Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Update/Malwarebytes Redirect

Started by kawasaki-intel , Jul 11 2012 02:21 PM

  • Please log in to reply

#1
kawasaki-intel
Posted 11 July 2012 - 02:21 PM

kawasaki-intel

    New Member

  • Member
  • Pip
  • 2 posts
So for the past 3 or 4 days I've been having this issue with the malwarebytes site redirecting to hotmail/msn page. Not sure how i picked it up. I do remember have a "Live Security" pop-up and running virus scans a few time and eventually being able to get to the malwarebytes site. However, TODAY, i tried to do a windows update from link in the start menu and brought up the windows explorer opened up hotmail/msn page. this is weird because explorer isn't my default browser and when I click that link usually opens firefox and gives a message about the browser.

Hopefully someone can help. I'll most likely be upgrading to windows 7 in a couple months but I need a clean system until then. The OTL scan is below









OTL logfile created on: 7/11/2012 12:40:50 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Kuristofua-San\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.39% Memory free
6.75 Gb Paging File | 6.18 Gb Available in Paging File | 91.53% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 199.65 Gb Total Space | 151.32 Gb Free Space | 75.80% Space Free | Partition Type: NTFS
Drive D: | 6.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 3.74 Gb Total Space | 2.98 Gb Free Space | 79.71% Space Free | Partition Type: FAT32
Drive G: | 465.65 Gb Total Space | 165.18 Gb Free Space | 35.47% Space Free | Partition Type: FAT32

Computer Name: KARAOKE-6I5GD2N | User Name: Kuristofua-San | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kuristofua-San\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)
PRC - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
PRC - C:\Program Files\Greenshot\Greenshot.exe ()
PRC - C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
PRC - C:\MouseFix\MouseFix.exe ()
PRC - C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk\My Vaults\dmBackup.dll ()
MOD - C:\Program Files\InboxDollars\Toolbar.dll ()
MOD - C:\Documents and Settings\Kuristofua-San\Application Data\FCTB000062133\Toolbar\Toolbar.dll ()
MOD - C:\Program Files\Greenshot\Greenshot.exe ()
MOD - C:\Program Files\Greenshot\GreenshotPlugin.dll ()
MOD - C:\WINDOWS\system32\Primomonnt.dll ()
MOD - C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
MOD - C:\Program Files\Belkin\F7D4101\V1\BelkinwcuiDLL.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\MouseFix\MouseFix.exe ()
MOD - C:\MouseFix\MouseFixDll.dll ()


========== Win32 Services (SafeList) ==========

SRV - (STacSV) -- c:\docume~1\kurist~1\locals~1\temp\cdm\{3f9eee20-bf4c-4dbb-89d2-5ced5644d0e4}\STacSV.exe File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Intel® PROSet Monitoring Service) Intel® -- C:\WINDOWS\system32\IPROSetMonitor.exe (Intel Corporation)
SRV - (NitroReaderDriverReadSpool) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe (Nitro PDF Software)
SRV - (WLANBelkinService) -- C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH)
SRV - (iHCService) Intel® -- C:\Program Files\Intel\IDU\IDUServ.exe (OSA Technologies, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WNIPROT5) -- C:\WINDOWS\System32\WNIPROT5.SYS File not found
DRV - (WDICA) -- File not found
DRV - (sxuptp) -- system32\DRIVERS\sxuptp.sys File not found
DRV - (SASKUTIL) -- M:\My Vaults\My Vault\PROGRAMS\SUPERAntiSpyWare\SASKUTIL.SYS File not found
DRV - (SASDIFSV) -- M:\My Vaults\My Vault\PROGRAMS\SUPERAntiSpyWare\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (LVUVC) Logitech QuickCam S7500(UVC) -- system32\DRIVERS\lvuvc.sys File not found
DRV - (LVRS) -- system32\DRIVERS\lvrs.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FilterService) -- system32\DRIVERS\lvuvcflt.sys File not found
DRV - (Changer) -- File not found
DRV - (aswMBR) -- C:\DOCUME~1\KURIST~1\LOCALS~1\Temp\aswMBR.sys File not found
DRV - (Airgo) -- System32\DRIVERS\wnihdd51.sys File not found
DRV - (AFGSp50) -- System32\Drivers\AFGSp50.sys File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (SIODRV) -- C:\WINDOWS\system32\drivers\SIODRV.SYS (Intel Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (DCamUSBSTK03N) -- C:\WINDOWS\system32\drivers\STK03NW2.sys (Syntek Ltd.)
DRV - (BCMH43XX) -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (sfng32) -- C:\WINDOWS\system32\drivers\sfng32.sys (Sonic Focus, Inc)
DRV - (OsaFsLoc) -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys (OSA Technologies)
DRV - (smbusp) Intel® -- C:\WINDOWS\system32\drivers\intelsmb.sys (Intel Corporation)
DRV - (IAMTXP) Driver for Intel® -- C:\WINDOWS\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys (Avocent/OSA Technologies Inc.)
DRV - (exdisk) -- C:\WINDOWS\system32\drivers\exdisk.sys ()
DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\URLSearchHook: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files\InboxDollars\Helper.dll ()
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\SearchScopes,DefaultScope = {FBE78BA6-99DA-4CA1-8718-FBA9C38B30A3}
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\SearchScopes\{661B97B8-8FA3-DAD1-ABC5-A4CD17DFB25F}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\SearchScopes\{9BAAEDA8-9929-DDF5-2A4A-B3FC1C987170}: "URL" = http://www.bing.com/...006&form=ZGAIDF
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\SearchScopes\{FBE78BA6-99DA-4CA1-8718-FBA9C38B30A3}: "URL" = http://search.freeca...p={searchTerms}
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-884357618-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-682003330-884357618-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/24 16:35:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/27 17:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/21 23:39:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/08 18:47:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/21 10:11:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{05B4DE95-C83F-11E1-8270-B8AC6F996F26}: C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\{05B4DE95-C83F-11E1-8270-B8AC6F996F26}\ [2012/07/07 07:21:23 | 000,000,000 | ---D | M]

[2012/07/08 18:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kuristofua-San\Application Data\Mozilla\Extensions
[2012/07/11 07:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kuristofua-San\Application Data\Mozilla\Firefox\Profiles\11pmrup4.default\extensions
[2012/07/08 18:58:34 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Kuristofua-San\Application Data\Mozilla\Firefox\Profiles\11pmrup4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/06 10:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/08 18:58:33 | 000,097,169 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KURISTOFUA-SAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\11PMRUP4.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
[2012/07/11 07:02:08 | 000,525,390 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\KURISTOFUA-SAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\11PMRUP4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/07/07 07:21:23 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\KURISTOFUA-SAN\LOCAL SETTINGS\APPLICATION DATA\{05B4DE95-C83F-11E1-8270-B8AC6F996F26}
[2012/06/14 15:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 11:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/17 02:41:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 11:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: King of Fighters (KOF WING) = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jjfaohihhkmgfjpjkeehipkmakcddncj\1.0.1_0\
CHR - Extension: SparkChess = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\5.2.0.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (InboxDollars BHO) - {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files\InboxDollars\Toolbar.dll ()
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
O3 - HKU\S-1-5-21-682003330-884357618-839522115-1003\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files\InboxDollars\Toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cnatm] C:\Documents and Settings\Kuristofua-San\Application Data\cnatm.dll (DT Soft Ltd)
O4 - HKLM..\Run: [esitc] C:\Documents and Settings\Kuristofua-San\Application Data\esitc.dll (Midiman/M-Audio)
O4 - HKLM..\Run: [IntelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-682003330-884357618-839522115-1003..\Run: [Elmywud] C:\Documents and Settings\Kuristofua-San\Application Data\Lohiil\awefw.exe (Shuttle Inc.)
O4 - HKU\S-1-5-21-682003330-884357618-839522115-1003..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - HKU\S-1-5-21-682003330-884357618-839522115-1003..\Run: [Mouse Fix] C:\MouseFix\MouseFix.exe ()
O4 - HKU\S-1-5-21-682003330-884357618-839522115-1003..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKU\S-1-5-21-682003330-884357618-839522115-1003..\Run: [SansaDispatch] C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin USB Wireless Adaptor Utility.lnk = C:\Program Files\Belkin\F7D4101\V1\PBN.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-884357618-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1289683966042 (WUWebControl Class)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A894076-43D6-46A2-8953-C3AA512FF747}: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99E10597-E007-4422-BD29-B9BDE4E7F0AD}: DhcpNameServer = 192.168.254.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (M:\My Vaults\My Vault\PROGRAMS\SUPERAntiSpyWare\SASWINLO.DLL) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - M:\My Vaults\My Vault\PROGRAMS\SUPERAntiSpyWare\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/13 14:25:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/01/29 16:33:51 | 000,002,619 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O32 - AutoRun File - [2011/10/24 09:16:00 | 000,000,066 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/07/22 18:53:26 | 000,618,945 | ---- | M] () - E:\Autoruns.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/01/26 17:15:22 | 000,000,191 | ---- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{ed55abfe-53a9-11e1-8ec3-0011502e714b}\Shell - "" = AutoRun
O33 - MountPoints2\{ed55abfe-53a9-11e1-8ec3-0011502e714b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ed55abfe-53a9-11e1-8ec3-0011502e714b}\Shell\AutoRun\command - "" = M:\DVAP.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Special_Offers_from_SPHE_PC.exe -- [2011/10/28 13:31:58 | 003,819,688 | R--- | M] ( )
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 10:25:18 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kuristofua-San\Desktop\OTL.exe
[2012/07/11 06:59:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/07/10 22:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/07/08 18:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Application Data\Mozilla
[2012/07/08 18:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/07/08 18:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/07/08 17:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Application Data\SUPERAntiSpyware.com
[2012/07/08 17:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/07 09:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/07/07 07:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/07 07:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/07 07:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\{05B510D6-C83F-11E1-8270-B8AC6F996F26}
[2012/07/07 07:21:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\{05B4DE95-C83F-11E1-8270-B8AC6F996F26}
[2012/07/07 07:21:20 | 000,419,328 | ---- | C] (Midiman/M-Audio) -- C:\Documents and Settings\Kuristofua-San\Application Data\esitc.dll
[2012/07/07 07:20:19 | 000,136,192 | -HS- | C] (DT Soft Ltd) -- C:\Documents and Settings\Kuristofua-San\Application Data\cnatm.dll
[2012/07/07 07:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MS
[2012/07/07 07:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Application Data\Yvbiu
[2012/07/07 07:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Application Data\Yfocy
[2012/07/07 07:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Application Data\Lohiil
[2012/06/25 22:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2012/06/21 23:22:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/06/21 23:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\Microsoft Corporation
[2012/06/21 23:22:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/06/21 06:41:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 12:03:01 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-884357618-839522115-1003UA.job
[2012/07/11 12:00:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/11 10:25:18 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kuristofua-San\Desktop\OTL.exe
[2012/07/11 06:58:31 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-682003330-884357618-839522115-1003.job
[2012/07/11 06:58:28 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/11 06:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/11 06:56:56 | 000,355,311 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2012/07/10 22:03:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-884357618-839522115-1003Core.job
[2012/07/08 18:47:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/08 18:47:04 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/08 18:29:45 | 002,859,945 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\Desktop\bookmarks-2012-07-08.json
[2012/07/08 16:04:37 | 000,000,245 | -HS- | M] () -- C:\boot.ini
[2012/07/08 15:41:39 | 000,285,814 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\cc_20120708_154124.reg
[2012/07/08 15:10:41 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/07/07 17:34:11 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/07 07:31:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/07 07:21:23 | 000,419,328 | ---- | M] (Midiman/M-Audio) -- C:\Documents and Settings\Kuristofua-San\Application Data\esitc.dll
[2012/07/07 07:19:57 | 000,136,192 | -HS- | M] (DT Soft Ltd) -- C:\Documents and Settings\Kuristofua-San\Application Data\cnatm.dll
[2012/07/05 11:29:44 | 000,852,886 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\2012-WLV_App.pdf
[2012/07/04 23:16:56 | 000,021,328 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\coverletter2012_LIB.odt
[2012/07/03 12:56:27 | 000,711,942 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\2012-DWLV_App.pdf
[2012/07/01 13:03:14 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/29 23:07:04 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\Desktop\Google Chrome.lnk
[2012/06/29 23:07:04 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/25 00:30:39 | 000,077,903 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\OMXorder_6-25-2012.pdf
[2012/06/22 15:13:26 | 000,105,896 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\Walmart-6222012_Order.pdf
[2012/06/21 23:22:07 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/06/21 23:15:16 | 000,314,967 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\2012-LVCCLDappBlank.pdf
[2012/06/21 17:49:56 | 000,975,759 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\LVCCLD_appWCHrefrence2012.pdf
[2012/06/21 10:09:37 | 000,230,808 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2012/06/18 23:14:39 | 000,080,786 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\Aargon Payment Confirmation6-18-12.pdf
[2012/06/18 00:42:56 | 000,025,116 | ---- | M] () -- C:\Documents and Settings\Kuristofua-San\My Documents\OMXapplication.pdf
[2012/06/13 12:02:36 | 000,236,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 11:38:10 | 000,481,634 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 11:38:10 | 000,079,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/13 11:25:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/08 18:47:04 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/08 18:47:04 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/08 18:47:04 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/07/08 18:29:43 | 002,859,945 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\Desktop\bookmarks-2012-07-08.json
[2012/07/08 15:41:34 | 000,285,814 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\cc_20120708_154124.reg
[2012/07/07 07:20:25 | 000,095,744 | ---- | C] () -- C:\WINDOWS\Installer\{18c6bd12-6371-0301-635e-cc19ca8b5152}\U\80000032.@
[2012/07/07 07:20:25 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{18c6bd12-6371-0301-635e-cc19ca8b5152}\L\00000004.@
[2012/07/07 07:20:24 | 000,002,048 | ---- | C] () -- C:\WINDOWS\Installer\{18c6bd12-6371-0301-635e-cc19ca8b5152}\U\00000004.@
[2012/07/07 07:20:24 | 000,001,632 | ---- | C] () -- C:\WINDOWS\Installer\{18c6bd12-6371-0301-635e-cc19ca8b5152}\U\000000cb.@
[2012/07/04 23:16:56 | 000,021,328 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\coverletter2012_LIB.odt
[2012/07/03 12:54:46 | 000,711,942 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\2012-DWLV_App.pdf
[2012/07/01 13:04:51 | 000,852,886 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\2012-WLV_App.pdf
[2012/06/25 00:30:34 | 000,077,903 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\OMXorder_6-25-2012.pdf
[2012/06/22 15:13:21 | 000,105,896 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\Walmart-6222012_Order.pdf
[2012/06/21 23:22:07 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2012/06/21 23:22:06 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/06/21 23:15:16 | 000,314,967 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\2012-LVCCLDappBlank.pdf
[2012/06/20 10:45:14 | 000,975,759 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\LVCCLD_appWCHrefrence2012.pdf
[2012/06/18 23:14:35 | 000,080,786 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\Aargon Payment Confirmation6-18-12.pdf
[2012/06/18 00:42:56 | 000,025,116 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\My Documents\OMXapplication.pdf
[2012/06/15 13:07:52 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 23:24:10 | 000,068,939 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/05/24 23:24:10 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2012/05/13 03:34:28 | 000,151,432 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/12 16:17:35 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\Application Data\.backup.dm
[2012/02/14 16:08:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 22:42:49 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\Application Data\DVAP.set
[2011/11/03 10:38:53 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/09/18 00:01:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/08/19 12:10:20 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/19 12:10:20 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/19 12:10:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/19 12:09:19 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/14 22:45:13 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\yukh.sys
[2011/07/13 15:14:14 | 000,191,488 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/12 15:45:04 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2011/02/23 12:54:11 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/02/23 12:54:11 | 000,020,898 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2011/01/30 22:42:49 | 000,026,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/29 14:14:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\exitwx.exe
[2011/01/28 22:02:05 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Kuristofua-San\default.pls
[2011/01/28 22:01:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/12/12 20:44:17 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/12/12 20:44:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/12/12 20:44:11 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/12/12 20:44:11 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/12/12 20:44:10 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/12/11 10:26:07 | 000,000,154 | ---- | C] () -- C:\WINDOWS\vbface.INI
[2010/12/02 02:06:40 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/11/18 22:41:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/14 16:05:12 | 000,045,056 | R--- | C] () -- C:\WINDOWS\DxpAppEx.exe
[2010/11/14 16:05:12 | 000,033,249 | R--- | C] () -- C:\WINDOWS\System32\drivers\RITFSD.sys
[2010/11/14 16:05:12 | 000,014,074 | R--- | C] () -- C:\WINDOWS\System32\drivers\exdisk.sys
[2010/11/14 16:05:10 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\HookAPI.dll
[2010/11/14 16:05:06 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\RitShell.dll
[2010/11/14 16:04:21 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2010/11/13 22:41:03 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/11/13 22:41:03 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\C7C9B7D5D0.sys
[2010/11/13 17:09:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/13 14:44:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/11/13 14:27:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 14:23:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/13 06:15:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/13 06:15:04 | 000,236,760 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/08/18 05:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{18c6bd12-6371-0301-635e-cc19ca8b5152}\@
[2001/08/18 05:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\Kuristofua-San\Local Settings\Application Data\{18c6bd12-6371-0301-635e-cc19ca8b5152}\@

========== LOP Check ==========

[2012/05/12 16:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/01/26 19:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/02/02 15:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/04/13 18:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/01/30 22:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/19 17:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Amazon
[2011/09/23 16:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\com.essexreddevelopment.mergepdfmac
[2012/02/21 23:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\DDMSettings
[2012/03/29 10:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Downloaded Installations
[2011/04/15 15:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\FCTB000062133
[2011/01/24 09:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Greenshot
[2011/06/06 18:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Leadertech
[2012/07/07 07:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Lohiil
[2012/06/25 22:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Nitro PDF
[2010/12/01 15:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\OpenOffice.org
[2011/05/27 12:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Opera
[2012/04/07 17:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\PrimoPDF
[2012/07/08 18:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk
[2012/05/12 16:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\SanDisk SecureAccess
[2012/04/21 19:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Security_File
[2012/04/10 21:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Spotify
[2012/04/21 19:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\TransMemory_Secure
[2012/07/07 07:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Yfocy
[2012/07/11 00:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kuristofua-San\Application Data\Yvbiu

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
kawasaki-intel
Posted 11 July 2012 - 03:14 PM

kawasaki-intel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I forgot to add that the malwarebytes redirect doesn't happen in safe mode.
  • 0

#3
RKinner
Posted 16 July 2012 - 10:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
When you answered your own post you fell off our radar as we look for posts that haven't been answered.



Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP