:OTL MOD - [2012/01/14 04:51:48 | 000,124,392 | --S- | M] () -- C:\Users\Bruce\AppData\Local\dplayx.dll MOD - [2010/08/03 14:40:18 | 000,885,216 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe SRV - [2011/11/20 14:17:49 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\RadioPI_4e\bar\1.bin\4ebarsvc.exe -- (RadioPI_4eService) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80099 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80099&lng=en IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\URLSearchHook: {54d0da58-64e7-4408-be1f-72659f70fcbe} - No CLSID value found IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\URLSearchHook: {8bc67b0f-a721-45e0-a0b6-db0121b0aade} - No CLSID value found IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53172 FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@RadioPI_4e.com/Plugin: C:\Program Files\RadioPI_4e\bar\1.bin\NP4eStub.dll (MindSpark) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4effxtbr@RadioPI_4e.com: C:\Program Files\RadioPI_4e\bar\1.bin [2011/11/20 14:17:53 | 000,000,000 | ---D | M] O2 - BHO: (Toolbar BHO) - {35fd2bab-ab2b-494f-b5bf-8755ec043784} - C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll (MindSpark) O2 - BHO: (Search Assistant BHO) - {4adc9c1b-9c50-4c2d-a471-5c06d8de7e80} - C:\Program Files\RadioPI_4e\bar\1.bin\4eSrcAs.dll (MindSpark) O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3 - HKLM\..\Toolbar: (RadioPI) - {92926b63-5116-4c6f-a33e-378767b8d15f} - C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll (MindSpark) O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\Toolbar\WebBrowser: (no name) - {54D0DA58-64E7-4408-BE1F-72659F70FCBE} - No CLSID value found. O3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\Toolbar\WebBrowser: (RadioPI) - {92926B63-5116-4C6F-A33E-378767B8D15F} - C:\Program Files\RadioPI_4e\bar\1.bin\4ebar.dll (MindSpark) O3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome) O3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m File not found O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe (Ascentive) O4 - HKLM..\Run: [RadioPI Search Scope Monitor] C:\Program Files\RadioPI_4e\bar\1.bin\4eSrchMn.exe (MindSpark) O4 - HKLM..\Run: [RadioPI_4e Browser Plugin Loader] C:\Program Files\RadioPI_4e\bar\1.bin\4ebrmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe () O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\Run: [{1E9E9511-68EF-2F72-E9BA-CDD6E421389E}] C:\Users\Bruce\AppData\Roaming\Lymeo\ypkaiku.exe () O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\Run: [38A.exe] C:\Users\Bruce\AppData\Roaming\Microsoft\0156\38A.exe () O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\Run: [chknet] C:\Users\Bruce\AppData\Roaming\chknet.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\Run: [dplaysvr] C:\Users\Bruce\AppData\Local\dplaysvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\Run: [nlskb] C:\ProgramData\nlskb.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\Run: [PopularScreensaversWallpaper] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\F3SCRCTR.DLL,LES File not found O4 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET CLR 1.1.4322)" -"file:///C:/Users/Bruce/AppData/Local/Temp/movie.htm" File not found F3 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000 WinNT: Load - (C:\Users\Bruce\AppData\Roaming\B0B0A\lvvm.exe) -C:\Users\Bruce\AppData\Roaming\B0B0A\lvvm.exe () O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.) O20 - HKU\S-1-5-21-2621676113-492794229-1793946688-1000 Winlogon: Shell - (C:\Users\Bruce\AppData\Roaming\6EDB0\00001.exe) -C:\Users\Bruce\AppData\Roaming\6EDB0\00001.exe () O24 - Desktop WallPaper: C:\Users\Bruce\AppData\LocalLow\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp File not found -- C:\ProgramData\~b107jUE5zkj3O4r [2012/01/15 12:04:48 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012/01/15 12:04:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Ogopve [2012/01/15 12:04:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Lymeo [2012/01/15 10:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\LP [2012/01/15 10:33:08 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\B0B0A [2012/01/15 10:32:48 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Ifuqpef [2012/01/15 10:32:48 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Aho [2012/01/15 10:32:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\6EDB0 [2012/01/16 13:04:50 | 000,000,631 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk [2012/01/15 12:04:48 | 000,000,607 | ---- | M] () -- C:\Users\Bruce\Desktop\System Check.lnk [2012/01/15 10:32:17 | 000,124,392 | --S- | C] () -- C:\Users\Bruce\AppData\Local\dplayx.dll [2012/01/15 12:04:48 | 000,000,631 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\smtmp\2\System Check.lnk [4 C:\Users\Bruce\Desktop\*.tmp files -> C:\Users\Bruce\Desktop\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [3 C:\Users\Bruce\Documents\*.tmp files -> C:\Users\Bruce\Documents\*.tmp -> ] @Alternate Data Stream - 64 bytes -> C:\Users\Bruce\Desktop\Tom.MPG:TOC.WMV :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"="1" :Files C:\Program Files\MyWebSearch C:\Users\Bruce\AppData\Roaming\Microsoft\0156 C:\Users\Bruce\AppData\LocalLow\FunWebProducts C:\ProgramData\jgnIDHkbQg.exe C:\ProgramData\b107jUE5zkj3O4.exe C:\Users\Bruce\AppData\Local\Temp\6CC2.tmp xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C ipconfig /flushdns /c :Commands [purity] [resethosts] [CREATERESTOREPOINT] [Reboot]