Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

UPS fake email notification virus


  • This topic is locked This topic is locked

#1
Kenjesse

Kenjesse

    Member

  • Member
  • PipPip
  • 88 posts
UPS Notification email virus/malware

Helping a friend deal with this after the fact…two computers in the house were infected, one XP which they had already reinstalled windows before asking for help and the other running Vista which using Malware Bytes and other programs they were able to get it stable. It is the Vista system I would like some advice with…

As far as I could tell the only problem still remaining on the computer was that the Start Menu Items were missing as was the Accessories Folder. I used "unhide.exe" to correct that issue. I also updated Malwarebytes and ran another quick scan which found 3 instances of "Trojan.Fakealert" and 1 instance of "Mywebsearch" which were removed. As they were having problems with the reinstall of XP on the other computer and needed the Vista one working I went ahead and corrected other issues with updates that needed to be done and removing and reinstalling Java to get rid of multiple older versions. The computer is running good and all seems well but knowing something about viruses I am sure more needs to be done to completely clean it up. To that end OTL log is attached and if someone could look it over and provide advice it will be greatly appreciated. As the computer is running well this is not a critical situation so take your time getting to it if others have more pressing issues. Lastly I have let my friend know about the folks here and what to do should something like this happen again as well as how to avoid it in the first place. Thanks for all you do…

OTL logfile created on: 10/2/2011 10:10:45 AM - Run 4
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Customer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 65.31% Memory free
6.18 Gb Paging File | 5.19 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.94 Gb Total Space | 337.08 Gb Free Space | 74.09% Space Free | Partition Type: NTFS
Drive D: | 10.82 Gb Total Space | 4.48 Gb Free Space | 41.42% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 4.37 Gb Free Space | 99.81% Space Free | Partition Type: UDF

Computer Name: CUSTOMER-PC | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 21:00:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/27 21:00:06 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/30 12:18:31 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/08/30 12:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/30 11:26:55 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/08/16 20:48:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Customer\Desktop\OTL.exe
PRC - [2011/07/27 17:36:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/08 14:18:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 10:11:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1229908720\ee\aolsoftware.exe
PRC - [2007/07/05 23:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2006/11/08 19:28:12 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2006/11/07 18:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 18:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 02:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/02 10:10:06 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/02 10:10:06 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/09/27 20:57:34 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/27 20:57:34 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2007/05/30 06:01:00 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2006/11/07 18:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/09/27 21:00:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/07/27 17:36:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/08 14:18:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/24 12:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 02:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 17:36:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/27 17:36:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/06/25 01:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/08 23:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 00:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080
FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290
FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/01/23 23:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systčmes)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 00:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/01/18 18:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Customer\AppData\Roaming\mozilla\Extensions
[2011/10/02 09:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions
[2010/05/23 08:34:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/29 17:00:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 09:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/02 09:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) --
[2011/09/30 00:07:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/28 00:57:36 | 000,437,632 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - No CLSID value found.
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - No CLSID value found.
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O2 - BHO: (no name) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1229908720\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.co...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.co...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Customer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Customer\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 05:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{52f5d4fa-feed-11de-bb82-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{52f5d4fa-feed-11de-bb82-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{853a76e1-989f-11de-b1f3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{853a76e1-989f-11de-b1f3-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O33 - MountPoints2\{853a76ef-989f-11de-b1f3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{853a76ef-989f-11de-b1f3-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{c6f7bbe7-e078-11dd-9788-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{c6f7bbe7-e078-11dd-9788-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/02 10:10:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Customer\Desktop\OTL.exe
[2011/10/02 09:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/02 09:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/02 09:45:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/02 09:27:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/02 09:02:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 09:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/02 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/01 14:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/10/01 14:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/10/01 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/01 14:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/10/01 13:49:46 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/09/29 15:57:50 | 000,000,000 | ---D | C] -- C:\Users\Customer\Documents\TDSSKiller
[2011/09/29 09:25:56 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Sammsoft
[2011/09/29 00:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/28 01:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/27 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\TeamViewer
[2011/09/27 23:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/27 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/09/27 23:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Start Menu
[2011/09/27 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/27 20:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/27 20:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/09/27 20:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/27 20:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/27 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011/09/26 23:15:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2011/10/02 10:08:38 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 10:08:38 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/02 10:08:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/02 10:08:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/02 10:08:29 | 3212,173,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/02 09:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/02 09:00:34 | 000,000,714 | ---- | M] () -- C:\Users\Customer\Desktop\ERUNT.lnk
[2011/10/01 14:37:11 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/01 14:34:57 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/10/01 14:31:25 | 000,000,812 | ---- | M] () -- C:\Users\Customer\Desktop\SpywareBlaster.lnk
[2011/10/01 13:49:46 | 000,001,057 | ---- | M] () -- C:\Users\Customer\Desktop\Revo Uninstaller.lnk
[2011/09/29 16:14:46 | 003,067,400 | ---- | M] () -- C:\Users\Customer\Documents\Setup_MagicISO.exe
[2011/09/29 15:56:37 | 000,730,072 | ---- | M] () -- C:\Users\Customer\Desktop\st-softonic-sntb.exe
[2011/09/29 15:34:09 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/29 15:34:09 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/28 01:15:55 | 000,062,976 | ---- | M] () -- C:\Users\Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/28 00:57:36 | 000,437,632 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/27 23:36:57 | 000,000,680 | ---- | M] () -- C:\Users\Customer\AppData\Local\d3d9caps.dat
[2011/09/27 23:19:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 23:14:50 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/27 20:57:15 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 19:40:10 | 000,000,416 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,627 | ---- | M] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Repair.lnk
[2011/09/27 19:35:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,128 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/27 00:24:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/10/02 09:00:34 | 000,000,714 | ---- | C] () -- C:\Users\Customer\Desktop\ERUNT.lnk
[2011/10/01 14:34:57 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/10/01 14:31:25 | 000,000,812 | ---- | C] () -- C:\Users\Customer\Desktop\SpywareBlaster.lnk
[2011/10/01 13:49:46 | 000,001,057 | ---- | C] () -- C:\Users\Customer\Desktop\Revo Uninstaller.lnk
[2011/09/29 16:14:35 | 003,067,400 | ---- | C] () -- C:\Users\Customer\Documents\Setup_MagicISO.exe
[2011/09/29 15:56:33 | 000,730,072 | ---- | C] () -- C:\Users\Customer\Desktop\st-softonic-sntb.exe
[2011/09/28 01:03:13 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/27 23:51:07 | 3212,173,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/27 23:36:57 | 000,000,680 | ---- | C] () -- C:\Users\Customer\AppData\Local\d3d9caps.dat
[2011/09/27 23:19:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/27 23:19:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 23:14:50 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/09/27 23:14:50 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/27 20:57:15 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 19:35:25 | 000,000,627 | ---- | C] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Repair.lnk
[2011/09/27 19:35:25 | 000,000,208 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,128 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/27 19:35:01 | 000,000,416 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 00:24:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/04 18:45:28 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/08/04 16:52:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 16:52:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:58:29 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/07/29 07:58:28 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/05/24 12:10:19 | 000,000,692 | ---- | C] () -- C:\Windows\hegames.ini
[2009/01/12 03:07:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/11 21:43:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/21 20:57:37 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/05 17:46:36 | 000,062,976 | ---- | C] () -- C:\Users\Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 21:58:20 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2007/11/28 20:50:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2002/02/28 05:25:33 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2002/02/28 05:25:33 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2002/02/28 05:25:33 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2002/02/28 05:25:33 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll

========== LOP Check ==========

[2009/11/29 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\FOG Downloader
[2010/04/27 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\ICAClient
[2009/10/07 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PACE Anti-Piracy
[2009/02/17 14:57:35 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PlayFirst
[2009/10/09 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PokemonPMDInstaller[1]
[2009/10/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PokemonPMDWidget
[2011/10/01 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\Sammsoft
[2008/12/05 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\SampleView
[2009/01/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\Spare Backup
[2011/09/27 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\TeamViewer
[2009/05/31 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\WildTangent
[2011/10/02 10:07:34 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7C017FB1
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:522EA216
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:38760F1C
@Alternate Data Stream - 1016 bytes -> C:\ProgramData\Microsoft:jzmEVGhiTPfMnmHDi7vg57JbjE
@Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:ENyUlAKjVf6osGdVFJUmKF7ps1

< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

If you have since resolved the original problem you were having, I would appreciate you letting me know. If not please perform the following steps below so I can have a look at the current condition of your machine.

Step 1

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in:

    :OTL
    FF - prefs.js..extensions.enabledItems: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080
    FF - prefs.js..extensions.enabledItems: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290
    FF - prefs.js..extensions.enabledItems: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960
    O2 - BHO: (no name) - {1D74E9DD-8987-448b-B2CB-67FFF2B8A932} - No CLSID value found.
    O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - No CLSID value found.
    O2 - BHO: (no name) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - No CLSID value found.
    O2 - BHO: (no name) - {CAC89FF9-34A9-4431-8CFE-292A47F843BC} - No CLSID value found.
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7C017FB1
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:522EA216
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:38760F1C
    @Alternate Data Stream - 1016 bytes -> C:\ProgramData\Microsoft:jzmEVGhiTPfMnmHDi7vg57JbjE
    @Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:ENyUlAKjVf6osGdVFJUmKF7ps1
    
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
    :Reg
    
    :Commands
    [purity]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 2

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

Step 3

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • aswMBR log and attached zipped mbr.dat file
  • OTL scan log
  • Extras log

  • 0

#3
Kenjesse

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
Thank you Render... will post back with results soon :)
  • 0

#4
Kenjesse

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
Instructions followed... logs and files pasted or attached.
========== OTL ==========
Prefs.js: {E63605FC-D583-4C81-867F-9457BDB3EA1B}:4.1.0.2080 removed from extensions.enabledItems
Prefs.js: {8141440E-08F0-4339-9959-5C31C6A69F23}:4.1.0.5290 removed from extensions.enabledItems
Prefs.js: {E889F097-B0BE-471B-89AD-B86B6F04B506}:4.1.0.1960 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21608B66-026F-4DCB-9244-0DACA328DCED}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC}\ not found.
ADS C:\ProgramData\TEMP:7C017FB1 deleted successfully.
ADS C:\ProgramData\TEMP:522EA216 deleted successfully.
ADS C:\ProgramData\TEMP:38760F1C deleted successfully.
ADS C:\ProgramData\Microsoft:jzmEVGhiTPfMnmHDi7vg57JbjE deleted successfully.
ADS C:\ProgramData\Microsoft:ENyUlAKjVf6osGdVFJUmKF7ps1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Customer\Desktop\cmd.bat deleted successfully.
C:\Users\Customer\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Customer
->Flash cache emptied: 2090 bytes

User: Default
->Flash cache emptied: 41 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.26.4 log created on 10122011_194723


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-12 19:57:25
-----------------------------
19:57:25.848 OS Version: Windows 6.0.6002 Service Pack 2
19:57:25.848 Number of processors: 2 586 0xF0D
19:57:25.864 ComputerName: JOEY UserName:
19:57:47.158 Initialize success
19:57:51.713 AVAST engine defs: 11101201
19:58:09.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
19:58:09.903 Disk 0 Vendor: ST3500630AS 3.AAD Size: 476940MB BusType: 3
19:58:11.931 Disk 0 MBR read successfully
19:58:11.946 Disk 0 MBR scan
19:58:11.962 Disk 0 Windows VISTA default MBR code
19:58:11.993 Disk 0 scanning sectors +976771120
19:58:12.118 Disk 0 scanning C:\Windows\system32\drivers
19:58:41.508 Service scanning
19:59:26.124 Modules scanning
19:59:35.796 Disk 0 trace - called modules:
19:59:35.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
19:59:35.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8508eac8]
19:59:35.843 3 CLASSPNP.SYS[89f9e8b3] -> nt!IofCallDriver -> [0x84575520]
19:59:35.859 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0x84f26030]
19:59:37.637 AVAST engine scan C:\Windows
19:59:41.912 AVAST engine scan C:\Windows\system32
20:02:54.946 AVAST engine scan C:\Windows\system32\drivers
20:03:18.627 AVAST engine scan C:\Users\Customer
20:09:59.874 File: C:\Users\Customer\AppData\Roaming\Microsoft\Protect\ohll.uo **INFECTED** Win32:Agent-ANGY [Trj]
20:11:54.612 AVAST engine scan C:\ProgramData
20:17:16.581 Scan finished successfully
20:17:44.193 Disk 0 MBR has been saved successfully to "C:\Users\Customer\Desktop\MBR.dat"
20:17:44.193 The log file has been saved successfully to "C:\Users\Customer\Desktop\aswMBR.txt"




OTL logfile created on: 10/12/2011 8:20:55 PM - Run 5
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Customer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.39% Memory free
6.21 Gb Paging File | 4.71 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.94 Gb Total Space | 305.14 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 10.82 Gb Total Space | 4.48 Gb Free Space | 41.42% Space Free | Partition Type: NTFS

Computer Name: JOEY | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/04 15:30:17 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/09/27 21:00:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/27 21:00:06 | 004,611,456 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/08/30 12:18:31 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/08/30 12:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/30 11:26:55 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/08/16 20:48:12 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Customer\Desktop\OTL.exe
PRC - [2011/07/27 17:36:33 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/05/08 14:18:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/02 10:11:20 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1229908720\ee\aolsoftware.exe
PRC - [2008/01/19 03:38:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2007/07/05 23:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2006/11/08 19:28:12 | 000,024,848 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2006/11/07 18:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 18:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/10/05 02:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 19:49:31 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/10/12 19:49:31 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/04 15:30:17 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/09/27 20:57:34 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/09/27 20:57:34 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007/05/30 06:01:00 | 000,249,856 | ---- | M] () -- C:\WINDOWS\System32\igfxTMM.dll
MOD - [2006/11/07 18:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Akamai)
SRV - [2011/09/27 21:00:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/30 12:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/07/27 17:36:33 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/08 14:18:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/24 12:43:00 | 003,461,116 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 02:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/07/27 17:36:35 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/27 17:36:35 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/06/25 01:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/16 13:28:02 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/04/08 23:47:12 | 000,401,408 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVer88xHD.sys -- (AVer88xHD)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/05 00:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2001/05/07 06:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=DTP&M=GT5622
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/01/23 23:06:25 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/30 00:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2010/01/18 18:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Customer\AppData\Roaming\mozilla\Extensions
[2011/10/02 09:39:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions
[2010/05/23 08:34:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/29 17:00:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Customer\AppData\Roaming\mozilla\Firefox\Profiles\t48wio91.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/10/02 09:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/02 09:47:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) --
[2011/09/30 00:07:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/28 00:57:36 | 000,437,632 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1229908720\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-84770560-3067396919-1502540133-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinn...cubis/cubis.cab (Cubis Control)
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinn...luxor/luxor.cab (WwLuxor Control)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.co...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games.pogo.co...aploader_v5.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Christine's PC\Pictures\My Pictures\West Hollywood View.jpg
O24 - Desktop BackupWallPaper: C:\Christine's PC\Pictures\My Pictures\West Hollywood View.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{52f5d4fa-feed-11de-bb82-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{52f5d4fa-feed-11de-bb82-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{853a76e1-989f-11de-b1f3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{853a76e1-989f-11de-b1f3-00038a000015}\Shell\AutoRun\command - "" = M:\LaunchU3.exe
O33 - MountPoints2\{853a76ef-989f-11de-b1f3-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{853a76ef-989f-11de-b1f3-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{c6f7bbe7-e078-11dd-9788-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{c6f7bbe7-e078-11dd-9788-00038a000015}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/12 19:52:06 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Customer\Desktop\aswMBR.exe
[2011/10/12 19:47:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/04 15:57:48 | 000,000,000 | ---D | C] -- C:\Users\Customer\riotsGamesLogs
[2011/10/04 15:57:10 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\LolClient
[2011/10/04 15:52:27 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011/10/04 15:52:27 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011/10/04 15:52:27 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011/10/04 15:52:27 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011/10/04 15:52:27 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011/10/04 15:46:38 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/10/04 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/04 15:31:21 | 000,000,000 | ---D | C] -- C:\Users\Customer\Documents\LeagueOfLegends
[2011/10/02 17:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/02 12:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/10/02 12:10:18 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Yahoo!
[2011/10/02 12:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/10/02 10:10:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Customer\Desktop\OTL.exe
[2011/10/02 09:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/10/02 09:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/02 09:47:51 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/02 09:47:51 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/02 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/02 09:47:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/02 09:27:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/02 09:02:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/02 09:00:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/02 09:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/01 14:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2011/10/01 14:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/10/01 14:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/10/01 14:31:23 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/10/01 13:49:46 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/09/29 15:57:50 | 000,000,000 | ---D | C] -- C:\Users\Customer\Documents\TDSSKiller
[2011/09/29 09:25:56 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Sammsoft
[2011/09/29 00:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/09/28 01:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/09/28 00:15:43 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/09/27 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\TeamViewer
[2011/09/27 23:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/09/27 23:15:02 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/27 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/09/27 23:05:40 | 000,000,000 | ---D | C] -- C:\Windows\Start Menu
[2011/09/27 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/27 20:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/27 20:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/09/27 20:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/27 20:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/27 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\Customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Repair
[2011/09/26 23:15:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2011/10/12 20:22:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 20:17:44 | 000,000,512 | ---- | M] () -- C:\Users\Customer\Desktop\MBR.dat
[2011/10/12 19:48:49 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Customer\Desktop\aswMBR.exe
[2011/10/12 19:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/12 19:48:47 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 19:48:47 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/12 19:48:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/12 19:48:40 | 3212,173,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/04 15:52:28 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/10/03 16:14:06 | 000,002,627 | ---- | M] () -- C:\Users\Customer\Desktop\Microsoft Office Word 2007.lnk
[2011/10/02 16:23:07 | 000,061,952 | ---- | M] () -- C:\Users\Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/02 12:10:10 | 000,000,966 | ---- | M] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/02 12:10:10 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/02 09:47:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/10/02 09:47:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/02 09:47:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/02 09:47:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/02 09:00:34 | 000,000,714 | ---- | M] () -- C:\Users\Customer\Desktop\ERUNT.lnk
[2011/10/01 14:37:11 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/01 14:34:57 | 000,001,702 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/10/01 14:31:25 | 000,000,812 | ---- | M] () -- C:\Users\Customer\Desktop\SpywareBlaster.lnk
[2011/10/01 13:49:46 | 000,001,057 | ---- | M] () -- C:\Users\Customer\Desktop\Revo Uninstaller.lnk
[2011/09/29 16:14:46 | 003,067,400 | ---- | M] () -- C:\Users\Customer\Documents\Setup_MagicISO.exe
[2011/09/29 15:56:37 | 000,730,072 | ---- | M] () -- C:\Users\Customer\Desktop\st-softonic-sntb.exe
[2011/09/29 15:34:09 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/29 15:34:09 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/29 00:05:52 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/28 00:57:36 | 000,437,632 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/09/27 23:36:57 | 000,000,680 | ---- | M] () -- C:\Users\Customer\AppData\Local\d3d9caps.dat
[2011/09/27 23:19:10 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 23:14:50 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/27 20:57:15 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 19:40:10 | 000,000,416 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,627 | ---- | M] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Repair.lnk
[2011/09/27 19:35:25 | 000,000,208 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,128 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/27 00:24:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/10/12 20:17:44 | 000,000,512 | ---- | C] () -- C:\Users\Customer\Desktop\MBR.dat
[2011/10/04 15:52:28 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/10/02 12:10:10 | 000,000,966 | ---- | C] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/10/02 12:10:10 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/10/02 09:00:34 | 000,000,714 | ---- | C] () -- C:\Users\Customer\Desktop\ERUNT.lnk
[2011/10/01 14:34:57 | 000,001,702 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/10/01 14:31:25 | 000,000,812 | ---- | C] () -- C:\Users\Customer\Desktop\SpywareBlaster.lnk
[2011/10/01 13:49:46 | 000,001,057 | ---- | C] () -- C:\Users\Customer\Desktop\Revo Uninstaller.lnk
[2011/09/29 16:14:35 | 003,067,400 | ---- | C] () -- C:\Users\Customer\Documents\Setup_MagicISO.exe
[2011/09/29 15:56:33 | 000,730,072 | ---- | C] () -- C:\Users\Customer\Desktop\st-softonic-sntb.exe
[2011/09/28 01:03:13 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/27 23:51:07 | 3212,173,312 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/27 23:36:57 | 000,000,680 | ---- | C] () -- C:\Users\Customer\AppData\Local\d3d9caps.dat
[2011/09/27 23:19:10 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/27 23:19:10 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/27 23:14:50 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011/09/27 23:14:50 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2011/09/27 20:57:15 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/27 19:35:25 | 000,000,627 | ---- | C] () -- C:\Users\Customer\Application Data\Microsoft\Internet Explorer\Quick Launch\Data Repair.lnk
[2011/09/27 19:35:25 | 000,000,208 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/09/27 19:35:25 | 000,000,128 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/09/27 19:35:01 | 000,000,416 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/09/27 00:24:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/04 18:45:28 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/08/04 16:52:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/04 16:52:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/29 07:58:29 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/07/29 07:58:28 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2009/05/24 12:10:19 | 000,000,692 | ---- | C] () -- C:\Windows\hegames.ini
[2009/01/12 03:07:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/11 21:43:24 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/21 20:57:37 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/12/05 17:46:36 | 000,061,952 | ---- | C] () -- C:\Users\Customer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 21:58:20 | 000,054,608 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2007/11/28 20:50:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/22 18:16:18 | 000,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 14:50:06 | 000,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:25:21 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2002/02/28 05:25:33 | 000,547,840 | ---- | C] () -- C:\Windows\zHotkey.exe
[2002/02/28 05:25:33 | 000,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2002/02/28 05:25:33 | 000,036,864 | ---- | C] () -- C:\Windows\ShowWnd.exe
[2002/02/28 05:25:33 | 000,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll

========== LOP Check ==========

[2009/11/29 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\FOG Downloader
[2010/04/27 19:20:15 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\ICAClient
[2011/10/04 15:57:10 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\LolClient
[2009/10/07 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PACE Anti-Piracy
[2009/02/17 14:57:35 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PlayFirst
[2009/10/09 16:37:29 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PokemonPMDInstaller[1]
[2009/10/09 16:37:52 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\PokemonPMDWidget
[2011/10/01 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\Sammsoft
[2008/12/05 17:25:32 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\SampleView
[2009/01/11 21:43:37 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\Spare Backup
[2011/09/27 23:34:37 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\TeamViewer
[2009/05/31 21:12:45 | 000,000,000 | ---D | M] -- C:\Users\Customer\AppData\Roaming\WildTangent
[2011/10/12 19:47:38 | 000,032,614 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/12/22 01:19:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/12/22 01:19:56 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/12/22 01:19:55 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/12/22 01:23:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/12/22 01:23:43 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/12/22 01:19:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -rb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -hb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -sb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.1\aol.exe [2008/11/06 07:42:54 | 000,050,472 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ReinstallCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -rb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\HideIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -hb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\InstallInfo\\ShowIconsCommand: C:\PROGRA~1\AOL9~1.1\accdef.exe -sb [2008/11/06 07:42:54 | 000,016,680 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\aol.exe\shell\open\command\\: C:\PROGRA~1\AOL9~1.1\aol.exe [2008/11/06 07:42:54 | 000,050,472 | ---- | M] (AOL, LLC.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/09/30 00:07:28 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/09/30 00:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/19 03:33:12 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation)

< End of report >


OTL Extras logfile created on: 10/12/2011 8:20:55 PM - Run 5
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Customer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 56.39% Memory free
6.21 Gb Paging File | 4.71 Gb Available in Paging File | 75.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.94 Gb Total Space | 305.14 Gb Free Space | 67.07% Space Free | Partition Type: NTFS
Drive D: | 10.82 Gb Total Space | 4.48 Gb Free Space | 41.42% Space Free | Partition Type: NTFS

Computer Name: JOEY | User Name: Customer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\system\rundll32.exe" = C:\WINDOWS\system\rundll32.exe:*:Enabled:rundll32
"C:\Users\Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O1EH4CD\installer_70100[1].exe" = C:\Users\Customer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O1EH4CD\installer_70100[1].exe:*:Enabled:installer


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D1A341-4FF7-4028-852F-2003903F3F38}" = lport=138 | protocol=17 | dir=in | app=system |
"{0516F6CF-C0BC-449C-A871-DCE77E636C7F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1D43AB11-4862-4157-A4FC-9A7A5274BCF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33B79369-A7EE-4A5A-B342-8458DAE72EB8}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B6DF945-BF5C-4D7F-B080-B2D76011FB32}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5F913E01-6905-4B37-9D30-BD61257B2899}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7111BBA4-49ED-48AE-B4D5-339584B64676}" = rport=445 | protocol=6 | dir=out | app=system |
"{8230EC21-7F5B-47C1-98E6-4C3924740AE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{82C636C1-F043-4914-B1B2-1E16FE06F2AC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{843E6BCA-AEC6-41A6-B7AA-F31111DDBBFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86047A19-EDB5-4BDE-876A-F0EF9F4BF3B2}" = lport=139 | protocol=6 | dir=in | app=system |
"{9526E3C3-55E4-4FCE-8830-DAC5DE71A112}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9835F4D0-6746-45D5-ACF0-EC36BCC20A91}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B18E638F-5370-4784-9F5D-310EBED2B53D}" = lport=445 | protocol=6 | dir=in | app=system |
"{BB8D3334-EE8A-4A5B-8CB9-BDC87A86AD79}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5402D2E-AD0C-4413-9D36-BEF24BD77EFE}" = lport=137 | protocol=17 | dir=in | app=system |
"{FA54E6F0-703C-48E2-A75E-F762C4A3B637}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FBCE3CC8-23DA-4D94-8E15-8E4AD301F7E4}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0184F07D-F947-4A93-9A86-95D346E73AC8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{1A2A4EA4-4215-4F72-BECA-03D902791145}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{1A301CD4-2B49-47F4-856A-7C82728F5E15}" = protocol=58 | dir=in | [email protected],-28545 |
"{3B7308C4-4AEC-40DD-903F-F1896315B4DC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{41E93F3B-ED87-4E91-AB18-C18CE2AD56A1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4794C3B8-66D9-4F3B-8D9D-35F0DE8311CC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{508EB43D-8A0D-4C74-8403-C585908CE331}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54234591-7A89-460B-A477-D05D952335B3}" = protocol=1 | dir=out | [email protected],-28544 |
"{59542853-B547-491C-AB6C-3ED4D976DF40}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{618D417E-0F37-48B7-80CA-FDA430A9AF0E}" = protocol=58 | dir=out | [email protected],-28546 |
"{71C76876-AC49-474A-B164-CA640705CEC8}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7C61E42F-ACCC-4A63-A882-00F3A1656AA0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8CAC73E8-3109-49AE-98CF-3116A25E5BE5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8DC197D7-85F8-493F-BAD1-C62B332942FD}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{92CEDD00-F84A-48A1-9F68-A428250CFB4A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{99658954-3B2F-4E09-B8F1-5300E5816206}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{9E259FA7-3236-4D2C-89CF-B0A832540989}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A101D559-4048-44B4-96B9-DE2645B2AA61}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A69CAD77-B023-4A50-9C06-01189641DFD6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{AB52AC76-9A14-4D7E-B876-0A320B4A41C8}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{B6594EF4-2931-44A0-ACB6-FA359320EDAC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1229908720\ee\aolsoftware.exe |
"{BA86B1BC-E070-4608-87C8-4E2B821BF48F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{BF4A719C-10B2-4C5C-B895-F24B27D01EC4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{CAD79C51-CF01-4E29-8F33-7645A5E78D47}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{CCA89F5D-2B16-4994-A0AD-4842A5AD0DA9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CD8BF68D-66D8-4880-83C3-66793572C1F3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D472991E-0B40-4830-BF12-70ABBCC56C7C}" = protocol=1 | dir=in | [email protected],-28543 |
"{DBA365B5-C330-48A3-A93D-6B8D774964C6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E28B6B27-CFA2-4748-B873-0B90C9B786C4}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{EB74270D-6C2B-4299-A874-7E393B6B540D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F426B6B9-C1F9-4D95-83A8-F41FB7BE7B5B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1229908720\ee\aolsoftware.exe |
"{F6DEDE40-0D24-4CC1-8B8C-27F4C2AA3404}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{FC02A5CE-419D-4CAA-8AF2-4AC3EFA6DAD7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"TCP Query User{73AE7DC4-865B-4542-A386-DD9D26408167}C:\ntreev usa\grand chase\main.exe" = protocol=6 | dir=in | app=c:\ntreev usa\grand chase\main.exe |
"UDP Query User{DEBCACDF-2BA9-4596-8083-D852EE91A62C}C:\ntreev usa\grand chase\main.exe" = protocol=17 | dir=in | app=c:\ntreev usa\grand chase\main.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AF3FEAE-B651-4421-97EF-4808A588B4E5}" = LastChaos
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C08817B-D670-4779-91B5-689B7787BD03}" = Big Green Help
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A20E6E28-C9B4-40F2-88C4-0168917AAA96}" = Nanovor
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A68E2DF5-AC4E-40AD-875A-2D278EF0CA96}" = Fiesta
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1BA4778-61DB-4405-AD57-03C939080E19}" = Chaotic
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Action Replay DSi Code Manager_is1" = Action Replay DSi Code Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Akamai" = Akamai NetSession Interface
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVerMedia M791 PCIe Combo NTSC/ATSC" = AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bakugan Attributes Screensaver" = Bakugan Attributes Screensaver
"Burger Shop" = Burger Shop (remove only)
"CameraUserGuide-PSSD1300IS_IXUS105" = Canon PowerShot SD1300 IS_IXUS 105 Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"Citrix Program Neighborhood" = Citrix Program Neighborhood
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Disney Toontown Online" = Disney Toontown Online
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Grand Chase" = Grand Chase
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"iCarly - iDream in Toons" = iCarly - iDream in Toons
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"Monopoly - SpongeBob SquarePants Edition" = Monopoly - SpongeBob SquarePants Edition
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MWSnap 3" = MWSnap 3
"MyCamera" = Canon Utilities MyCamera
"Nicktoons HoverZone" = Nicktoons HoverZone
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"Playsushi" = Playsushi
"PrintKey2000" = PrintKey2000
"Recuva" = Recuva (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.93
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpongeBob SquarePants Diner Dash 2" = SpongeBob SquarePants Diner Dash 2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"TeamViewer 6" = TeamViewer 6
"The Game of Life - SpongeBob SquarePants Edition" = The Game of Life - SpongeBob SquarePants Edition
"U.B. Funkeys" = U.B. Funkeys
"Unity" = Unity
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent gateway Master Uninstall" = Gateway Games
"WildTangent wildgames Master Uninstall" = WildGames
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-84770560-3067396919-1502540133-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"World of Warcraft Trial" = World of Warcraft Trial

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2011 7:50:46 PM | Computer Name = Customer-PC | Source = Application Error | ID = 1000
Description = Faulting application YAHOOM~1.EXE, version 11.0.0.2014, time stamp
0x4e521030, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc,
exception code 0xc0000005, fault offset 0x000ae0d9, process id 0x10b4, application
start time 0x01cc7da4c00584f0.

Error - 10/1/2011 1:50:54 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2011 1:52:38 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2011 1:54:59 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2011 1:55:56 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2011 1:57:10 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/1/2011 2:22:20 PM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/2/2011 9:38:57 AM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/2/2011 9:43:31 AM | Computer Name = Customer-PC | Source = VSS | ID = 8194
Description =

Error - 10/2/2011 12:31:40 PM | Computer Name = Customer-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 8c8 Start Time: 01cc811d608ee312 Termination Time: 0

[ Media Center Events ]
Error - 8/16/2009 11:33:59 PM | Computer Name = Customer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/8/2009 3:30:02 PM | Computer Name = Customer-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/4/2011 4:08:56 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7031
Description =

Error - 10/5/2011 4:35:19 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/6/2011 8:08:15 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/8/2011 8:37:24 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/9/2011 6:36:11 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/9/2011 9:03:16 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/9/2011 9:41:17 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/10/2011 3:01:20 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/12/2011 7:41:35 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =

Error - 10/12/2011 7:48:58 PM | Computer Name = Joey | Source = Service Control Manager | ID = 7023
Description =


< End of report >

Attached Files


  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Posted Image Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Click on Check for Updates button.
  • Click on OK.
  • Select the Scanner tab.
  • Select Perform quick scan, then click on Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#6
Kenjesse

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
Found and removed 3 adware items...log follows:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7933

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

10/12/2011 9:47:51 PM
mbam-log-2011-10-12 (21-47-51).txt

Scan type: Quick scan
Objects scanned: 159682
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#7
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#8
Kenjesse

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
Kaspersky VRT run (just saying...not the easiest program to install and run, virus scan took 10+ hours)

Files are attached and again thanks for the help and sorry to be so long getting back to you. Correction...the Kaspersky Scan test file is 214MB and is to big to attach, tried zipping and it is still to big to attach. I can open it with Word Pad and will try to copy and paste if you like?Attached File  avptool_sysinfo.zip   164.98KB   25 downloads
  • 0

#9
Kenjesse

Kenjesse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 88 posts
Render, just a few comments. If you haven't noticed yet this is a teenagers computer we are working on and references to "Teamviewer" are OK as this is the program I am using to remotely connect with the computer, again thanks for the help.
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. What problems are still apparent?
  • 0

#11
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP