Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help! PC is slow and api.mybrowserbar.com appears

Started by ashea , Jul 17 2012 12:10 AM

  • Please log in to reply

#1
ashea
Posted 17 July 2012 - 12:10 AM

ashea

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

This is our problem:
When we want to browse the internet, Our browser (Google Chrome) sometimes redirects us to api.mybrowserbar.com and it says that we can't connect to the internet. I thought it was normal since sometimes the internet signal is low but i noticed that our PC became very slow even when i just open my documents or my computer. So i searched for api.mybrowserbar.com and found out that it was a malware. We already have the malwarebytes (unpaid) but then i downloaded the superantispyware and scanned our computer, it scanned many cookies and a virus i cant remember. i deleted them all but some cookies were just quarantined. i was not convinced so i did a scan using malwarebytes this time, and found a malware in the photoshop cs5 exe i downloaded lately so i deleted it but still the computer is still slow so i also scanned using the avira free antivirus and it found trojan. the api.mybrowserbar.com still appears but it is very rare now, i still don't know if it will still appear because it appeared last night and i scanned using the superantispyware and deleted the cookies but still some were just quarantined. The free space on our local disk c is 16.2 GB and 34 GB on localdisk D. Please help me how to remove the malware if there is still any that the scanners cannot detect. I wish this can help:



OTL logfile created on: 7/17/2012 12:57:14 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 139.03 Mb Available Physical Memory | 27.21% Memory free
1.30 Gb Paging File | 0.41 Gb Available in Paging File | 31.43% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 31.48 Gb Total Space | 16.22 Gb Free Space | 51.53% Space Free | Partition Type: NTFS
Drive D: | 43.07 Gb Total Space | 34.17 Gb Free Space | 79.33% Space Free | Partition Type: NTFS

Computer Name: USER-B160FE845F | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/17 12:54:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2012/07/17 07:06:50 | 000,349,696 | ---- | M] (Hyper Technologies Inc.) -- C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
PRC - [2012/07/10 07:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/01 12:49:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/01 12:49:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/01 12:49:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/01 12:49:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/06/27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/02/03 08:04:29 | 001,216,496 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/06/05 13:03:04 | 000,824,224 | ---- | M] (Zbshareware Lab) -- C:\Program Files\USB Disk Security\USBGuard.exe
PRC - [2008/04/14 19:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/08/26 18:15:02 | 000,288,256 | ---- | M] (Hyper Technologies Inc.) -- C:\Program Files\HyperTechnologies\Deep Freeze\DFServEx.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/17 07:44:08 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/07/17 07:44:08 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/07/11 22:35:57 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/07/11 22:35:31 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/07/01 12:49:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/05/23 18:29:10 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/02/03 08:04:27 | 000,441,328 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\ppgooglenaclpluginchrome.dll
MOD - [2012/02/03 08:04:26 | 003,889,648 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\pdf.dll
MOD - [2012/02/03 08:02:48 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\avutil-51.dll
MOD - [2012/02/03 08:02:46 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\avformat-53.dll
MOD - [2012/02/03 08:02:45 | 001,746,944 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\avcodec-53.dll
MOD - [2002/08/26 18:17:46 | 000,049,152 | ---- | M] () -- C:\WINDOWS\system32\LogonDll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/01 12:49:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/01 12:49:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/05/03 12:01:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/05 10:03:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2002/08/26 18:15:02 | 000,288,256 | ---- | M] (Hyper Technologies Inc.) [Auto | Running] -- C:\Program Files\HyperTechnologies\Deep Freeze\DFServEx.exe -- (DFServEx)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/07/01 12:49:58 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/01 12:49:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/03/27 13:27:02 | 000,543,712 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/08/15 23:47:19 | 000,219,024 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/08/26 18:16:12 | 000,012,288 | ---- | M] (HyperTechnologies Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\DepFrzHi.sys -- (DepFrzHi)
DRV - [2002/08/26 18:15:54 | 000,052,709 | ---- | M] (Hyper Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\DepFrzLo.sys -- (DepFrzLo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://ph.search.yah...type=937811&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_197.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\user\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/10 10:35:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/05 10:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2012/07/10 15:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\cl0mhgs9.default\extensions
[2012/07/07 12:14:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\cl0mhgs9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/02/05 10:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/23 22:14:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/05 10:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2012/05/26 10:44:57 | 001,184,804 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CL0MHGS9.DEFAULT\EXTENSIONS\[email protected]
[2012/07/10 15:06:41 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012/07/10 15:06:42 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES\YOUTUBE DOWNLOADER TOOLBAR\FF
[2012/02/02 11:19:32 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/02 11:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/02 11:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.3\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_197.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: Gmail = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 19:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAF688C4-E042-40DA-A24F-E253D635A452}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) - C:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/05 11:43:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/16 16:52:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Recent
[2012/07/14 14:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/14 14:32:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/14 14:32:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/11 22:26:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
[2012/07/11 22:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/07/11 22:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/07/11 22:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/10 19:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\YouTube Downloader
[2012/07/10 19:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\wtxpcom
[2012/07/10 15:06:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Search Settings
[2012/07/10 15:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2012/07/10 15:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/07/10 15:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/07/10 15:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2012/07/10 15:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YTD Video Downloader
[2012/07/10 15:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2012/07/10 10:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/07/10 10:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/07/10 00:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/08 00:06:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Desktop\GodMode.{ED7BA4708E54-465E-825C-99712043E01C}
[2012/07/07 12:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\TuneUpMedia
[2012/07/07 12:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2012/07/07 12:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DVDVideoSoft
[2012/07/07 11:54:01 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/07/07 11:52:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/07/03 17:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/06/29 12:06:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Avira
[2012/06/29 10:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2012/06/29 10:59:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012/06/29 10:59:36 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012/06/29 10:59:35 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/06/29 10:59:35 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/06/29 10:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/06/29 10:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2012/06/28 20:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2012/06/28 20:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/28 20:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/06/19 20:07:14 | 000,057,344 | ---- | C] (Reflexive) -- C:\WINDOWS\System32\Big Kahuna Reef.scr
[2012/06/19 20:07:14 | 000,057,344 | ---- | C] (Reflexive) -- C:\WINDOWS\System\Big Kahuna Reef.scr
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/17 12:48:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/17 12:40:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/17 07:06:54 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/17 07:06:46 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/16 22:26:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 015a4b92-2761-487b-bd9a-e7c41bb9230a.job
[2012/07/16 17:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/07/15 19:28:26 | 000,000,130 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012/07/15 08:38:16 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/07/15 02:00:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d88fada3-a94b-4f41-90ab-308cb05b03c3.job
[2012/07/14 14:46:24 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 00:58:42 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/11 09:52:34 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 14:58:18 | 000,034,155 | ---- | M] () -- C:\Documents
[2012/07/08 10:22:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/07 11:56:14 | 000,397,390 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/07 11:56:14 | 000,059,736 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/01 12:49:58 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012/07/01 12:49:58 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2012/07/01 12:32:48 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2012/06/28 20:20:02 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/06/28 19:55:03 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/21 19:46:20 | 000,000,625 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to BookwormAdventuresVol2.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/14 14:32:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 22:26:29 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 015a4b92-2761-487b-bd9a-e7c41bb9230a.job
[2012/07/11 22:26:26 | 000,000,508 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task d88fada3-a94b-4f41-90ab-308cb05b03c3.job
[2012/07/10 10:15:26 | 000,034,155 | ---- | C] () -- C:\Documents
[2012/07/10 00:14:07 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/07/03 17:37:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 17:37:11 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 20:20:02 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/06/28 19:56:53 | 535,875,584 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/21 19:46:20 | 000,000,625 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to BookwormAdventuresVol2.lnk
[2012/05/24 12:38:53 | 000,000,805 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2012/03/26 03:05:11 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/02/21 02:29:05 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 11:46:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstet.dat
[2012/02/05 11:39:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/05 10:33:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2012/02/05 10:14:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012/02/05 03:34:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/05 03:32:50 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/03/04 17:00:28 | 000,039,060 | ---- | C] () -- C:\Program Files\Buffering2.jpg
[2007/03/04 17:00:28 | 000,039,047 | ---- | C] () -- C:\Program Files\Buffering5.jpg
[2007/03/04 17:00:28 | 000,039,040 | ---- | C] () -- C:\Program Files\Buffering1.jpg
[2007/03/04 17:00:28 | 000,039,038 | ---- | C] () -- C:\Program Files\Buffering6.jpg
[2007/03/04 17:00:28 | 000,039,035 | ---- | C] () -- C:\Program Files\Buffering4.jpg
[2007/03/04 17:00:28 | 000,039,033 | ---- | C] () -- C:\Program Files\Buffering3.jpg
[2007/03/04 17:00:28 | 000,039,020 | ---- | C] () -- C:\Program Files\Buffering7.jpg
[2001/01/11 13:01:31 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\user\dotahotkeys.ini

========== LOP Check ==========

[2012/03/13 01:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2012/02/05 10:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2012/03/19 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ludia
[2012/02/05 10:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/27 23:43:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2012/02/05 10:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCapv1004
[2012/07/14 14:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/02/05 10:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2012/02/05 10:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2012/03/19 01:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/23 15:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TP-LINK
[2012/07/10 15:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2001/01/03 03:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zbshareware Lab
[2012/04/15 04:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/07/10 14:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DVDVideoSoft
[2012/02/05 10:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\iWin
[2012/03/19 01:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ludia
[2012/02/05 10:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Magic Match
[2012/07/10 14:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OpenCandy
[2012/02/05 10:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PlayFirst
[2012/02/27 23:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Rovio
[2012/07/10 15:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Search Settings
[2012/07/07 12:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TuneUpMedia
[2012/06/04 20:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Unity
[2012/07/10 19:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\wtxpcom
[2012/07/10 19:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YouTube Downloader
[2012/03/27 02:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ZOO Digital Publishing
[2012/07/16 17:00:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/07/16 22:26:00 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 015a4b92-2761-487b-bd9a-e7c41bb9230a.job
[2012/07/15 02:00:02 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d88fada3-a94b-4f41-90ab-308cb05b03c3.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP