C:WindowsSysNative188D.tmp deleted successfully.

C:WindowsSysNative1AF1.tmp deleted successfully.

C:WindowsSysNative4630.tmp deleted successfully.

C:WindowsSysNative660D.tmp deleted successfully.

C:WindowsSysNative6826.tmp deleted successfully.

C:WindowsSysNative8F26.tmp deleted successfully.

C:WindowsSysNative91A6.tmp deleted successfully.

C:WindowsSysNativeD394.tmp deleted successfully.

C:WindowsSysNativeDEAB.tmp deleted successfully.

C:WindowsSysNativeEF7C.tmp deleted successfully.

C:WindowsSysNativeF99A.tmp deleted successfully.

C:WindowsSysNativeFCC3.tmp deleted successfully.

C:WindowsSysNativeSET5370.tmp deleted successfully.

C:WindowsSysNativeSET5D0B.tmp deleted successfully.

C:WindowsSysNativeSET84FB.tmp deleted successfully.

C:WindowsSysNativeSET93CA.tmp deleted successfully.

C:WindowsSysNativeSETB16F.tmp deleted successfully.

C:WindowsSysNativeSETC40B.tmp deleted successfully.

C:WindowsSysNativeSETCF07.tmp deleted successfully.

C:WindowsSysNativeSETD92E.tmp deleted successfully.

C:WindowsSysNativeSETED3D.tmp deleted successfully.

C:WindowsSysNativeSETEE19.tmp deleted successfully.

ADS C:ProgramDataTEMP:5C321E34 deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:UsersLan-Ed-TulDesktopHJT stuffcmd.bat deleted successfully.

C:UsersLan-Ed-TulDesktopHJT stuffcmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Flash cache emptied: 53632 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Desktop

 

User: Lan-Ed-Tul

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 9955638 bytes

->Java cache emptied: 573276 bytes

->Flash cache emptied: 54102 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Flash cache emptied: 53632 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3084 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 34028 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalLowSunJavaDeployment folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 10.00 mb

 

 

OTL by OldTimer - Version 3.2.39.2 log created on 04122012_171808

FilesFolders moved on Reboot...

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5WID89V0Aaddons-tracker-v4[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5WID89V0Aaddons-v4[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5TMK28GIZgetAds[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5TMK28GIZgetAds[2].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5TMK28GIZmd[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL901[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9DtCol[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9error[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9error[2].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9fmr[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9getAds[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9getInPage[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9iframe3[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9iframe3[2].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9md[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9st[1] moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9st[2] moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9st[3] moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5IEPD6FL9welcome[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5AD8CXPNK300x250iframeusa[1].html moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C25812[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258aceUAC[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258ai[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258facebook_com[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258forumdisplay[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE59062C258iframe3[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXeBayISAPI[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXfastbutton[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXgplus_notifications_gadget[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXgplus_notifications_gadget[2].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXiframe3[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXindex[1].htm moved successfully.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXst[2] moved successfully.

File move failed. C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE55ZGVYSKXtrk=172593;pr=25;xp=25;np=25;uz=74017-1551;fbi=619;sbi=15197;fbo=11450;sbo=4250;fse=11450;sse=163147;fvi=220;svi=2562;cg=c28c28f11350a0aa1253ae63fe84ccc8[1].htm scheduled to be moved on reboot.

C:UsersLan-Ed-TulAppDataLocalMicrosoftWindowsTemporary Internet FilesAntiPhishing2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

never had any problems downloading anything, i got the 1st prg in list downloaded and run, and heres the log from it:,

had to reboot as prg wanted, but had to reboot one more time as some of icons in systray werent showing up, they did after the 2nd reboot, running the OTL scan now

Edited by edwin lang

Share this post


Link to post
Share on other sites

OTL logfile created on: 4/12/2012 5:30:27 PM - Run 3

OTL by OldTimer - Version 3.2.39.2 Folder = C:UsersLan-Ed-TulDesktopHJT stuff

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.00 Gb Total Physical Memory | 4.06 Gb Available Physical Memory | 67.66% Memory free

11.99 Gb Paging File | 10.13 Gb Available in Paging File | 84.46% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 580.63 Gb Total Space | 435.67 Gb Free Space | 75.03% Space Free | Partition Type: NTFS

Drive D: | 15.54 Gb Total Space | 13.18 Gb Free Space | 84.83% Space Free | Partition Type: NTFS

Drive E: | 931.51 Gb Total Space | 810.00 Gb Free Space | 86.96% Space Free | Partition Type: NTFS

 

Computer Name: NCC1701CPTKIRK | User Name: Lan-Ed-Tul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersLan-Ed-TulDesktopHJT stuffOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)BillP StudiosWinPatrolWinPatrol.exe (BillP Studios)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

PRC - C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

PRC - C:Program Files (x86)APCPowerChute Personal Editionapcsystray.exe (Schneider Electric)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

PRC - E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

PRC - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccsvchst.exe (Symantec Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

PRC - C:Program Files (x86)LavasoftAd-AwareAAWTray.exe (Lavasoft Limited)

PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia)

PRC - C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

PRC - C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

PRC - C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)BillP StudiosWinPatrolsqlite3.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (Diskeeper) -- C:Program FilesDiskeeper CorporationDiskeeperDkService.exe (Diskeeper Corporation)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (Intel® PROSet Monitoring Service) Intel® -- C:WindowsSysNativeIPROSetMonitor.exe (Intel Corporation)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (XAudioService) -- C:WindowsSysNativedriversXAudio64.exe (Conexant Systems, Inc.)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (a2AntiMalware) -- C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe (Emsi Software GmbH)

SRV - (APC Data Service) -- C:Program Files (x86)APCPowerChute Personal Editiondataserv.exe (Schneider Electric)

SRV - (APC UPS Service) -- C:Program Files (x86)APCPowerChute Personal Editionmainserv.exe (Schneider Electric)

SRV - (TomTomHOMEService) -- E:TOMTOMTomTom HOME 2TomTomHOMEService.exe (TomTom)

SRV - (NIS) -- C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ccSvcHst.exe (Symantec Corporation)

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (Lavasoft Ad-Aware Service) -- C:Program Files (x86)LavasoftAd-AwareAAWService.exe (Lavasoft Limited)

SRV - (ReflectService) -- E:New folderReflectService.exe ()

SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

SRV - (HPSLPSVC) -- C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (PMBDeviceInfoProvider) -- C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (MotoConnect Service) -- C:Program Files (x86)MotorolaMotoConnectServiceMotoConnectService.exe ()

SRV - (PCPitstop Scheduling) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe (PC Pitstop LLC)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (SymEvent) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS (Symantec Corporation)

DRV:64bit: - (Fs_Rec) -- C:WindowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (SymNetS) -- C:WindowsSysNativedriversNISx641306020.00Asymnets.sys (Symantec Corporation)

DRV:64bit: - (SymEFA) -- C:WindowsSysNativedriversNISx641306020.00Asymefa64.sys (Symantec Corporation)

DRV:64bit: - (SymIRON) -- C:WindowsSysNativedriversNISx641306020.00Aironx64.sys (Symantec Corporation)

DRV:64bit: - (SRTSP) -- C:WindowsSysNativedriversNISx641306020.00Asrtsp64.sys (Symantec Corporation)

DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:WindowsSysNativedriversNISx641306020.00Asrtspx64.sys (Symantec Corporation)

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (ccSet_NIS) -- C:WindowsSysNativedriversNISx641306020.00Accsetx64.sys (Symantec Corporation)

DRV:64bit: - (sbapifs) -- C:WindowsSysNativedriverssbapifs.sys (Sunbelt Software)

DRV:64bit: - (Lbd) -- C:WindowsSysNativedriversLbd.sys (Lavasoft AB)

DRV:64bit: - (SymDS) -- C:WindowsSysNativedriversNISx641306020.00Asymds64.sys (Symantec Corporation)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (PSMounter) -- C:WindowsSysNativedriverspsmounter.sys (Macrium Software)

DRV:64bit: - (SBRE) -- C:WindowsSysNativedriversSBREDrv.sys (Sunbelt Software)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (atksgt) -- C:WindowsSysNativedriversatksgt.sys ()

DRV:64bit: - (lirsgt) -- C:WindowsSysNativedriverslirsgt.sys ()

DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia)

DRV:64bit: - (e1express) Intel® -- C:WindowsSysNativedriverse1e6232e.sys (Intel Corporation)

DRV:64bit: - (DKRtWrt) -- C:WindowsSysNativedriversDKRtWrt.sys (Diskeeper Corporation)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (WSDPrintDevice) -- C:WindowsSysNativedriversWSDPrint.sys (Microsoft Corporation)

DRV:64bit: - (StillCam) -- C:WindowsSysNativedriversserscan.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (RTSTOR) -- C:WindowsSysNativedriversRTSTOR64.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (WmFilter) -- C:WindowsSysNativedriversWmFilter.sys (Logitech Inc.)

DRV:64bit: - (ahcix64s) -- C:WindowsSysNativedriversahcix64s.sys (AMD Technologies Inc.)

DRV:64bit: - (PxHlpa64) -- C:WindowsSysNativedriversPxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (HSF_DPV) -- C:WindowsSysNativedriversCAX_DPV.sys (Conexant Systems, Inc.)

DRV:64bit: - (CAXHWBS2) -- C:WindowsSysNativedriversCAXHWBS2.sys (Conexant Systems, Inc.)

DRV:64bit: - (winachsf) -- C:WindowsSysNativedriversCAX_CNXT.sys (Conexant Systems, Inc.)

DRV:64bit: - (XAudio) -- C:WindowsSysNativedriversXAudio64.sys (Conexant Systems, Inc.)

DRV:64bit: - (mdmxsdk) -- C:WindowsSysNativedriversmdmxsdk.sys (Conexant)

DRV - (NAVEX15) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.034ex64.sys (Symantec Corporation)

DRV - (NAVENG) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsVirusDefs20120411.034eng64.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (IDSVia64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsIPSDefs20120411.001IDSviA64.sys (Symantec Corporation)

DRV - (BHDrvx64) -- C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3DefinitionsBASHDefs20120402.001_5dfBHDrvx64.sys (Symantec Corporation)

DRV - (eeCtrl) -- C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys (Symantec Corporation)

DRV - (a2acc) -- C:Program Files (x86)Emsisoft Anti-Malwarea2accx64.sys (Emsi Software GmbH)

DRV - (Lavasoft Kernexplorer) -- C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys ()

DRV - (A2DDA) -- C:Program Files (x86)Emsisoft Anti-Malwarea2ddax64.sys (Emsi Software GmbH)

DRV - (DrvAgent64) -- C:WindowsSysWOW64driversDrvAgent64.SYS (Phoenix Technologies)

DRV - (1UnHooker) -- C:WindowsSysWOW64drivers1UnHooker.sys ()

DRV - (SASENUM) -- C:Program Files (x86)SUPERAntiSpywareSASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

DRV - (TVICHW64) -- C:WindowsSysWOW64driversTVICHW64.SYS (EnTech Taiwan)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = Preserve

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = [binary data over 100 bytes]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://us.mc1612.mail.yahoo.com/mc/welcome?.tm=1315028594

IE - HKCU..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - user.js - File not found

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/ShockwavePlayer: C:Windowssystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.)

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/Plugin: File not found

FF - [email protected]/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - [email protected]/JavaPlugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/NpWinExt,version=5.0: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0npwinext.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

FF - [email protected]/nppl3260;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - [email protected]/nprjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nprpchromebrowserrecordext;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - [email protected]/nprphtml5videoshim;version=15.0.2.72: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - [email protected]/nprpjplug;version=15.0.2.72: c:program files (x86)realrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - [email protected]/nsJSRealPlayerPlugin;version=: File not found

FF - [email protected]/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - [email protected]/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.57npGoogleUpdate3.dll File not found

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - [email protected]/UnityPlayer,version=1.0: C:UsersLan-Ed-TulAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll (Unity Technologies ApS)

FF - HKCUSoftwareMozillaPluginselectronicarts.com/GameFacePlugin: C:UsersLan-Ed-TulAppDataRoamingElectronic ArtsGame FacenpGameFacePlugin.dll (Electronic Arts)

 

FF - HKE[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/04/11 07:40:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3IPSFFPlgn [2012/04/11 07:40:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.1.1.3coFFPlgn [2012/04/12 17:27:20 | 000,000,000 | ---D | M]

FF - [email protected].com: C:Program Files (x86)MSN ToolbarPlatform5.0.1423.0Firefox [2012/04/11 07:40:21 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{27182e60-b5f3-411c-b545-b44205977502}: C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperfirefoxextensionSearchHelperExtension [2012/04/11 07:40:21 | 000,000,000 | ---D | M]

FF - HK[email protected]hp.com: C:Program Files (x86)HPDigital ImagingSmart Web PrintingMozillaAddOn3 [2011/05/12 17:27:10 | 000,000,000 | ---D | M]

 

[2010/09/29 05:42:09 | 000,000,000 | ---D | M] (No name found) -- C:UsersLan-Ed-TulAppDataRoamingMozillaExtensions

[2010/08/22 16:32:49 | 000,000,000 | ---D | M] (No name found) -- C:[email protected]

[2012/03/03 00:00:16 | 000,000,000 | ---D | M] (Map status indicator) -- E:TOMTOMTOMTOM HOME [email protected]

 

O1 HOSTS File: ([2012/04/11 05:05:52 | 000,854,337 | R--- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost # Loopback

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 15192 more lines...

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.7227.1100swg64.dll (Google Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program Files (x86)Yahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10ipsipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre6binssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.7.7227.1100swg.dll (Google Inc.)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKLM..Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton Internet SecurityEngine19.6.2.10coieplg.dll (Symantec Corporation)

O4 - HKLM..Run: [] File not found

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [Display] C:Program Files (x86)APCPowerChute Personal EditionDataCollectionLauncher.exe (Schneider Electric)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [WinPatrol] C:Program Files (x86)BillP StudiosWinPatrolwinpatrol.exe (BillP Studios)

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..Run: [TomTomHOME.exe] E:TOMTOMTomTom HOME 2TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAdobe Gamma.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupCurseClientStartup.ccip ()

O4 - Startup: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupYankee Clipper III.lnk = C:Program Files (x86)YCIIIYankClip.exe (inteleXual.com)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DontDisplayLogonHoursWarnings = 1

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: LogonHoursAction = 2

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/da/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} http://ppupdates.ca.com/downloads/scanner/axscanner.cab (PPSDKActiveXScanner.MainScreen)

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab (DLM Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.16.0.cab (SysInfo Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1 68.94.156.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{CDAFA582-DA8D-4806-9B51-EA9BD5E01368}: DhcpNameServer = 192.168.0.1 68.94.156.1

O18:64bit: - ProtocolHandlergopher - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL) - C:Program Files (x86)SUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:UsersLan-Ed-TulAppDataRoamingMicrosoftWindows Photo GalleryWindows Photo Gallery Wallpaper.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program Files (x86)SUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck lsdelete)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/12 06:23:20 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsNVIDIA Corporation

[2012/04/12 06:20:24 | 025,543,488 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvoglv64.dll

[2012/04/12 06:20:24 | 025,222,976 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcompiler.dll

[2012/04/12 06:20:24 | 019,444,544 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvoglv32.dll

[2012/04/12 06:20:24 | 017,543,488 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcompiler.dll

[2012/04/12 06:20:24 | 008,008,000 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcuda.dll

[2012/04/12 06:20:24 | 007,713,088 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvwgf2um.dll

[2012/04/12 06:20:24 | 005,892,928 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcuda.dll

[2012/04/12 06:20:24 | 002,872,640 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcuvenc.dll

[2012/04/12 06:20:24 | 002,672,448 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysNativenvcuvid.dll

[2012/04/12 06:20:24 | 002,517,312 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcuvid.dll

[2012/04/12 06:20:24 | 002,437,440 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvcuvenc.dll

[2012/04/12 06:20:24 | 002,301,248 | ---- | C] (NVIDIA Corporation) -- C:WindowsSysWow64nvapi.dll

[2012/04/12 06:20:24 | 000,068,928 | ---- | C] (Khronos Group) -- C:WindowsSysNativeOpenCL.dll

[2012/04/12 06:20:24 | 000,061,248 | ---- | C] (Khronos Group) -- C:WindowsSysWow64OpenCL.dll

[2012/04/12 00:36:18 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversfs_rec.sys

[2012/04/12 00:36:17 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeimagehlp.dll

[2012/04/12 00:36:14 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewintrust.dll

[2012/04/12 00:35:44 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/04/12 00:35:44 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/04/12 00:35:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/04/12 00:35:44 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/04/12 00:35:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/04/12 00:35:44 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/04/12 00:35:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/04/11 01:15:30 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET

[2012/04/09 23:23:10 | 000,000,000 | ---D | C] -- C:_OTL

[2012/04/09 23:19:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT

[2012/04/09 04:17:14 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulDesktopHJT stuff

[2012/04/07 17:19:19 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/04/01 16:35:00 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/03/30 16:48:51 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingdvdcss

[2012/03/30 16:46:21 | 000,000,000 | ---D | C] -- C:UsersLan-Ed-TulAppDataRoamingvlc

[2012/03/28 19:09:33 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2012/03/28 19:08:48 | 000,000,000 | ---D | C] -- C:Program FilesiPod

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program FilesiTunes

[2012/03/28 19:08:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)iTunes

[2012/03/27 05:01:52 | 000,000,000 | ---D | C] -- C:Program Files (x86)MSN Toolbar

[2012/03/27 04:55:51 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/03/27 04:55:48 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/03/15 02:25:19 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeDWrite.dll

[2012/03/15 02:15:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorekmts.dll

[2012/03/15 02:15:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpwsx.dll

[2012/03/15 02:15:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdrmemptylst.exe

[2012/03/15 02:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcore.dll

[2012/03/15 02:08:09 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpcore.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/12 17:43:58 | 000,000,000 | -HS- | M] () -- C:DkHyperbootSync

[2012/04/12 17:35:16 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/12 17:35:16 | 000,009,728 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/12 17:27:07 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/04/12 17:27:06 | 535,437,311 | -HS- | M] () -- C:hiberfil.sys

[2012/04/12 17:26:01 | 000,000,334 | ---- | M] () -- C:WindowstasksHP Photo Creations Communicator.job

[2012/04/12 17:22:03 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/04/12 09:38:38 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat

[2012/04/12 09:38:38 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat

[2012/04/12 06:23:34 | 001,566,764 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00ACat.DB

[2012/04/11 20:19:00 | 000,008,942 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00AVT20120410.034

[2012/04/11 05:05:52 | 000,854,337 | R--- | M] () -- C:WindowsSysNativedriversetchosts

[2012/04/11 05:00:34 | 000,000,616 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/04/10 03:43:44 | 011,796,480 | -HS- | M] () -- C:UsersLan-Ed-Tulntuser.bak

[2012/04/03 19:43:19 | 006,384,787 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2012/04/03 19:38:55 | 000,126,277 | ---- | M] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2012/04/01 16:35:00 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2012/04/01 16:35:00 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/03/28 19:09:34 | 000,001,783 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 04:58:56 | 000,853,622 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120411-050552.backup

[2012/03/27 04:55:53 | 000,001,258 | ---- | M] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/03/27 04:51:31 | 000,002,501 | ---- | M] () -- C:UsersPublicDesktopNorton Internet Security.lnk

[2012/03/23 01:09:06 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:WindowsSysNativedriversSYMEVENT64x86.SYS

[2012/03/23 01:09:06 | 000,007,488 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.CAT

[2012/03/23 01:09:06 | 000,000,854 | ---- | M] () -- C:WindowsSysNativedriversSYMEVENT64x86.INF

[2012/03/19 23:26:35 | 000,000,172 | ---- | M] () -- C:WindowsSysNativedriversNISx641306020.00Aisolate.ini

[2012/03/17 13:05:13 | 000,756,614 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/03/17 13:05:13 | 000,645,144 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/03/17 13:05:13 | 000,114,582 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/03/16 02:21:58 | 000,853,690 | R--- | M] () -- C:WindowsSysNativedriversetchosts.20120327-045856.backup

[2012/03/15 02:19:46 | 000,398,112 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2012/04/12 17:30:34 | 000,000,000 | -HS- | C] () -- C:DkHyperbootSync

[2012/04/01 16:35:07 | 000,000,830 | ---- | C] () -- C:WindowstasksAdobe Flash Player Updater.job

[2012/03/28 19:09:34 | 000,001,783 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2012/03/27 05:02:07 | 000,001,380 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Default Manager.lnk

[2012/03/27 04:55:53 | 000,001,258 | ---- | C] () -- C:UsersLan-Ed-TulDesktopSpybot - Search & Destroy.lnk

[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:WindowsSysWow64nvStreaming.exe

[2011/08/14 05:33:21 | 006,384,787 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalcensus.cache

[2011/08/14 05:27:23 | 000,126,277 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalars.cache

[2011/05/12 17:22:08 | 000,207,062 | ---- | C] () -- C:Windowshpoins46.dat

[2011/03/25 16:19:53 | 000,000,193 | ---- | C] () -- C:WindowsWORDPAD.INI

[2011/03/18 23:53:31 | 000,000,036 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalhousecall.guid.cache

[2011/03/11 02:46:53 | 000,000,193 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.351.64.bc

[2010/09/29 06:37:56 | 000,000,098 | ---- | C] () -- C:UsersLan-Ed-TulAppDataLocalfusioncache.dat

[2010/09/29 06:05:24 | 000,000,258 | RHS- | C] () -- C:ProgramDatantuser.pol

[2010/09/29 05:33:53 | 000,743,126 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

< End of report >

Share this post


Link to post
Share on other sites

Hi,

 

Looks much better.

 

 

Malwarebytes

 

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

----------

 

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image
  • Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

----------

 

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...