Blammi.exe and ActiveController.exe removal [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Blammi.exe and ActiveController.exe removal [Solved]

#1 jbold569

Group: Member
Posts: 13
Joined: 07-May 12

Posted 07 May 2012 - 02:14 PM

A few days ago I downloaded a program called SUPER to do some video editing. The program did what I wanted but soon after, Internet Explorer would open roughly every hour with an advertisement. Upon review of my running processes I discovered Blammi.exe running in the background. After doing some research it would appear that the purpose of the program is to look at browser queries and display ads relating to them. This is also how I discovered that ActiveController.exe is related to this program. I read this information from a terms of use document written by who ever is responsible for these programs (Maybe NetNucleous is to blame?)

Steps that I've taken to remove this program are direct deletion which results in it being downloaded again automatically, uninstalling which results in the download of a blammi uninstaller (I afraid to even try and run this), I tried Stopzilla which detects it unlike Ad-aware and Microsoft Security Essentials but they require me to subscribe for a year to remove the infections. Ad-aware was able to detect some infections which I've removed but now I feel like my computer is running slower and blammi and Activecontroller continue to run in the background. I have enough memory problems as is with only 1GB of ram on this netbook so I'm rather frustrated that these programs are so persistent.

OTL logfile created on: 5/7/2012 2:23:05 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Bolden\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.30 Mb Total Physical Memory | 117.66 Mb Available Physical Memory | 11.61% Memory free
1.99 Gb Paging File | 0.46 Gb Available in Paging File | 22.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 1.87 Gb Free Space | 4.68% Space Free | Partition Type: NTFS
Drive D: | 177.79 Gb Total Space | 171.96 Gb Free Space | 96.72% Space Free | Partition Type: NTFS

Computer Name: BOLDEN-PC | User Name: Bolden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 14:20:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Bolden\Downloads\OTL.exe
PRC - [2012/05/03 16:13:43 | 001,687,552 | ---- | M] () -- C:\Users\Bolden\AppData\Roaming\Blammi\blammi.exe
PRC - [2012/04/25 11:35:12 | 000,067,408 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- D:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/02/17 15:52:02 | 000,217,088 | ---- | M] () -- C:\Users\Bolden\AppData\Roaming\Microsoft\Windows\nsaFF14.exe
PRC - [2012/02/17 14:58:30 | 000,909,312 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe
PRC - [2012/02/17 14:57:16 | 000,061,440 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- D:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/08 02:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/06/02 21:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/05/06 01:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/02/10 09:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/02/03 00:19:20 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
PRC - [2010/01/18 21:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/03 16:13:43 | 001,687,552 | ---- | M] () -- C:\Users\Bolden\AppData\Roaming\Blammi\blammi.exe
MOD - [2012/04/27 21:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 21:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 21:05:45 | 000,544,240 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\libglesv2.dll
MOD - [2012/04/27 21:05:44 | 000,117,744 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\libegl.dll
MOD - [2012/04/27 21:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 21:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 21:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 20:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- D:\Program Files\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2012/02/17 15:52:02 | 000,217,088 | ---- | M] () -- C:\Users\Bolden\AppData\Roaming\Microsoft\Windows\nsaFF14.exe
MOD - [2012/02/17 14:58:30 | 000,909,312 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe
MOD - [2012/02/17 14:57:16 | 000,061,440 | ---- | M] () -- C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe
MOD - [2010/02/03 00:19:20 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
MOD - [2010/02/03 00:19:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/25 11:35:12 | 000,067,408 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- D:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82CE00AF-BB42-48F0-8CB5-B27872526BC7}\MpKsl67e84373.sys -- (MpKsl67e84373)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ak713jze)
DRV - [2012/04/25 11:21:26 | 000,073,136 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2012/04/12 11:05:53 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2012/02/24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2012/02/09 21:11:20 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/03/01 11:14:17 | 000,031,472 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2011/03/01 11:12:48 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/03/01 11:12:48 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/11/23 18:10:44 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/21 05:24:19 | 000,015,656 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/07/08 03:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/11/18 14:33:58 | 000,022,416 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007/01/25 15:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8B454986-C2C5-493A-900D-93FA4D2C9725}
IE - HKCU\..\SearchScopes\{8B454986-C2C5-493A-900D-93FA4D2C9725}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bolden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bolden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{e45a0de0-b4de-11de-8a39-0800200c9a66}: C:\Users\Bolden\AppData\Roaming\Mozilla\FireFox\{e45a0de0-b4de-11de-8a39-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}: C:\Users\Bolden\AppData\Roaming\Mozilla\FireFox\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}

[2012/04/18 14:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/02 07:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bolden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ActiveCollectorPluginBHO Class) - {07202B0D-149C-4568-90DF-ACC2B4057809} - C:\Program Files\NetNucleous\ActiveCollector\ActiveCollectorPlugin.dll (NetNucleus Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] D:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
O4 - HKCU..\Run: [ActiveCollector] C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe ()
O4 - HKCU..\Run: [blammi] C:\Users\Bolden\AppData\Roaming\Blammi\blammi.exe ()
O4 - HKCU..\Run: [BmService] C:\Users\Bolden\AppData\Roaming\Microsoft\Windows\nsaFF14.exe ()
O4 - HKCU..\Run: [LonelyWalker] C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48663515-F0CA-4AD2-A35E-239CC2508AEC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{91c705b9-6989-11e1-88d7-002454ca0ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{91c705b9-6989-11e1-88d7-002454ca0ed7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 11:59:10 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Local\adaware
[2012/05/04 11:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/04 11:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/05/04 11:57:33 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\sbhips.sys
[2012/05/04 11:57:28 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\sbtis.sys
[2012/05/04 11:56:36 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\SbFwIm.sys
[2012/05/04 11:56:35 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\SbFw.sys
[2012/05/04 11:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/05/04 11:53:49 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Roaming\Ad-Aware Antivirus
[2012/05/03 19:13:33 | 000,101,112 | R--- | C] (GFI Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2012/05/03 19:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012/05/03 19:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012/05/03 19:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/05/02 13:24:52 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\windows\System32\devil.dll
[2012/05/02 13:24:51 | 000,369,152 | ---- | C] (The Public) -- C:\windows\System32\avisynth.dll
[2012/05/02 13:24:50 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2012/05/02 13:24:47 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\i420vfw.dll
[2012/05/02 13:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012/05/02 13:16:12 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2012/05/02 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetNucleous
[2012/05/02 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Roaming\Blammi
[2012/05/02 13:13:46 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Roaming\VideoLAN
[2012/05/02 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/04/25 11:35:32 | 000,023,376 | R--- | C] (iS3, Inc.) -- C:\windows\System32\SZIO5.dll
[2012/04/25 11:35:22 | 000,546,640 | R--- | C] (iS3, Inc.) -- C:\windows\System32\SZComp5.dll
[2012/04/25 11:35:16 | 000,481,104 | R--- | C] (iS3, Inc.) -- C:\windows\System32\SZBase5.dll
[2012/04/25 11:21:26 | 000,073,136 | R--- | C] (iS3, Inc.) -- C:\windows\System32\drivers\SZKGFS.sys
[2012/04/23 21:10:35 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/04/23 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Local\CRE
[2012/04/23 20:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/04/23 20:56:21 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Local\Conduit
[2012/04/19 17:39:44 | 000,231,248 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3Win325.dll
[2012/04/19 17:39:44 | 000,029,008 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3XDat5.dll
[2012/04/19 17:39:42 | 000,390,992 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3UI5.dll
[2012/04/19 17:39:42 | 000,100,176 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3Svc5.dll
[2012/04/19 17:39:36 | 000,104,272 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3Inet5.dll
[2012/04/19 17:39:34 | 000,132,944 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3HTUI5.dll
[2012/04/19 17:39:34 | 000,067,408 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3Hks5.dll
[2012/04/19 17:39:32 | 000,456,528 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3DBA5.dll
[2012/04/19 17:39:30 | 000,808,784 | R--- | C] (iS3, Inc.) -- C:\windows\System32\IS3Base5.dll
[2012/04/12 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/04/12 11:05:52 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\windows\System32\drivers\dtsoftbus01.sys
[2012/04/08 19:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/08 19:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/08 19:57:51 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

========== Files - Modified Within 30 Days ==========

[2012/05/07 14:01:10 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277923020-1411593580-2406195867-1000UA.job
[2012/05/07 13:13:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/06 22:41:40 | 000,003,472 | ---- | M] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/05/06 22:37:35 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277923020-1411593580-2406195867-1000Core.job
[2012/05/06 22:28:51 | 000,000,946 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/05/04 12:19:19 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 12:19:19 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 12:05:26 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 12:01:10 | 000,727,814 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/04 12:01:10 | 000,146,700 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/02 13:15:47 | 000,000,346 | ---- | M] () -- C:\END
[2012/04/25 11:35:32 | 000,023,376 | R--- | M] (iS3, Inc.) -- C:\windows\System32\SZIO5.dll
[2012/04/25 11:35:22 | 000,546,640 | R--- | M] (iS3, Inc.) -- C:\windows\System32\SZComp5.dll
[2012/04/25 11:35:16 | 000,481,104 | R--- | M] (iS3, Inc.) -- C:\windows\System32\SZBase5.dll
[2012/04/25 11:21:26 | 000,073,136 | R--- | M] (iS3, Inc.) -- C:\windows\System32\drivers\SZKGFS.sys
[2012/04/22 16:34:28 | 000,000,087 | ---- | M] () -- C:\Users\Bolden\webct_upload_applet.properties
[2012/04/19 17:39:44 | 000,231,248 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3Win325.dll
[2012/04/19 17:39:44 | 000,029,008 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3XDat5.dll
[2012/04/19 17:39:42 | 000,390,992 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3UI5.dll
[2012/04/19 17:39:42 | 000,100,176 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3Svc5.dll
[2012/04/19 17:39:36 | 000,104,272 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3Inet5.dll
[2012/04/19 17:39:34 | 000,132,944 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3HTUI5.dll
[2012/04/19 17:39:34 | 000,067,408 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3Hks5.dll
[2012/04/19 17:39:32 | 000,456,528 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3DBA5.dll
[2012/04/19 17:39:30 | 000,808,784 | R--- | M] (iS3, Inc.) -- C:\windows\System32\IS3Base5.dll
[2012/04/12 11:05:53 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\windows\System32\drivers\dtsoftbus01.sys

========== Files Created - No Company Name ==========

[2012/05/04 12:12:33 | 000,003,472 | ---- | C] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/05/04 12:08:54 | 000,000,946 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/05/02 13:24:51 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2012/05/02 13:15:44 | 000,000,346 | ---- | C] () -- C:\END
[2012/03/15 00:11:50 | 000,000,040 | ---- | C] () -- C:\Users\Bolden\AppData\Roaming\gnuplot_history
[2012/03/14 23:51:13 | 000,110,080 | ---- | C] () -- C:\windows\System32\pywintypes27.dll
[2012/03/14 23:51:13 | 000,008,192 | ---- | C] () -- C:\windows\System32\pythoncomloader27.dll
[2012/03/14 23:51:12 | 000,354,304 | ---- | C] () -- C:\windows\System32\pythoncom27.dll
[2012/02/10 18:07:26 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2012/02/10 18:07:26 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2011/04/29 21:54:35 | 000,000,600 | ---- | C] () -- C:\Users\Bolden\AppData\Local\PUTTY.RND
[2011/03/23 16:30:42 | 000,040,960 | ---- | C] () -- C:\windows\System32\xds560_DLLCall.exe
[2011/03/21 15:05:25 | 000,136,507 | ---- | C] () -- C:\windows\hphins33.dat
[2011/03/21 15:05:25 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2011/01/16 15:04:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/01 23:26:05 | 000,001,064 | ---- | C] () -- C:\windows\HotFixList.ini

========== LOP Check ==========

[2012/05/04 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Ad-Aware Antivirus
[2011/11/03 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Arduino
[2012/05/04 00:32:28 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Blammi
[2011/11/08 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\CadSoft
[2012/02/08 16:57:02 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\DAEMON Tools Lite
[2012/03/26 11:19:16 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Dropbox
[2011/01/08 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Notepad++
[2011/12/05 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Saleae LLC
[2012/03/05 16:05:11 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\SanDisk
[2012/01/06 17:07:09 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Synapse
[2012/05/02 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\VideoLAN
[2012/05/06 22:28:51 | 000,000,946 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2009/07/13 23:53:46 | 000,029,848 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#2 Essexboy

Group: GeekU Moderator
Posts: 55,461
Joined: 31-May 06

Posted 07 May 2012 - 03:14 PM

Hi there lets kill this for you

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ak713jze)
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32B29DF0-2237-4370-9A29-37CEBB730E9B} - No CLSID value found.
O4 - HKCU..\Run: [blammi] C:\Users\Bolden\AppData\Roaming\Blammi\blammi.exe ()
O4 - HKCU..\Run: [BmService] C:\Users\Bolden\AppData\Roaming\Microsoft\Windows\nsaFF14.exe ()
O4 - HKCU..\Run: [LonelyWalker] C:\Program Files\NetNucleous\ActiveCollector\ACRecover.exe ()
O4 - HKCU..\Run: [ActiveCollector] C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe ()
[2012/05/02 13:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\NetNucleous
[2012/05/02 13:13:53 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Roaming\Blammi

:Files
ipconfig /flushdns /c
C:\Users\Bolden\AppData\Roaming\Microsoft\Windows\nsaFF14.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

AND FINALLY

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

#3 jbold569

Group: Member
Posts: 13
Joined: 07-May 12

Posted 09 May 2012 - 11:41 PM

Thank you so much for the help. It would appear that the infections are now gone. I'll be sure to reply back to this thread if I experience any recurring problems. Here are the data logs in the order that you asked for them:

OTL logfile created on: 5/9/2012 5:59:22 PM - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Bolden\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.30 Mb Total Physical Memory | 84.01 Mb Available Physical Memory | 8.29% Memory free
1.99 Gb Paging File | 0.85 Gb Available in Paging File | 42.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 40.00 Gb Total Space | 6.11 Gb Free Space | 15.27% Space Free | Partition Type: NTFS
Drive D: | 177.79 Gb Total Space | 172.02 Gb Free Space | 96.76% Space Free | Partition Type: NTFS

Computer Name: BOLDEN-PC | User Name: Bolden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 14:20:59 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Bolden\Downloads\OTL.exe
PRC - [2012/04/25 11:35:12 | 000,067,408 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) -- D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/03/29 12:43:58 | 020,670,304 | ---- | M] (Lavasoft Limited) -- D:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) -- D:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/08 02:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/06/02 21:42:28 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/05/06 01:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/04/20 00:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/02/10 09:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/18 21:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 21:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 21:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 21:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 21:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 21:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/03/29 12:44:18 | 002,180,968 | ---- | M] () -- D:\Program Files\Ad-Aware Antivirus\ThreatWork.dll
MOD - [2010/04/20 00:31:56 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/02/03 00:19:20 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/03/29 12:44:02 | 001,161,072 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/17 18:35:56 | 002,804,280 | ---- | M] (Sunbelt Software) [Auto | Running] -- D:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82CE00AF-BB42-48F0-8CB5-B27872526BC7}\MpKsl67e84373.sys -- (MpKsl67e84373)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abhztp6t)
DRV - [2012/04/12 11:05:53 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/02/09 21:11:20 | 000,473,656 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012/01/12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/11 16:26:04 | 000,074,968 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/03/01 11:14:17 | 000,031,472 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2011/03/01 11:12:48 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/03/01 11:12:48 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/11/23 18:10:44 | 001,249,792 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/21 05:24:19 | 000,015,656 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2010/07/08 03:28:46 | 000,322,336 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/11/18 14:33:58 | 000,022,416 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SiUSBXp.sys -- (SIUSBXP)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2007/01/25 15:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Program Files\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {8B454986-C2C5-493A-900D-93FA4D2C9725}
IE - HKCU\..\SearchScopes\{8B454986-C2C5-493A-900D-93FA4D2C9725}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bolden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bolden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{e45a0de0-b4de-11de-8a39-0800200c9a66}: C:\Users\Bolden\AppData\Roaming\Mozilla\FireFox\{e45a0de0-b4de-11de-8a39-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}: C:\Users\Bolden\AppData\Roaming\Mozilla\FireFox\{5cea9a87-a3a5-4c2a-b08d-8a1876d4931c}

[2012/04/18 14:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/02 07:32:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/26 13:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bolden\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Bolden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/09 17:36:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ActiveCollectorPluginBHO Class) - {07202B0D-149C-4568-90DF-ACC2B4057809} - C:\Program Files\NetNucleous\ActiveCollector\ActiveCollectorPlugin.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Antivirus] D:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48663515-F0CA-4AD2-A35E-239CC2508AEC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{91c705b9-6989-11e1-88d7-002454ca0ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{91c705b9-6989-11e1-88d7-002454ca0ed7}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell - "" = AutoRun
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9b36d060-1896-11e0-ad48-002454ca0ed7}\Shell\install\command - "" = E:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 17:35:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 11:59:10 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Local\adaware
[2012/05/04 11:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/05/04 11:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/05/04 11:57:33 | 000,094,040 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\sbhips.sys
[2012/05/04 11:57:28 | 000,078,936 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\sbtis.sys
[2012/05/04 11:56:36 | 000,069,208 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\SbFwIm.sys
[2012/05/04 11:56:35 | 000,221,784 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\System32\drivers\SbFw.sys
[2012/05/04 11:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/05/04 11:53:49 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Roaming\Ad-Aware Antivirus
[2012/05/03 19:13:33 | 000,101,112 | R--- | C] (GFI Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2012/05/02 13:24:52 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\windows\System32\devil.dll
[2012/05/02 13:24:51 | 000,369,152 | ---- | C] (The Public) -- C:\windows\System32\avisynth.dll
[2012/05/02 13:24:50 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\yv12vfw.dll
[2012/05/02 13:24:47 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\windows\System32\i420vfw.dll
[2012/05/02 13:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012/05/02 13:16:12 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2012/05/02 13:13:46 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Roaming\VideoLAN
[2012/05/02 13:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/04/23 21:10:35 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/04/23 20:56:34 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Local\CRE
[2012/04/23 20:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/04/23 20:56:21 | 000,000,000 | ---D | C] -- C:\Users\Bolden\AppData\Local\Conduit
[2012/04/12 11:07:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/04/12 11:05:52 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\windows\System32\drivers\dtsoftbus01.sys

========== Files - Modified Within 30 Days ==========

[2012/05/09 18:01:43 | 000,000,528 | ---- | M] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/05/09 18:01:06 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277923020-1411593580-2406195867-1000UA.job
[2012/05/09 17:54:03 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 17:54:03 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 17:46:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/09 17:46:14 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/09 17:36:00 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/05/09 17:17:52 | 000,727,814 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/09 17:17:52 | 000,146,700 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/09 17:14:03 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1277923020-1411593580-2406195867-1000Core.job
[2012/05/06 22:28:51 | 000,000,946 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/05/02 13:15:47 | 000,000,346 | ---- | M] () -- C:\END
[2012/04/22 16:34:28 | 000,000,087 | ---- | M] () -- C:\Users\Bolden\webct_upload_applet.properties
[2012/04/12 11:05:53 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\windows\System32\drivers\dtsoftbus01.sys

========== Files Created - No Company Name ==========

[2012/05/09 17:48:54 | 000,000,528 | ---- | C] () -- C:\windows\System32\drivers\kgpcpy.cfg
[2012/05/04 12:08:54 | 000,000,946 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/05/02 13:24:51 | 000,032,256 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2012/05/02 13:15:44 | 000,000,346 | ---- | C] () -- C:\END
[2012/03/15 00:11:50 | 000,000,040 | ---- | C] () -- C:\Users\Bolden\AppData\Roaming\gnuplot_history
[2012/03/14 23:51:13 | 000,110,080 | ---- | C] () -- C:\windows\System32\pywintypes27.dll
[2012/03/14 23:51:13 | 000,008,192 | ---- | C] () -- C:\windows\System32\pythoncomloader27.dll
[2012/03/14 23:51:12 | 000,354,304 | ---- | C] () -- C:\windows\System32\pythoncom27.dll
[2012/02/10 18:07:26 | 000,053,248 | ---- | C] () -- C:\windows\System32\CommonDL.dll
[2012/02/10 18:07:26 | 000,002,413 | ---- | C] () -- C:\windows\System32\lgAxconfig.ini
[2011/04/29 21:54:35 | 000,000,600 | ---- | C] () -- C:\Users\Bolden\AppData\Local\PUTTY.RND
[2011/03/23 16:30:42 | 000,040,960 | ---- | C] () -- C:\windows\System32\xds560_DLLCall.exe
[2011/03/21 15:05:25 | 000,136,507 | ---- | C] () -- C:\windows\hphins33.dat
[2011/03/21 15:05:25 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2011/01/16 15:04:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/01 23:26:05 | 000,001,064 | ---- | C] () -- C:\windows\HotFixList.ini

========== LOP Check ==========

[2012/05/04 22:17:03 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Ad-Aware Antivirus
[2011/11/03 18:44:39 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Arduino
[2011/11/08 22:18:06 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\CadSoft
[2012/02/08 16:57:02 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\DAEMON Tools Lite
[2012/03/26 11:19:16 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Dropbox
[2011/01/08 10:26:38 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Notepad++
[2011/12/05 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Saleae LLC
[2012/03/05 16:05:11 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\SanDisk
[2012/01/06 17:07:09 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\Synapse
[2012/05/02 13:15:35 | 000,000,000 | ---D | M] -- C:\Users\Bolden\AppData\Roaming\VideoLAN
[2012/05/06 22:28:51 | 000,000,946 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2009/07/13 23:53:46 | 000,030,344 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 23:45:30
-----------------------------
23:45:30.137 OS Version: Windows 6.1.7601 Service Pack 1
23:45:30.138 Number of processors: 2 586 0x1C0A
23:45:30.144 ComputerName: BOLDEN-PC UserName: Bolden
23:46:12.208 Initialize success
23:47:48.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:47:48.456 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
23:47:48.488 Disk 0 MBR read successfully
23:47:48.495 Disk 0 MBR scan
23:47:48.502 Disk 0 unknown MBR code
23:47:48.520 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
23:47:48.547 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
23:47:48.563 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 40960 MB offset 31664128
23:47:48.585 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 182052 MB offset 115550208
23:47:48.600 Disk 0 scanning sectors +488392704
23:47:48.680 Disk 0 scanning C:\windows\system32\drivers
23:48:29.633 Service scanning
23:48:58.980 Service MpKsldafba94d C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3371E14D-2ABE-4983-8106-2A21D498F730}\MpKsldafba94d.sys **LOCKED** 32
23:48:59.418 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
23:49:25.321 Modules scanning
23:50:18.500 Disk 0 trace - called modules:
23:50:18.528 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys halmacpi.dll
23:50:18.536 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e8a030]
23:50:18.538 3 CLASSPNP.SYS[86d8259e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8441d028]
23:50:18.540 Scan finished successfully
23:52:13.080 Disk 0 MBR has been saved successfully to "C:\Users\Bolden\Downloads\MBR.dat"
23:52:13.164 The log file has been saved successfully to "C:\Users\Bolden\Downloads\aswMBR.txt"

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.10.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Bolden :: BOLDEN-PC [administrator]

Protection: Enabled

5/9/2012 11:55:21 PM
mbam-log-2012-05-09 (23-55-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208539
Time elapsed: 14 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F2513D6A-15FB-448C-A504-1B44D6CFE40A} (Adware.Mirar) -> Quarantined and deleted successfully.
HKCR\ActiveCollectorPlugin.ActiveCollectorPluginBHO (Adware.Mirar) -> Quarantined and deleted successfully.
HKCR\ActiveCollectorPlugin.ActiveCollectorPluginBHO.1 (Adware.Mirar) -> Quarantined and deleted successfully.
HKCR\AppID\ActiveCollectorPlugin.DLL (Adware.Mirar) -> Quarantined and deleted successfully.
HKCU\Software\Blammi (Adware.GabPath) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\NetNucleous\ActiveCollector (Adware.Mirar) -> Quarantined and deleted successfully.
HKCU\Software\NetNucleous\ActiveCollector (Adware.Mirar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Blammi (Adware.GabPath) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\NetNucleous\ActiveCollector (Adware.Mirar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKCR\CLSID\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C7A0D765-7EA8-4a21-98DE-784B89868EC8} (Adware.Mirar) -> Quarantined and deleted successfully.
HKCR\Interface\{E766BB98-6F19-469B-A7F4-5092C744767C} (Adware.Mirar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07202B0D-149C-4568-90DF-ACC2B4057809} (Adware.Mirar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 Essexboy

Group: GeekU Moderator
Posts: 55,461
Joined: 31-May 06

Posted 10 May 2012 - 11:47 AM

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

#5 Essexboy

Group: GeekU Moderator
Posts: 55,461
Joined: 31-May 06

Posted 12 May 2012 - 09:35 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Blammi.exe and ActiveController.exe removal [Solved] - Geeks to Go Forums