Ran RogueKiller. Opened and ran fine/ OTL ran but with a Not Responding message and then proceeded. Desktop repopulated with icons and background. Here are the RKreport.txt files.
Report #1
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: April [Admin rights]
Mode: Scan -- Date: 07/16/2012 21:54:38
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 7 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : wIDpIbfvkBlefK.exe (C:\ProgramData\wIDpIbfvkBlefK.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-266757346-149079058-799995861-1000[...]\Run : wIDpIbfvkBlefK.exe (C:\ProgramData\wIDpIbfvkBlefK.exe) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] d2f041275e4d8a15eff7d1378ced7c3b
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31619072 | Size: 289805 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ffcfa556e1c8c2c9085035b2ca6955d7
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 15360 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31619072 | Size: 289805 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625139712 | Size: 1 Mo
Finished : << RKreport[1].txt >>
RKreport[1].txt
Report #2
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: April [Admin rights]
Mode: Remove -- Date: 07/16/2012 21:56:22
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : wIDpIbfvkBlefK.exe (C:\ProgramData\wIDpIbfvkBlefK.exe) -> DELETED
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> REPLACED (C:\Users\April\Pictures\Story\Me\My Castles and Isle\Tiger Demon.jpg)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : Root.MBR ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS543232L9A300 ATA Device +++++
--- User ---
[MBR] d2f041275e4d8a15eff7d1378ced7c3b
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31619072 | Size: 289805 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] ffcfa556e1c8c2c9085035b2ca6955d7
[BSP] 1443d842b4cab0996f235e857ef3b6bd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 15360 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31619072 | Size: 289805 Mo
3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 625139712 | Size: 1 Mo
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Report #3
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback:
http://www.geekstogo...13-roguekiller/Blog:
http://tigzyrk.blogspot.comOperating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: April [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/16/2012 21:58:20
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 4 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 124 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 72 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 99 / Fail 0
Backup: [FOUND] Success 13 / Fail 0
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : Rogue.FakeHDD ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
OTL Moved Files
All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\wIDpIbfvkBlefK.exe not found.
C:\ProgramData\-u9hQBDSo44WEWZr moved successfully.
C:\ProgramData\-u9hQBDSo44WEWZ moved successfully.
C:\ProgramData\u9hQBDSo44WEWZ moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
c:\Users\April\Downloads\cmd.bat deleted successfully.
c:\Users\April\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: April
->Temp folder emptied: 205251368 bytes
->Temporary Internet Files folder emptied: 37962877 bytes
->Java cache emptied: 9263208 bytes
->FireFox cache emptied: 111077429 bytes
->Flash cache emptied: 3086266 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Mark
->Temp folder emptied: 127071 bytes
->Temporary Internet Files folder emptied: 76871801 bytes
->Java cache emptied: 13717400 bytes
->FireFox cache emptied: 111216682 bytes
->Flash cache emptied: 4881 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58998815 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782663 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 633.00 mb
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_221304
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\fb_2956.lck scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2012/07/16 22:06:43 | 000,262,144 | ---- | M] () C:\Windows\temp\fb_2956.lck : Unable to obtain MD5
Registry entries deleted on Reboot...
OTL.TXT
OTL logfile created on: 7/16/2012 10:24:53 PM - Run 2
OTL by OldTimer - Version 3.2.54.0 Folder = c:\Users\April\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.93 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 65.82% Memory free
8.04 Gb Paging File | 6.51 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.01 Gb Total Space | 171.91 Gb Free Space | 60.74% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.03 Gb Free Space | 53.50% Space Free | Partition Type: NTFS
Computer Name: APRIL-PC | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/07/15 12:23:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- c:\Users\April\Downloads\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/06/23 18:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/01/05 17:19:10 | 000,480,496 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/11 11:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 14:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:
64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2009/03/20 03:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:
64bit: - [2009/03/20 03:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:
64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:
64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:
64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/13 12:33:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/23 18:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/06/23 18:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/05 17:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:
64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2012/07/03 11:21:52 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:
64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:
64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:
64bit: - [2009/03/20 03:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2009/02/10 04:40:28 | 000,158,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:
64bit: - [2009/02/10 04:40:26 | 000,310,784 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:
64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:
64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:
64bit: - [2008/12/09 14:26:50 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\elrawdsk.sys -- (ElRawDisk)
DRV:
64bit: - [2008/11/26 02:08:48 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:
64bit: - [2008/11/26 01:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:
64bit: - [2008/10/28 10:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:
64bit: - [2008/10/08 04:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:
64bit: - [2008/09/16 04:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:
64bit: - [2008/09/16 04:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:
64bit: - [2008/09/16 04:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:
64bit: - [2008/06/18 16:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:
64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:
64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:
64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/USCON/1IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.att.net/IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes,DefaultScope = {2828E3BB-31BC-4E2B-B8E3-C8C64D068CE4}
IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...rc=IE-SearchBoxIE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes\{2828E3BB-31BC-4E2B-B8E3-C8C64D068CE4}: "URL" =
http://www.bing.com/...ferrer:source?}IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKU\S-1-5-21-266757346-149079058-799995861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "
http://www.bing.com/...?FORM=IEFM1&q="FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://www.att.net/"FF - prefs.js..keyword.URL: "
http://www.bing.com/...?FORM=IEFM1&q="FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/11 13:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 12:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 21:44:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/13 12:33:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/29 21:44:55 | 000,000,000 | ---D | M]
[2009/12/14 21:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\April\AppData\Roaming\Mozilla\Extensions
[2009/12/14 21:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\April\AppData\Roaming\Mozilla\Extensions\
[email protected][2012/05/02 11:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\extensions
[2010/08/18 12:08:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/13 14:02:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(17)
[2010/03/09 16:36:48 | 000,001,827 | ---- | M] () -- C:\Users\April\AppData\Roaming\Mozilla\Firefox\Profiles\ysqkp2be.default\searchplugins\bing.xml
[2012/06/11 21:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/02/07 21:55:30 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/07/11 13:10:15 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/07/13 12:33:17 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/25 23:26:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/11 21:05:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/11 21:05:00 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2010/03/10 09:46:54 | 000,381,004 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13114 more lines...
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:
64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:
64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:
64bit: - HKU\S-1-5-21-266757346-149079058-799995861-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:
64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:
64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-266757346-149079058-799995861-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\April\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-266757346-149079058-799995861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:
64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77}
http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C81BE7CB-CFB2-4F93-A990-E564930CD795}: DhcpNameServer = 192.168.1.254
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:
64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:
64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\April\Pictures\Story\Me\My Castles and Isle\Tiger Demon.jpg
O24 - Desktop BackupWallPaper: C:\Users\April\Pictures\Story\Me\My Castles and Isle\Tiger Demon.jpg
O29:
64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{edbaf62d-dc62-11de-a0bd-002219ee60f9}\Shell - "" = AutoRun
O33 - MountPoints2\{edbaf62d-dc62-11de-a0bd-002219ee60f9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-266757346-149079058-799995861-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2012/07/16 22:13:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/16 21:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/16 21:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire
[2012/07/16 21:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell PC TuneUp
[2012/07/16 21:54:18 | 000,000,000 | ---D | C] -- C:\Users\April\Desktop\RK_Quarantine
[2012/07/15 10:05:44 | 000,000,000 | ---D | C] -- C:\Users\April\Desktop\tdsskiller
[2012/07/15 09:45:04 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\April\Desktop\aswMBR.exe
[2012/07/13 19:04:28 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2012/07/13 13:48:49 | 000,000,000 | ---D | C] -- C:\Users\April\Documents\Virus Program
[2012/07/13 11:39:12 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{57B538D5-4E29-4645-AD27-18BCEB333B33}
[2012/07/13 11:39:00 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A03409DA-ADFC-42EE-B598-22B07F66B47B}
[2012/07/12 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/12 09:13:42 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{82AB4950-E14B-4300-8B12-46CA965EFD75}
[2012/07/12 09:12:12 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/07/12 09:05:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/07/12 08:57:24 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A670C229-344C-46FC-AB78-4CD574814F0A}
[2012/07/12 08:57:08 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{7D2FFDD7-1B00-4939-BCBA-100ED254873C}
[2012/07/11 13:11:34 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/11 13:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/07/11 13:11:33 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/11 13:11:24 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/07/11 13:11:23 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/11 13:11:19 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/11 13:11:16 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/11 13:11:16 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/11 13:10:02 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/11 13:10:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/11 13:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/11 13:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/11 11:25:37 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{0FCF35CF-B09B-44C7-B5F0-5B26ED0320C2}
[2012/07/11 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A8107BD0-95B8-48FE-A7CE-EBEEDA30F024}
[2012/07/11 10:51:07 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{1CA03D1B-8541-4799-969B-137A1DCBFEA6}
[2012/07/11 10:50:57 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{7361FABF-AD25-4F84-9076-AB2099CD725F}
[2012/07/11 10:50:24 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{40BE345E-5512-4EE2-B7E3-F969B9607DB2}
[2012/07/11 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{32D2FC9B-B5D6-4A43-9726-16C454FFEB3E}
[2012/07/11 10:27:14 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{A67C42B1-A08D-42FC-B836-02575101AD07}
[2012/07/11 10:26:54 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{6ADA0642-86F6-4676-B567-AD5AB4DA6138}
[2012/07/11 10:16:39 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{8C1550C9-3E4A-49ED-8C58-D1E8249A778F}
[2012/07/10 12:02:27 | 000,000,000 | ---D | C] -- C:\Users\April\AppData\Local\{476892E1-9ABC-4956-82F5-35117B6B00E7}
[2009/07/23 16:35:24 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\April\AppData\Roaming\DataSafeDotNet.exe
========== Files - Modified Within 30 Days ========== [2012/07/16 22:22:25 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 22:22:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 22:22:04 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 22:21:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/16 22:21:51 | 4224,540,672 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 22:19:56 | 000,000,642 | ---- | M] () -- C:\Users\April\Desktop\07162012_221304 - Shortcut.lnk
[2012/07/16 21:39:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/15 11:56:24 | 000,000,035 | ---- | M] () -- C:\Users\April\AppData\Roaming\mbam.context.scan
[2012/07/15 11:19:35 | 000,001,356 | ---- | M] () -- C:\Users\April\AppData\Local\d3d9caps.dat
[2012/07/15 09:45:22 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\April\Desktop\aswMBR.exe
[2012/07/13 15:42:34 | 000,768,726 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 15:42:34 | 000,649,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 15:42:34 | 000,122,978 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 13:56:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/13 13:48:03 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/07/12 12:41:13 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 08:53:33 | 000,282,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 13:11:34 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 11:21:52 | 000,044,272 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
========== Files Created - No Company Name ========== [2012/07/16 22:19:56 | 000,000,642 | ---- | C] () -- C:\Users\April\Desktop\07162012_221304 - Shortcut.lnk
[2012/07/16 21:57:00 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/16 21:56:59 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 World Adventures.lnk
[2012/07/16 21:56:59 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Generations.lnk
[2012/07/16 21:56:59 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
[2012/07/16 21:56:59 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Ambitions.lnk
[2012/07/16 21:56:59 | 000,001,983 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Pets.lnk
[2012/07/16 21:56:59 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/07/16 21:56:59 | 000,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/16 21:56:59 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/16 21:56:59 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Dell PC TuneUp.lnk
[2012/07/16 21:56:59 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2012/07/16 21:56:59 | 000,000,633 | ---- | C] () -- C:\Users\April\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/07/15 17:16:04 | 4224,540,672 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/15 11:56:24 | 000,000,035 | ---- | C] () -- C:\Users\April\AppData\Roaming\mbam.context.scan
[2012/07/13 13:48:03 | 000,002,052 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/07/12 12:41:13 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 13:11:34 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/11 13:11:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011/06/21 14:24:31 | 000,005,120 | ---- | C] () -- C:\Users\April\AppData\Local\Databases.db
[2011/05/03 15:07:39 | 000,022,060 | ---- | C] () -- C:\Users\April\AppData\Roaming\UserTile.png
[2011/04/06 13:30:52 | 000,764,132 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 21:56:34 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/06/24 16:51:37 | 000,000,632 | R-S- | C] () -- C:\Users\April\ntuser.pol
[2010/03/05 19:47:40 | 000,009,102 | --S- | C] () -- C:\Users\April\AppData\Local\nO4L
[2010/01/16 12:13:21 | 000,000,212 | ---- | C] () -- C:\Users\April\AppData\Roaming\wklnhst.dat
[2010/01/13 21:51:41 | 000,001,356 | ---- | C] () -- C:\Users\April\AppData\Local\d3d9caps.dat
[2009/06/12 19:27:23 | 000,000,732 | ---- | C] () -- C:\Users\April\AppData\Local\d3d9caps64.dat
[2009/06/08 21:42:11 | 000,005,120 | ---- | C] () -- C:\Users\April\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ========== [2012/05/09 21:08:03 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\.minecraft
[2012/01/09 19:50:49 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\FrostWire
[2011/03/14 22:59:45 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\iolo
[2011/11/25 11:51:02 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\LimeWire
[2012/07/11 10:55:48 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\PCDr
[2011/05/03 15:07:38 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\PeerNetworking
[2011/07/09 09:46:38 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\SecondLife
[2010/01/16 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\April\AppData\Roaming\Template
[2009/08/16 09:51:20 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\iolo
[2012/06/16 01:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PCDr
[2012/01/21 22:00:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SecondLife
[2012/07/16 22:21:00 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Again, I can't say Thank You Enough! We have some progress at the least.