Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Really bad malware/virus need some help [Solved]


  • Please log in to reply

#1
joczr21

joczr21

    Member

  • Member
  • PipPip
  • 13 posts
I hope I am posting the correct logfile....if not please let me know what to do. Thank you for any help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:29 PM, on 4/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support....veX/MSDcode.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - http://mobileapps.bl...re/AxLoader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://linksyssuppo...rt/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - https://mygp.gp.com/...SetupClient.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\Windows\system32\\AstSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7475 bytes
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get a decent look at it, could you update me on the exact problems you are experiencing

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Something got downloaded. Tons of windows popups and a green dot next to the yahoo address in the address bar. Also an icon in the address bar next to any other webpage I go to with an S and O in it. I tried restore but I dont think it fixed it. I will post the results of the previous email. Thanks so much.
  • 0

#4
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL logfile created on: 4/19/2012 10:39:31 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 66.23% Memory free
5.92 Gb Paging File | 4.60 Gb Available in Paging File | 77.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 232.67 Gb Free Space | 82.10% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
PRC - [2012/04/18 20:03:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/03/07 16:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/16 23:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009/07/16 23:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
PRC - [2009/07/13 20:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/06/29 02:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/29 02:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/29 02:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/06/29 02:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/19 20:41:11 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/19 20:41:11 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/18 16:11:18 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/18 16:11:18 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/01/01 21:36:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/01 21:35:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/23 20:19:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/23 20:19:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/16 23:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 20:03:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/26 23:48:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNOB~1.COL\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/16 23:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/07/15 13:47:20 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/22 04:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/07 04:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/03/25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/28 18:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2002/07/10 21:13:00 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuvt.sys -- (DCamUSBUVT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{D479C55D-D202-4CDF-B0B1-D76559A3F7DC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FE02C4FF-81A1-458D-ACF3-6848DD411A53}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes,DefaultScope = {F732A857-EDC8-4501-83B1-56B459A656BC}
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\SearchScopes\{F732A857-EDC8-4501-83B1-56B459A656BC}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions
[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/18 18:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/17 00:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/06 19:16:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8BCDD7-B3AC-484F-9024-2082FA996F16}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E15F0F-D1D2-4C83-9FE8-CFB89630CBA9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F941F7-E99B-4D0C-9A9D-949A4459184B}: DhcpNameServer = 69.78.96.14 66.174.92.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/19 22:37:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/19 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder (2)
[2012/04/18 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/18 17:36:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 16:14:49 | 004,467,856 | ---- | C] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/18 16:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/18 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/18 16:03:17 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\Virus
[2012/04/17 21:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/04/17 21:56:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/04/17 21:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/04/17 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\Alibaba
[2012/04/17 16:35:00 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder
[2012/04/06 21:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COCO
[2012/04/06 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\USEPA
[2012/04/06 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COSMOthermCO-LITE-C30-1201
[2012/04/06 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\COSMOlogic
[2012/04/06 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemSep 6.90 LITE
[2012/04/06 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\ChemSepL6v90
[2012/04/06 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPE-OPEN
[2012/04/06 21:55:57 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2012/04/06 21:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\COCO
[2012/04/04 20:18:16 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Yahoo!
[2012/04/04 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/03/30 20:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/19 22:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/19 22:12:34 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/19 22:12:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/19 20:48:02 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 20:48:02 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/19 20:45:49 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/19 20:45:49 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/19 20:40:57 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/19 20:40:42 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/18 20:09:10 | 000,000,245 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:14:57 | 004,467,856 | ---- | M] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:04 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 23:40:40 | 902,839,899 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison Live Raw and uncut.avi
[2012/04/17 23:39:39 | 139,483,140 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison_-_Unskinny_Bop_(Live)_(2nafish).mpg
[2012/04/17 16:35:02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4S
[2012/04/17 16:34:58 | 000,000,256 | -H-- | M] () -- C:\ProgramData\0qbJL73drjyc4S
[2012/04/17 16:31:32 | 000,000,206 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,322 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 23:04:39 | 000,327,680 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:46 | 000,560,386 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/15 23:30:57 | 000,000,230 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/08 21:29:52 | 005,080,344 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | M] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 17:31:48 | 000,001,135 | ---- | M] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 20:13:58 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/18 20:03:25 | 000,000,245 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:11:04 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 16:35:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4S
[2012/04/17 16:34:57 | 000,000,256 | -H-- | C] () -- C:\ProgramData\0qbJL73drjyc4S
[2012/04/17 16:31:32 | 000,000,206 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,322 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 22:31:51 | 000,327,680 | -H-- | C] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:39 | 000,560,386 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/08 21:29:51 | 005,080,344 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | C] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 20:52:40 | 000,000,230 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/04 17:31:48 | 000,001,135 | ---- | C] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/03/30 20:13:58 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 18:16:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/03 23:14:42 | 000,221,719 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\census.cache
[2011/12/03 23:14:37 | 000,093,272 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\ars.cache
[2011/12/03 23:07:59 | 000,000,036 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\housecall.guid.cache
[2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg
[2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr
[2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg
[2011/09/24 22:51:35 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 05:32:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/04 05:32:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/16 21:30:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\8532util.dll
[2011/05/16 21:30:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ICMSetup532.dll
[2011/01/15 22:31:33 | 000,006,144 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 19:06:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/06 19:06:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/06 19:06:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/06 19:06:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/06 19:06:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/21 23:03:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 20:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/12/05 21:51:51 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\AVG
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Azureus
[2011/10/05 23:31:49 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Babylon
[2011/01/25 23:40:59 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\BitLord
[2012/04/06 21:55:57 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2011/07/09 23:05:46 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\CoCreate
[2010/08/20 22:21:34 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/07 21:45:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\DiskAid
[2011/04/13 20:01:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\EconEx
[2011/01/24 23:00:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\FinalTorrent
[2012/04/18 18:30:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\IObit
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Juniper Networks
[2012/04/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\LibreOffice
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Media Get LLC
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\OpenOffice.org
[2011/10/27 21:39:16 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Pine Grove Software
[2011/01/25 00:18:05 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Python-Eggs
[2011/01/01 22:38:58 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Registry Mechanic
[2011/12/06 20:04:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Smart PC Solutions
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Stock NeuroMaster
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\StockFusion Studio
[2011/10/20 22:11:29 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\WeatherBug
[2011/01/30 22:40:09 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Windows Live Writer
[2011/07/26 21:51:03 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2002/06/05 11:00:28 | 000,065,536 | ---- | M] () -- C:\Amcap532.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: JOHNOBCOLE-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 RECOVERY NTFS Partition 14 GB Healthy System
Volume 2 C OS NTFS Partition 283 GB Healthy Boot

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB64478$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DF934660
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D4A168E0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >


OTL Extras logfile created on: 4/19/2012 10:39:31 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 66.23% Memory free
5.92 Gb Paging File | 4.60 Gb Available in Paging File | 77.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 232.67 Gb Free Space | 82.10% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}" = ICM532
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{731B0E4D-F4C7-450C-95B0-E1A3176B1C75}" = Dell Backup and Recovery Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{CFF8DABC-7022-4CC4-A4B8-73F3DD30EC9A}" = Multiple Back-Propagation 2.1.4
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"ChemSepL6v90" = ChemSep 6.90
"COCO" = COCO
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COSMOthermCO-LITE-C30-1201" = COSMOthermCO-LITE-C30-1201
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"InvAn4" = InvAn4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Tiberius" = Tiberius
"TVWiz" = Intel® TV Wizard
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3452009456-1726143999-3032453699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Juniper_Setup_Client" = Juniper Networks Setup Client
"MediaGet" = MediaGet

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2012 1:45:42 AM | Computer Name = JohnOBCole-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6536

Error - 4/14/2012 10:18:17 PM | Computer Name = JohnOBCole-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f7c Start
Time: 01cd1aa6b2c1911f Termination Time: 47 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 3f8e9956-86a1-11e1-b16a-0026b998dc41

Error - 4/15/2012 8:33:56 PM | Computer Name = JohnOBCole-PC | Source = Application Hang | ID = 1002
Description = The program SndVol.exe version 6.1.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 640 Start
Time: 01cd1b687a89602d Termination Time: 0 Application Path: C:\Windows\system32\SndVol.exe

Report
Id: d462d20b-875b-11e1-b16a-0026b998dc41

Error - 4/15/2012 9:21:42 PM | Computer Name = JohnOBCole-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7601.17514 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1568 Start
Time: 01cd1b64fab78872 Termination Time: 20 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 816f696c-8762-11e1-b16a-0026b998dc41

Error - 4/17/2012 1:30:24 AM | Computer Name = JohnOBCole-PC | Source = Application Hang | ID = 1002
Description = The program download[1].exe version 2.8.0.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17f0 Start
Time: 01cd1c5a9c48426c Termination Time: 20 Application Path: C:\Users\John O. B.
Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M1ZEQKPL\download[1].exe

Report
Id:

Error - 4/17/2012 1:50:35 AM | Computer Name = JohnOBCole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00032239 Faulting
process id: 0x244 Faulting application start time: 0x01cd1c088294fadd Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 3fe29bf4-8851-11e1-b0ac-0026b998dc41

Error - 4/17/2012 1:50:38 AM | Computer Name = JohnOBCole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x00032239 Faulting
process id: 0x244 Faulting application start time: 0x01cd1c088294fadd Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 41d41b8d-8851-11e1-b0ac-0026b998dc41

Error - 4/17/2012 5:27:44 PM | Computer Name = JohnOBCole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: InstallFlashPlayer.exe, version: 11.0.1.152,
time stamp: 0x4e7d1453 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x000001ff Faulting process id:
0xce8 Faulting application start time: 0x01cd1ce0e6034a65 Faulting application path:
C:\Users\JOHNOB~1.COL\AppData\Local\Temp\InstallFlashPlayer.exe Faulting module
path: unknown Report Id: 2b0f787f-88d4-11e1-b0ac-0026b998dc41

Error - 4/18/2012 4:45:39 PM | Computer Name = JohnOBCole-PC | Source = System Restore | ID = 8204
Description =

Error - 4/18/2012 5:43:32 PM | Computer Name = JohnOBCole-PC | Source = Application Error | ID = 1000
Description = Faulting application name: bcmwltry.exe, version: 5.30.21.0, time
stamp: 0x4a53eb2a Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x03915a1c Faulting process id: 0x5b0 Faulting application
start time: 0x01cd1dac47d258e8 Faulting application path: C:\Program Files\Dell\Dell
Wireless WLAN Card\bcmwltry.exe Faulting module path: unknown Report Id: 8a99b73f-899f-11e1-b0ef-904ce53ad2e0

[ Broadcom Wireless LAN Events ]
Error - 3/30/2012 7:40:29 PM | Computer Name = JohnOBCole-PC | Source = WLAN-Tray | ID = 0
Description = 18:40:26, Fri, Mar 30, 12 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 6/7/2011 10:03:27 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 9:03:27 PM - Error connecting to the internet. 9:03:27 PM - Unable
to contact server..

Error - 9/29/2011 9:06:18 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 8:06:17 PM - Error connecting to the internet. 8:06:17 PM - Unable
to contact server..

Error - 9/29/2011 10:06:23 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 9:06:23 PM - Error connecting to the internet. 9:06:23 PM - Unable
to contact server..

Error - 9/29/2011 11:06:28 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 10:06:28 PM - Error connecting to the internet. 10:06:28 PM - Unable
to contact server..

Error - 9/30/2011 9:17:25 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 8:17:24 PM - Error connecting to the internet. 8:17:24 PM - Unable
to contact server..

Error - 1/10/2012 10:15:07 PM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 8:15:06 PM - Error connecting to the internet. 8:15:06 PM - Unable
to contact server..

Error - 2/14/2012 5:39:34 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 3:39:33 AM - Error connecting to the internet. 3:39:33 AM - Unable
to contact server..

Error - 2/14/2012 6:42:39 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 4:42:39 AM - Error connecting to the internet. 4:42:39 AM - Unable
to contact server..

Error - 2/14/2012 7:45:44 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 5:45:44 AM - Error connecting to the internet. 5:45:44 AM - Unable
to contact server..

Error - 2/14/2012 8:45:49 AM | Computer Name = JohnOBCole-PC | Source = MCUpdate | ID = 0
Description = 6:45:49 AM - Error connecting to the internet. 6:45:49 AM - Unable
to contact server..

[ System Events ]
Error - 4/18/2012 4:46:18 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 4/18/2012 4:47:34 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/18/2012 4:51:47 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 4/18/2012 4:55:20 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 4/18/2012 4:55:23 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 4/18/2012 5:09:59 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 4/18/2012 5:24:15 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/18/2012 5:32:21 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 4/18/2012 5:36:16 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.

Error - 4/18/2012 5:36:16 PM | Computer Name = JohnOBCole-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume OS.


< End of report >


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-19 22:46:48
-----------------------------
22:46:48.035 OS Version: Windows 6.1.7601 Service Pack 1
22:46:48.035 Number of processors: 2 586 0x170A
22:46:48.035 ComputerName: JOHNOBCOLE-PC UserName:
22:46:49.673 Initialize success
22:57:30.155 AVAST engine defs: 12041901
22:58:09.782 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:58:09.798 Disk 0 Vendor: ST932042 0004 Size: 305245MB BusType: 3
22:58:09.813 Disk 0 MBR read successfully
22:58:09.813 Disk 0 MBR scan
22:58:09.813 Disk 0 Windows VISTA default MBR code
22:58:09.813 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:58:09.844 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
22:58:09.844 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
22:58:09.860 Disk 0 scanning sectors +625140400
22:58:09.954 Disk 0 scanning C:\Windows\system32\drivers
22:58:20.001 Service scanning
22:58:38.114 Modules scanning
22:58:46.714 Disk 0 trace - called modules:
22:58:47.275 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
22:58:47.275 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e92ac8]
22:58:47.291 3 CLASSPNP.SYS[8bbac59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86431028]
22:58:50.411 AVAST engine scan C:\Windows
22:58:53.172 AVAST engine scan C:\Windows\system32
23:01:22.809 AVAST engine scan C:\Windows\system32\drivers
23:01:35.850 AVAST engine scan C:\Users\John O. B. Cole
23:03:11.743 Disk 0 MBR has been saved successfully to "C:\Users\John O. B. Cole\Desktop\MBR.dat"
23:03:11.758 The log file has been saved successfully to "C:\Users\John O. B. Cole\Desktop\aswMBR.txt"
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know the problems on completion

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O3 - HKU\S-1-5-21-3452009456-1726143999-3032453699-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    [2012/04/17 16:35:00 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
    [2012/04/17 16:35:02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4Sr
    [2012/04/17 16:35:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4S
    [2012/04/17 16:34:58 | 000,000,256 | -H-- | M] () -- C:\ProgramData\0qbJL73drjyc4S
    [2012/04/17 23:40:40 | 902,839,899 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison Live Raw and uncut.avi
    [2012/04/17 23:39:39 | 139,483,140 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison_-_Unskinny_Bop_(Live)_(2nafish).mpg
    [2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg
    [2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr
    [2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It said I had a nasty rootkit and really took awhile to clean it up. Computer is fine I guess. I just never know if anything is hiding in the background stealing my stuff ya know. The logfiles are posted below please let me know if I left any out. Thanks.


OTL logfile created on: 4/20/2012 8:50:29 PM - Run 2
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 66.64% Memory free
5.92 Gb Paging File | 4.77 Gb Available in Paging File | 80.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 233.03 Gb Free Space | 82.22% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
PRC - [2012/04/18 20:03:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/02/27 00:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/16 23:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009/07/16 23:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
PRC - [2009/06/29 02:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/29 02:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/29 02:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/06/29 02:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 21:36:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/01 21:35:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/23 20:19:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/23 20:19:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/16 23:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 20:03:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/26 23:48:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNOB~1.COL\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/16 23:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/07/15 13:47:20 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/22 04:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/07 04:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/03/25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/28 18:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2002/07/10 21:13:00 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuvt.sys -- (DCamUSBUVT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{D479C55D-D202-4CDF-B0B1-D76559A3F7DC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FE02C4FF-81A1-458D-ACF3-6848DD411A53}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {F732A857-EDC8-4501-83B1-56B459A656BC}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F732A857-EDC8-4501-83B1-56B459A656BC}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\John O. B. Cole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)


[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions
[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/18 18:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/17 00:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/20 20:04:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKCU..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8BCDD7-B3AC-484F-9024-2082FA996F16}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E15F0F-D1D2-4C83-9FE8-CFB89630CBA9}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F941F7-E99B-4D0C-9A9D-949A4459184B}: DhcpNameServer = 69.78.96.14 66.174.92.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/20 20:08:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\temp
[2012/04/20 18:29:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/19 22:46:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John O. B. Cole\Desktop\aswMBR.exe
[2012/04/19 22:37:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/19 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder (2)
[2012/04/18 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/18 17:36:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 16:14:49 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/18 16:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/18 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/18 16:03:17 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\Virus
[2012/04/17 21:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/04/17 21:56:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/04/17 21:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/04/17 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\Alibaba
[2012/04/17 16:35:00 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder
[2012/04/06 21:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COCO
[2012/04/06 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\USEPA
[2012/04/06 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COSMOthermCO-LITE-C30-1201
[2012/04/06 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\COSMOlogic
[2012/04/06 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemSep 6.90 LITE
[2012/04/06 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\ChemSepL6v90
[2012/04/06 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPE-OPEN
[2012/04/06 21:55:57 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2012/04/06 21:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\COCO
[2012/04/04 20:18:16 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Yahoo!
[2012/04/04 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/03/30 20:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/04/20 20:52:16 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 20:52:16 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 20:49:20 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/20 20:49:20 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 20:45:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/20 20:44:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/20 20:44:26 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/20 20:28:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/20 20:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 20:04:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/20 00:32:20 | 000,000,204 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/20 00:03:12 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/19 23:03:11 | 000,000,512 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\MBR.dat
[2012/04/19 22:46:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John O. B. Cole\Desktop\aswMBR.exe
[2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/18 20:09:10 | 000,000,245 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:14:57 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:04 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 23:40:40 | 902,839,899 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison Live Raw and uncut.avi
[2012/04/17 23:39:39 | 139,483,140 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison_-_Unskinny_Bop_(Live)_(2nafish).mpg
[2012/04/17 16:35:02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4S
[2012/04/17 16:31:32 | 000,000,206 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,322 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 23:04:39 | 000,327,680 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:46 | 000,560,386 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/15 23:30:57 | 000,000,230 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/08 21:29:52 | 005,080,344 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | M] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 17:31:48 | 000,001,135 | ---- | M] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 20:13:58 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/20 00:32:20 | 000,000,204 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/20 00:03:12 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/19 23:03:11 | 000,000,512 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\MBR.dat
[2012/04/18 20:03:25 | 000,000,245 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:11:04 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 16:35:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4S
[2012/04/17 16:31:32 | 000,000,206 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,322 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 22:31:51 | 000,327,680 | -H-- | C] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:39 | 000,560,386 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/08 21:29:51 | 005,080,344 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | C] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 20:52:40 | 000,000,230 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/04 17:31:48 | 000,001,135 | ---- | C] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/03/30 20:13:58 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 18:16:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/03 23:14:42 | 000,221,719 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\census.cache
[2011/12/03 23:14:37 | 000,093,272 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\ars.cache
[2011/12/03 23:07:59 | 000,000,036 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\housecall.guid.cache
[2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg
[2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr
[2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg
[2011/09/24 22:51:35 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 05:32:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/04 05:32:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/16 21:30:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\8532util.dll
[2011/05/16 21:30:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ICMSetup532.dll
[2011/01/15 22:31:33 | 000,006,144 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 19:06:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/06 19:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/06 19:06:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/06 19:06:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/06 19:06:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/21 23:03:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 20:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/12/05 21:51:51 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\AVG
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Azureus
[2011/10/05 23:31:49 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Babylon
[2011/01/25 23:40:59 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\BitLord
[2012/04/06 21:55:57 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2011/07/09 23:05:46 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\CoCreate
[2010/08/20 22:21:34 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/07 21:45:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\DiskAid
[2011/04/13 20:01:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\EconEx
[2011/01/24 23:00:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\FinalTorrent
[2012/04/18 18:30:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\IObit
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Juniper Networks
[2012/04/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\LibreOffice
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Media Get LLC
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\OpenOffice.org
[2011/10/27 21:39:16 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Pine Grove Software
[2011/01/25 00:18:05 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Python-Eggs
[2011/01/01 22:38:58 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Registry Mechanic
[2011/12/06 20:04:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Smart PC Solutions
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Stock NeuroMaster
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\StockFusion Studio
[2011/10/20 22:11:29 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\WeatherBug
[2011/01/30 22:40:09 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Windows Live Writer
[2011/07/26 21:51:03 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/04/20 00:03:25 | 000,000,142 | ---- | M] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk
[2012/04/20 00:03:25 | 000,000,142 | ---- | C] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DF934660
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D4A168E0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

ComboFix 12-04-18.02 - John O. B. Cole 04/20/2012 19:56:29.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3033.2315 [GMT -5:00]
Running from: c:\users\John O. B. Cole\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0qbJL73drjyc4S
c:\windows\$NtUninstallKB64478$
c:\windows\$NtUninstallKB64478$\230880796\@
c:\windows\$NtUninstallKB64478$\230880796\cfg.ini
c:\windows\$NtUninstallKB64478$\230880796\Desktop.ini
c:\windows\$NtUninstallKB64478$\230880796\L\xadqgnnk
c:\windows\$NtUninstallKB64478$\230880796\U\[email protected]
c:\windows\$NtUninstallKB64478$\230880796\U\[email protected]
c:\windows\$NtUninstallKB64478$\230880796\U\[email protected]
c:\windows\$NtUninstallKB64478$\230880796\U\[email protected]
c:\windows\$NtUninstallKB64478$\230880796\U\[email protected]
c:\windows\$NtUninstallKB64478$\230880796\U\[email protected]
c:\windows\$NtUninstallKB64478$\230880796\version
c:\windows\$NtUninstallKB64478$\3736031887
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-03-21 to 2012-04-21 )))))))))))))))))))))))))))))))
.
.
2012-04-21 01:05 . 2012-04-21 01:05 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2872948C-192E-4C61-90C6-678B92D8E9F3}\offreg.dll
2012-04-21 01:03 . 2012-04-21 01:05 -------- d-----w- c:\users\John O. B. Cole\AppData\Local\temp
2012-04-21 01:03 . 2012-04-21 01:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-04-21 01:03 . 2012-04-21 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-20 23:29 . 2012-04-20 23:29 -------- d-----w- C:\_OTL
2012-04-19 01:03 . 2012-04-19 01:03 388096 ----a-r- c:\users\John O. B. Cole\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-18 22:36 . 2012-04-18 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 22:36 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 21:11 . 2012-04-18 21:11 -------- d-----w- c:\users\John O. B. Cole\AppData\Roaming\SUPERAntiSpyware.com
2012-04-18 21:11 . 2012-04-18 21:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-18 20:47 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2872948C-192E-4C61-90C6-678B92D8E9F3}\mpengine.dll
2012-04-18 02:56 . 2012-04-20 05:03 -------- d-----w- c:\windows\system32\aliedit
2012-04-18 02:56 . 2012-04-20 05:03 -------- d-----w- c:\program files\Trademanager
2012-04-18 02:54 . 2012-04-18 02:54 -------- d-----w- c:\users\John O. B. Cole\AppData\Local\Alibaba
2012-04-07 02:58 . 2012-04-07 02:58 -------- d-----w- c:\program files\USEPA
2012-04-07 02:57 . 2012-04-07 02:57 -------- d-----w- c:\program files\COSMOlogic
2012-04-07 02:56 . 2012-04-07 02:56 -------- d-----w- c:\program files\ChemSepL6v90
2012-04-07 02:55 . 2012-04-07 02:55 -------- d-----w- c:\program files\Common Files\CAPE-OPEN
2012-04-07 02:55 . 2012-04-07 02:55 -------- d--h--w- c:\users\John O. B. Cole\AppData\Roaming\COCO
2012-04-07 02:55 . 2012-04-07 02:58 -------- d-----w- c:\program files\COCO
2012-04-05 01:18 . 2012-04-18 23:30 -------- d-----w- c:\users\John O. B. Cole\AppData\Roaming\Yahoo!
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-31 01:13 . 2012-03-31 01:13 -------- d-----w- c:\program files\iTunes
2012-03-31 01:13 . 2012-03-31 01:13 -------- d-----w- c:\program files\iPod
2012-03-30 23:16 . 2012-04-19 01:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 01:03 . 2011-06-01 05:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 14:18 . 2010-01-23 04:39 237072 ----a-w- c:\windows\system32\MpSigStub.exe
2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2012-02-15 16:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
"aliim"="c:\program files\Trademanager\aliim.exe" [2012-01-05 214976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-29 217088]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4562944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^John O. B. Cole^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^John O. B. Cole^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 02:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaLAN]
2010-07-28 22:33 1485208 ----a-w- c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet2]
2011-12-24 01:09 8109800 ----a-w- c:\users\John O. B. Cole\AppData\Local\MediaGet2\mediaget.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2008-01-07 23:00 36864 ----a-w- c:\windows\OEM13Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-06-25 02:19 140520 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 23:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 253088]
R3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys [2002-07-11 95232]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2007-01-24 7680]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-18 23680]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-05-10 18432]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Ast Service;Ast Service;c:\windows\system32\\AstSrv.exe [2008-01-07 57344]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-05-22 58528]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-05-07 41504]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 01:03]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:37]
.
2012-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 00:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
TCP: DhcpNameServer = 69.78.96.14 66.174.92.14
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-BitTorrent - c:\program files\BitTorrent\BitTorrent.exe
MSConfigStartUp-MediaGet - c:\program files\MediaGet\mediaget.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Rosary Reminder - c:\progra~1\VIRTUA~1\reminder.exe
MSConfigStartUp-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\AstSrv.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-04-20 20:08:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-07 00:17
ComboFix2.txt 2011-01-07 00:17
.
Pre-Run: 250,570,997,760 bytes free
Post-Run: 250,313,490,432 bytes free
.
- - End Of File - - 830639EEBDC2EEA0931115F9BC743584
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK just a quick tidy up and sweep for orphans I feel

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....q={searchTerms}
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (Reg Error: Key error.)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    [2012/04/17 16:35:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4Sr
    [2012/04/17 16:35:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4S
    [2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg
    [2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr
    [2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg
    [2012/04/20 00:03:25 | 000,000,142 | ---- | M] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk
    [2012/04/20 00:03:25 | 000,000,142 | ---- | C] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
All processes killed
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....={searchTerms}> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)> in the current context!
Error: Unable to interpret <O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.> in the current context!
Error: Unable to interpret <[2012/04/17 16:35:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4Sr> in the current context!
Error: Unable to interpret <[2012/04/17 16:35:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4S> in the current context!
Error: Unable to interpret <[2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg> in the current context!
Error: Unable to interpret <[2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr> in the current context!
Error: Unable to interpret <[2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg> in the current context!
Error: Unable to interpret <[2012/04/20 00:03:25 | 000,000,142 | ---- | M] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk> in the current context!
Error: Unable to interpret <[2012/04/20 00:03:25 | 000,000,142 | ---- | C] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John O. B. Cole\Desktop\cmd.bat deleted successfully.
C:\Users\John O. B. Cole\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John O. B. Cole
->Temp folder emptied: 444203 bytes
->Temporary Internet Files folder emptied: 20896473 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 693 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 20.00 mb



OTL by OldTimer - Version 3.2.40.0 log created on 04212012_121655

Files\Folders moved on Reboot...
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NIZ3LH0T\317063-really-bad-malwarevirus-need-some-help[1].htm moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\20FSN8QH\fastbutton[1].htm moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

___________________________________________________

OTL logfile created on: 4/21/2012 6:19:14 PM - Run 3
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.14% Memory free
5.92 Gb Paging File | 4.89 Gb Available in Paging File | 82.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 232.96 Gb Free Space | 82.20% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
PRC - [2012/04/18 20:03:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/16 23:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009/07/16 23:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
PRC - [2009/06/29 02:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/29 02:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/29 02:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/06/29 02:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/01 21:36:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/01 21:35:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/23 20:19:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/23 20:19:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/16 23:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 20:03:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/26 23:48:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNOB~1.COL\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/16 23:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/07/15 13:47:20 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/22 04:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/07 04:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/03/25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/28 18:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2002/07/10 21:13:00 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuvt.sys -- (DCamUSBUVT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{D479C55D-D202-4CDF-B0B1-D76559A3F7DC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FE02C4FF-81A1-458D-ACF3-6848DD411A53}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {F732A857-EDC8-4501-83B1-56B459A656BC}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F732A857-EDC8-4501-83B1-56B459A656BC}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\John O. B. Cole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)


[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions
[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/18 18:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/17 00:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/21 12:16:57 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKCU..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8BCDD7-B3AC-484F-9024-2082FA996F16}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E15F0F-D1D2-4C83-9FE8-CFB89630CBA9}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F941F7-E99B-4D0C-9A9D-949A4459184B}: DhcpNameServer = 69.78.96.14 66.174.92.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 18:04:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/20 20:08:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\temp
[2012/04/20 18:29:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/19 22:46:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John O. B. Cole\Desktop\aswMBR.exe
[2012/04/19 22:37:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/19 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder (2)
[2012/04/18 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/18 17:36:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 16:14:49 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/18 16:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/18 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/18 16:03:17 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\Virus
[2012/04/17 21:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/04/17 21:56:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/04/17 21:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/04/17 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\Alibaba
[2012/04/17 16:35:00 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder
[2012/04/06 21:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COCO
[2012/04/06 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\USEPA
[2012/04/06 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COSMOthermCO-LITE-C30-1201
[2012/04/06 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\COSMOlogic
[2012/04/06 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemSep 6.90 LITE
[2012/04/06 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\ChemSepL6v90
[2012/04/06 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPE-OPEN
[2012/04/06 21:55:57 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2012/04/06 21:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\COCO
[2012/04/04 20:18:16 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Yahoo!
[2012/04/04 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/03/30 20:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/04/21 18:20:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:20:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:17:45 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/21 18:17:45 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/21 18:13:34 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/21 18:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/21 18:13:13 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/21 18:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/21 18:01:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 12:16:57 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/20 21:11:08 | 000,000,391 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/20 00:32:20 | 000,000,204 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/20 00:03:12 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/19 23:03:11 | 000,000,512 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\MBR.dat
[2012/04/19 22:46:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John O. B. Cole\Desktop\aswMBR.exe
[2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/18 20:09:10 | 000,000,245 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:14:57 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:04 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 23:40:40 | 902,839,899 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison Live Raw and uncut.avi
[2012/04/17 23:39:39 | 139,483,140 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison_-_Unskinny_Bop_(Live)_(2nafish).mpg
[2012/04/17 16:35:02 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-0qbJL73drjyc4S
[2012/04/17 16:31:32 | 000,000,206 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 23:04:39 | 000,327,680 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:46 | 000,560,386 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/15 23:30:57 | 000,000,230 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/08 21:29:52 | 005,080,344 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | M] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 17:31:48 | 000,001,135 | ---- | M] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 20:13:58 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/20 00:32:20 | 000,000,204 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/20 00:03:12 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/19 23:03:11 | 000,000,512 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\MBR.dat
[2012/04/18 20:03:25 | 000,000,245 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:11:04 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 16:35:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4S
[2012/04/17 16:31:32 | 000,000,206 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,391 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 22:31:51 | 000,327,680 | -H-- | C] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:39 | 000,560,386 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/08 21:29:51 | 005,080,344 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | C] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 20:52:40 | 000,000,230 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/04 17:31:48 | 000,001,135 | ---- | C] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/03/30 20:13:58 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 18:16:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/03 23:14:42 | 000,221,719 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\census.cache
[2011/12/03 23:14:37 | 000,093,272 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\ars.cache
[2011/12/03 23:07:59 | 000,000,036 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\housecall.guid.cache
[2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg
[2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr
[2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg
[2011/09/24 22:51:35 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 05:32:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/04 05:32:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/16 21:30:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\8532util.dll
[2011/05/16 21:30:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ICMSetup532.dll
[2011/01/15 22:31:33 | 000,006,144 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 19:06:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/06 19:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/06 19:06:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/06 19:06:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/06 19:06:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/21 23:03:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 20:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/12/05 21:51:51 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\AVG
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Azureus
[2011/10/05 23:31:49 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Babylon
[2011/01/25 23:40:59 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\BitLord
[2012/04/06 21:55:57 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2011/07/09 23:05:46 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\CoCreate
[2010/08/20 22:21:34 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/07 21:45:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\DiskAid
[2011/04/13 20:01:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\EconEx
[2011/01/24 23:00:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\FinalTorrent
[2012/04/18 18:30:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\IObit
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Juniper Networks
[2012/04/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\LibreOffice
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Media Get LLC
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\OpenOffice.org
[2011/10/27 21:39:16 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Pine Grove Software
[2011/01/25 00:18:05 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Python-Eggs
[2011/01/01 22:38:58 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Registry Mechanic
[2011/12/06 20:04:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Smart PC Solutions
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Stock NeuroMaster
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\StockFusion Studio
[2011/10/20 22:11:29 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\WeatherBug
[2011/01/30 22:40:09 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Windows Live Writer
[2011/07/26 21:51:03 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/04/20 00:03:25 | 000,000,142 | ---- | M] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk
[2012/04/20 00:03:25 | 000,000,142 | ---- | C] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DF934660
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D4A168E0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
John O. B. Cole :: JOHNOBCOLE-PC [administrator]

4/21/2012 6:29:22 PM
mbam-log-2012-04-21 (18-29-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292314
Time elapsed: 46 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
HI there you did not copy the OTL quite right. Once this run has completed could you let me know what problems remain

could you re-run it please and ensure that everything in the code box starting from and including :OTL is in the box

:OTL
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu....q={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.bl...re/AxLoader.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://linksyssuppo...rt/ieatgpc1.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mygp.gp.com/...SetupClient.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
[2012/04/17 16:35:02 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4Sr
[2012/04/17 16:35:01 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-0qbJL73drjyc4S
[2011/12/03 22:13:40 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQveg
[2011/12/03 22:13:40 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~Cykv2TIJ7IQvegr
[2011/12/03 22:13:33 | 000,000,448 | -H-- | C] () -- C:\ProgramData\Cykv2TIJ7IQveg
[2012/04/20 00:03:25 | 000,000,142 | ---- | M] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk
[2012/04/20 00:03:25 | 000,000,142 | ---- | C] ()(C:\Users\John O. B. Cole\Desktop\???????????.lnk) -- C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

  • 0

#10
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I think everything is working good again. I havent had any issues since doing what you did. I sincerely appreciate your awesome help!!

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {DAF7E6E6-D53A-439A-B28D-12271406B8A9}
C:\Windows\Downloaded Program Files\AxLoader.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DAF7E6E6-D53A-439A-B28D-12271406B8A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAF7E6E6-D53A-439A-B28D-12271406B8A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DAF7E6E6-D53A-439A-B28D-12271406B8A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DAF7E6E6-D53A-439A-B28D-12271406B8A9}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Windows\Downloaded Program Files\ieatgpc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {F27237D7-93C8-44C2-AC6E-D6057B9A918F}
C:\Windows\Downloaded Program Files\JuniperSetupClient.INF not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F27237D7-93C8-44C2-AC6E-D6057B9A918F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\ProgramData\-0qbJL73drjyc4Sr moved successfully.
C:\ProgramData\-0qbJL73drjyc4S moved successfully.
C:\ProgramData\~Cykv2TIJ7IQveg moved successfully.
C:\ProgramData\~Cykv2TIJ7IQvegr moved successfully.
C:\ProgramData\Cykv2TIJ7IQveg moved successfully.
C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk moved successfully.
File C:\Users\John O. B. Cole\Desktop\欢迎光临阿里巴巴国际站.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\John O. B. Cole\Desktop\cmd.bat deleted successfully.
C:\Users\John O. B. Cole\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John O. B. Cole
->Temp folder emptied: 520325 bytes
->Temporary Internet Files folder emptied: 51284077 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 903 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 41742722 bytes

Total Files Cleaned = 89.00 mb



OTL by OldTimer - Version 3.2.40.0 log created on 04222012_200757

Files\Folders moved on Reboot...
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YEU8SA03\videoplayback[3] moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGJ84J9X\fastbutton[1].htm moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGJ84J9X\page__gopid__2148207[1].htm moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QGJ84J9X\watch[1].txt moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZY6K0TL\ads[1].htm moved successfully.
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZY6K0TL\videoplayback[2] moved successfully.
File\Folder C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla8404.tmp not found!
C:\Users\John O. B. Cole\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...


OTL logfile created on: 4/22/2012 8:11:49 PM - Run 4
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\John O. B. Cole\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.92% Memory free
5.92 Gb Paging File | 4.84 Gb Available in Paging File | 81.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 231.23 Gb Free Space | 81.59% Space Free | Partition Type: NTFS

Computer Name: JOHNOBCOLE-PC | User Name: John O. B. Cole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
PRC - [2012/04/18 20:03:36 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/02/27 00:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2009/07/16 23:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
PRC - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
PRC - [2009/07/16 23:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
PRC - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe
PRC - [2009/07/13 20:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/06/29 02:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/29 02:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/06/29 02:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/06/29 02:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2012/01/01 21:36:03 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2012/01/01 21:35:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/12/23 20:19:34 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/12/23 20:19:26 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/16 23:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/18 20:03:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/03/26 23:48:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/16 23:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2009/07/15 13:47:20 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\stacsv.exe -- (STacSV)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/07 12:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)
SRV - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\JOHNOB~1.COL\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/16 23:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2009/07/15 13:47:20 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/05/22 04:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/07 04:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/03/25 01:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/05/28 18:01:00 | 000,235,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/03/05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2002/07/10 21:13:00 | 000,095,232 | ---- | M] (IC Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbuvt.sys -- (DCamUSBUVT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678
IE - HKLM\..\SearchScopes\{D479C55D-D202-4CDF-B0B1-D76559A3F7DC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FE02C4FF-81A1-458D-ACF3-6848DD411A53}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {F732A857-EDC8-4501-83B1-56B459A656BC}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{F732A857-EDC8-4501-83B1-56B459A656BC}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\Trademanager\npwangwang.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\John O. B. Cole\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)


[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions
[2010/01/24 21:48:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/04/18 18:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\John O. B. Cole\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/04/17 00:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2012/04/22 20:08:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKCU..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8BCDD7-B3AC-484F-9024-2082FA996F16}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80E15F0F-D1D2-4C83-9FE8-CFB89630CBA9}: DhcpNameServer = 69.78.96.14 66.174.92.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3F941F7-E99B-4D0C-9A9D-949A4459184B}: DhcpNameServer = 69.78.96.14 66.174.92.14
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/21 18:04:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/20 20:08:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/20 20:03:20 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\temp
[2012/04/20 18:29:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/19 22:46:35 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\John O. B. Cole\Desktop\aswMBR.exe
[2012/04/19 22:37:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/19 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder (2)
[2012/04/18 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/04/18 17:36:50 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/18 17:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/18 16:14:49 | 004,467,856 | R--- | C] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:09 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/18 16:11:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/18 16:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/18 16:03:17 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\Virus
[2012/04/17 21:56:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/04/17 21:56:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/04/17 21:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/04/17 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Local\Alibaba
[2012/04/17 16:35:00 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012/04/17 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\Desktop\New folder
[2012/04/06 21:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COCO
[2012/04/06 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\USEPA
[2012/04/06 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COSMOthermCO-LITE-C30-1201
[2012/04/06 21:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\COSMOlogic
[2012/04/06 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemSep 6.90 LITE
[2012/04/06 21:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\ChemSepL6v90
[2012/04/06 21:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CAPE-OPEN
[2012/04/06 21:55:57 | 000,000,000 | -H-D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2012/04/06 21:55:53 | 000,000,000 | ---D | C] -- C:\Program Files\COCO
[2012/04/04 20:18:16 | 000,000,000 | ---D | C] -- C:\Users\John O. B. Cole\AppData\Roaming\Yahoo!
[2012/04/04 17:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/03/30 20:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/30 20:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

========== Files - Modified Within 30 Days ==========

[2012/04/22 20:12:19 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/22 20:12:19 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/22 20:11:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/22 20:09:44 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/22 20:09:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/22 20:09:31 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/22 20:08:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/04/22 19:53:58 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/21 18:20:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/21 18:20:36 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/20 21:11:08 | 000,000,391 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/20 00:32:20 | 000,000,204 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/20 00:03:12 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/19 23:03:11 | 000,000,512 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\MBR.dat
[2012/04/19 22:46:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\John O. B. Cole\Desktop\aswMBR.exe
[2012/04/19 22:37:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\John O. B. Cole\Desktop\OTL.exe
[2012/04/18 20:09:10 | 000,000,245 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:14:57 | 004,467,856 | R--- | M] (Swearware) -- C:\Users\John O. B. Cole\Desktop\ComboFix.exe
[2012/04/18 16:11:04 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 23:40:40 | 902,839,899 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison Live Raw and uncut.avi
[2012/04/17 23:39:39 | 139,483,140 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\Poison_-_Unskinny_Bop_(Live)_(2nafish).mpg
[2012/04/17 16:31:32 | 000,000,206 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 23:04:39 | 000,327,680 | -H-- | M] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:46 | 000,560,386 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/15 23:30:57 | 000,000,230 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/08 21:29:52 | 005,080,344 | ---- | M] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | M] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 17:31:48 | 000,001,135 | ---- | M] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 20:13:58 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/04/20 00:32:20 | 000,000,204 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\UTV 800cc with EEC&EPA certificate Sales, Buy UTV 800cc with EEC&EPA certificate Products from alibaba.com.url
[2012/04/20 00:03:12 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\TradeManager 2011.lnk
[2012/04/19 23:03:11 | 000,000,512 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\MBR.dat
[2012/04/18 20:03:25 | 000,000,245 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Posting New Topic - Geeks to Go Forums.url
[2012/04/18 20:03:08 | 000,003,011 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\HiJackThis.lnk
[2012/04/18 17:36:50 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/18 16:11:04 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/17 16:31:32 | 000,000,206 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Wholesale Bike LED Flash Light Mount Bicycle Torch Clamp Holder.url
[2012/04/17 16:31:28 | 000,000,455 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\quick release handlebar bracket with clip - Google Search.url
[2012/04/17 16:31:24 | 000,000,391 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\2012 Exposure Quick Release Handlebar Bracket w- Clip - Competitive Cyclist.url
[2012/04/17 16:31:21 | 000,000,279 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Google.url
[2012/04/16 22:31:51 | 000,327,680 | -H-- | C] () -- C:\Users\John O. B. Cole\Documents\2011 secret crack-make over $300 a day now -eBay's best.pdf
[2012/04/16 21:53:39 | 000,560,386 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\How to make money on ebay.pdf
[2012/04/16 21:39:40 | 000,000,141 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\OSHA Notice.url
[2012/04/08 21:29:51 | 005,080,344 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Gasifierplansv1.zip
[2012/04/06 21:58:23 | 000,030,920 | ---- | C] () -- C:\Windows\System32\CapeOpenNet.tlb
[2012/04/06 21:56:12 | 000,001,839 | ---- | C] () -- C:\Users\Public\Desktop\ChemSep.lnk
[2012/04/04 20:52:40 | 000,000,230 | ---- | C] () -- C:\Users\John O. B. Cole\Desktop\Fabricated Metal Product Mfg - Mississippi Company Directory from Hoovers.com.url
[2012/04/04 17:31:48 | 000,001,135 | ---- | C] () -- C:\Users\John O. B. Cole\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/04 17:31:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/03/30 20:13:58 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/30 18:16:02 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/12/03 23:14:42 | 000,221,719 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\census.cache
[2011/12/03 23:14:37 | 000,093,272 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\ars.cache
[2011/12/03 23:07:59 | 000,000,036 | -H-- | C] () -- C:\Users\John O. B. Cole\AppData\Local\housecall.guid.cache
[2011/09/24 22:51:35 | 000,000,326 | ---- | C] () -- C:\Windows\wininit.ini
[2011/08/04 05:32:35 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/08/04 05:32:35 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/16 21:30:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\8532util.dll
[2011/05/16 21:30:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\ICMSetup532.dll
[2011/01/15 22:31:33 | 000,006,144 | ---- | C] () -- C:\Users\John O. B. Cole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/06 19:06:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/06 19:06:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/06 19:06:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/06 19:06:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/06 19:06:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/21 23:03:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/05/20 20:50:24 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/12/05 21:51:51 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\AVG
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Azureus
[2011/10/05 23:31:49 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Babylon
[2011/01/25 23:40:59 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\BitLord
[2012/04/06 21:55:57 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\COCO
[2011/07/09 23:05:46 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\CoCreate
[2010/08/20 22:21:34 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/07 21:45:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\DiskAid
[2011/04/13 20:01:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\EconEx
[2011/01/24 23:00:22 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\FinalTorrent
[2012/04/18 18:30:22 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\IObit
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Juniper Networks
[2012/04/18 18:30:23 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\LibreOffice
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Media Get LLC
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\OpenOffice.org
[2011/10/27 21:39:16 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Pine Grove Software
[2011/01/25 00:18:05 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Python-Eggs
[2011/01/01 22:38:58 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Registry Mechanic
[2011/12/06 20:04:47 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Smart PC Solutions
[2012/04/18 18:30:29 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Stock NeuroMaster
[2012/04/18 18:44:07 | 000,000,000 | ---D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\StockFusion Studio
[2011/10/20 22:11:29 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\WeatherBug
[2011/01/30 22:40:09 | 000,000,000 | -H-D | M] -- C:\Users\John O. B. Cole\AppData\Roaming\Windows Live Writer
[2011/07/26 21:51:03 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:DF934660
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D4A168E0
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#12
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did notice that lots of my files are missing and/or misplaced. I did notice that after the infection lots of files were hidden but I still could find them. Now lots are missing. Is there something I can do to see if they were deleted or wiped away from this virus?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#14
joczr21

joczr21

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
RogueKiller V7.3.3 [04/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: John O. B. Cole [Admin rights]
Mode: Shortcuts HJfix -- Date: 04/24/2012 18:41:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1611 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 91 / Fail 0
Start menu: Success 3 / Fail 0
User folder: Success 8117 / Fail 0
My documents: Success 51 / Fail 0
My favorites: Success 26 / Fail 0
My pictures: Success 163 / Fail 0
My music: Success 501 / Fail 0
My videos: Success 10 / Fail 0
Local drives: Success 1730 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[1].txt >>
RKreport[1].txt
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is it looking now ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP