Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Win64:Sirefef-A, Rootkit Win32:Sirefef-AO, and URL:Mal [Closed]

Started by rasun7sol , Sep 21 2012 07:49 AM

  • This topic is locked This topic is locked

#1
rasun7sol
Posted 21 September 2012 - 07:49 AM

rasun7sol

    New Member

  • Member
  • Pip
  • 2 posts
I have a Lenovo, Windows Vist 64 bit, Windows SP2.

AVG detected Trojan.Patchep!sys or Trojan horse Dropper.Generic_c.MMI but said it cannot perform an action. I replaced the services.exe file in safe mode from \winsxs to system32\. That helped a little, no more virus warnings, and it also brought back my restore points. But that rendered my PC unable to launch a program outside of safe mode. I figured I should maybe use a restore point from a few days back before I started having these problems.

Now, I keep getting services.exe is infected by Win64:Sirefef-A and the rootkit error Win32:Sirefef-AO and also that svchost.exe is infected by URL:Mal, all of these are being blocked every few seconds by AVAST!

It slows down my computer significantly, makes the internet load extremely slow, creates extremely long load times when trying to open a program, and just generally eats up space and also time having to keep clicking off the avast pop-ups.

Thank you for any help you can offer.

Here is log from OTL:

OTL logfile created on: 9/21/2012 9:09:21 AM - Run 1
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\LJ\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.98 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 29.65% Memory free
6.19 Gb Paging File | 3.28 Gb Available in Paging File | 52.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 418.41 Gb Total Space | 2.43 Gb Free Space | 0.58% Space Free | Partition Type: NTFS
Drive D: | 29.30 Gb Total Space | 0.32 Gb Free Space | 1.09% Space Free | Partition Type: NTFS

Computer Name: LJ-PC | User Name: LJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/09/21 08:57:37 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\LJ\Desktop\OTL.exe
PRC - [2012/09/07 06:51:36 | 001,852,048 | ---- | M] () -- C:\Program Files\Comodo\Dragon\dragon_updater.exe
PRC - [2012/09/07 06:51:36 | 001,744,528 | ---- | M] (Comodo) -- C:\Program Files\Comodo\Dragon\dragon.exe
PRC - [2012/08/30 18:27:30 | 001,341,392 | ---- | M] (Maxthon International ltd.) -- C:\Program Files\Maxthon3\Bin\MxUp.exe
PRC - [2012/08/23 10:17:30 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2012/08/23 10:17:30 | 000,874,192 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2012/08/23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/23 04:41:50 | 000,099,720 | ---- | M] (Lunascape Corporation) -- C:\Program Files\Lunascape\Lunascape6\Luna.exe
PRC - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 21:13:02 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2012/01/27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\Common Files\Comodo\tvnserver.exe
PRC - [2011/12/06 09:47:12 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 11:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2009/12/13 19:23:40 | 000,289,584 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/03 19:32:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/07 06:51:36 | 001,201,312 | ---- | M] () -- C:\Program Files\Comodo\Dragon\avcodec-54.dll
MOD - [2012/09/07 06:51:36 | 000,223,904 | ---- | M] () -- C:\Program Files\Comodo\Dragon\avformat-54.dll
MOD - [2012/09/07 06:51:36 | 000,145,056 | ---- | M] () -- C:\Program Files\Comodo\Dragon\avutil-51.dll
MOD - [2012/08/01 16:10:11 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/08 16:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/08/27 09:32:50 | 004,577,760 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2010/07/08 11:24:42 | 000,258,048 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/09/07 06:51:36 | 001,852,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/08/23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/11 21:13:22 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/01/27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\tvnserver.exe -- (tvnserver)
SRV - [2010/09/08 11:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 11:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 11:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/08/19 15:25:00 | 000,272,864 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/03 19:32:00 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/06/30 21:39:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\SLWFIL.SYS -- (SecureLockWare_EncryptFilterDriver2)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\DRIVERS\ENCRFIL.SYS -- (SecureLockWare_EncryptFilterDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajfo53e5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/03 10:23:28 | 000,035,064 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/03/11 21:13:28 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/03/11 21:13:26 | 000,019,600 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/06/30 16:37:26 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/03/26 08:17:20 | 000,220,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2010/02/03 11:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2009/11/06 08:37:20 | 000,699,896 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmwlhigh6.sys -- (BCMH43XX)
DRV - [2009/04/10 21:46:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2009/04/10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/02/13 13:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/07/06 20:53:44 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/06/27 17:09:12 | 000,096,512 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\archlp.sys -- (archlp)
DRV - [2008/05/13 19:08:04 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2007/06/28 03:36:42 | 000,010,240 | ---- | M] (BUFFALO INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bfturboo.sys -- (bfturboo)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 21:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/10 21:49:22 | 000,968,064 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007/05/11 07:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2007/01/19 18:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pnetmdm.sys -- (pnetmdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {CCC7A320-B3CA-4199-B1A6-9F516DD69829}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.startup.homepage: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\LJ\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LJ\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LJ\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.21: C:\Users\LJ\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/21 06:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/21 06:23:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/21 07:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/05/18 23:00:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2012/09/14 12:55:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\VideoFinder4 [2008/06/11 08:32:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/09/21 06:23:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BFE8D4C1-CF16-11E1-8270-B8AC6F996F26}: C:\Users\LJ\AppData\Local\{BFE8D4C1-CF16-11E1-8270-B8AC6F996F26}\ [2012/07/16 03:20:29 | 000,000,000 | ---D | M]

[2009/01/01 22:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Extensions
[2011/11/21 03:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions
[2009/09/25 20:32:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/18 03:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2009/03/05 10:42:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/09/25 17:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2009/03/05 13:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/03/05 10:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]
[2010/06/30 16:41:02 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]
[2009/09/25 17:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]
[2009/09/25 17:21:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]
[2011/05/18 03:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]
[2011/05/18 03:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis
[2009/09/25 17:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]
[2011/05/18 03:09:02 | 000,088,707 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\{7A074BE0-2326-436d-B473-029FAEBEB5C6}\tmp.xpi
[2009/09/25 17:20:56 | 000,032,283 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}\tmp.xpi
[2009/03/05 13:40:48 | 000,237,779 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}\tmp-1.xpi
[2009/03/05 10:46:46 | 000,276,038 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\[email protected]\tmp-1.xpi
[2009/09/25 17:20:39 | 000,005,443 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\[email protected]\tmp.xpi
[2009/09/25 17:21:07 | 000,044,530 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\[email protected]\tmp.xpi
[2011/05/18 03:09:10 | 000,011,495 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\[email protected]\tmp.xpi
[2009/09/25 17:20:15 | 000,011,647 | ---- | M] () (No name found) -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\staged-xpis\[email protected]\tmp.xpi
[2010/06/30 16:38:56 | 000,002,059 | ---- | M] () -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\searchplugins\daemon-search.xml
[2012/07/16 03:20:29 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\LJ\APPDATA\LOCAL\{BFE8D4C1-CF16-11E1-8270-B8AC6F996F26}
[2008/03/04 03:33:46 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/04/10 21:15:28 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LJ\AppData\Local\Google\Chrome\Application\11.0.696.71\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\LJ\AppData\Local\Google\Chrome\Application\11.0.696.71\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LJ\AppData\Local\Google\Chrome\Application\11.0.696.71\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.4.5 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Web Player (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: JoostPlugin (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = D:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = D:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = D:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = D:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: NPVeohVersion4 plugin (Enabled) = C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Users\LJ\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\LJ\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1\
CHR - Extension: RapidShare DownloadHelper = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\afpbkpjjkfakdcakapanjoeijlphieei\1.1.1\
CHR - Extension: Flash Video Download = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\anadfmbemnidomdljfcdgdoomhghoclk\1.3.2_0\
CHR - Extension: Web2PDFConverter = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkanhckocooacphbnclgcndnpfpoppdk\2.4.4_0\
CHR - Extension: Note Anywhere = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohahkiiknkelflnjjlipnaeapefmjbh\0.5.1\
CHR - Extension: Download All = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\dichiooocmfaijgfjjohpjdbelmficee\1.5.6\
CHR - Extension: Flash Video Downloader = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpjfocihhfgighbkleiolokddfmhcdpm\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Get Flash = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\innejflndneacnpgjkdhejmejgpnhfgf\1.0.5_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: MegaUpload DownloadHelper = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\leekjckogogidfhpejjmaaekecplpdcg\1.2\
CHR - Extension: Ghostery = C:\Users\LJ\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\2.3.0_0\

O1 HOSTS File: ([2012/03/16 23:03:58 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Skype] C:\Users\LJ\AppData\Roaming\F5BEA5.exe File not found
O4 - HKCU..\Run: [srfgfi] "C:\Windows\System32\rundll32.exe" "C:\Users\LJ\AppData\Roaming\srfgfi.dll",GetPCDResolution File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCABattery = 1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: adobe.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35519D9B-92C1-4BA5-A08E-B35A7C987B00}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FD06AC6-6238-40F2-8021-E99C659BA293}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (刈ɿÄɿ㘷傞貵ࠀC:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe) - File not found
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\egypt201.jpg
O24 - Desktop BackupWallPaper: C:\egypt201.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{049cec42-6abb-11dd-8844-00121777b0a5}\Shell\AutoRun\command - "" = K:\GETMYPIX.EXE
O33 - MountPoints2\{17c78d87-b32e-11dd-8ac3-00121777b0a5}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\{21e2fff7-6da5-11df-871b-00121777b0a5}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O33 - MountPoints2\{21e30009-6da5-11df-871b-00121777b0a5}\Shell\AutoRun\command - "" = K:\setupSNK.exe
O33 - MountPoints2\{629bfc8d-bdd1-11df-8019-00121777b0a5}\Shell\AutoRun\command - "" = K:\TerNb.exe
O33 - MountPoints2\{629bfc8d-bdd1-11df-8019-00121777b0a5}\Shell\Explore\Command - "" = K:\TerNb.exe
O33 - MountPoints2\{629bfc8d-bdd1-11df-8019-00121777b0a5}\Shell\Open\Command - "" = K:\TerNb.exe
O33 - MountPoints2\{e93c80d0-0183-11df-9fbb-00121777b0a5}\Shell\AutoRun\command - "" = J:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 08:57:45 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\LJ\Desktop\OTL.exe
[2012/09/21 07:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/21 07:10:53 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/09/21 07:10:52 | 000,355,632 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/09/21 07:10:39 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/09/21 07:10:37 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/09/21 07:10:31 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/09/21 07:10:27 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/09/21 07:08:33 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/09/21 07:08:30 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/09/21 00:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(309)
[2012/09/21 00:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/20 13:18:47 | 000,000,000 | ---D | C] -- C:\Users\LJ\AppData\Local\AVG Secure Search
[2012/09/20 13:18:35 | 000,000,000 | ---D | C] -- C:\Users\LJ\AppData\Roaming\TuneUp Software
[2012/09/20 13:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/20 13:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/09/20 13:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/20 13:13:21 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/20 13:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/20 13:00:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/20 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\LJ\AppData\Local\MFAData
[2012/09/20 13:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/20 13:00:01 | 000,000,000 | ---D | C] -- C:\Users\LJ\AppData\Local\Avg2013
[2012/09/18 15:05:19 | 000,000,000 | ---D | C] -- C:\Users\LJ\Documents\Tustin
[2012/09/10 10:42:30 | 000,045,320 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2012/09/03 17:39:55 | 000,000,000 | ---D | C] -- C:\TightVNC
[2012/09/03 17:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
[2012/08/23 00:24:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/08/23 00:23:00 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/08/23 00:22:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2008/11/18 12:23:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\LJ\AppData\Roaming\pcouffin.sys
[3 C:\*.tmp files -> C:\*.tmp -> ]
[15 C:\Users\LJ\Documents\*.tmp files -> C:\Users\LJ\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/21 09:17:34 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2012/09/21 08:57:37 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\LJ\Desktop\OTL.exe
[2012/09/21 08:27:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 08:27:58 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 07:10:59 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/21 07:10:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/21 06:27:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 01:39:23 | 000,001,356 | ---- | M] () -- C:\Users\LJ\AppData\Local\d3d9caps.dat
[2012/09/19 23:58:59 | 000,158,720 | ---- | M] () -- C:\Users\LJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/18 15:03:23 | 003,581,872 | ---- | M] () -- C:\Users\LJ\Documents\Tustin.zip
[2012/09/18 00:06:55 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 10:47:33 | 000,045,320 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/03 22:14:57 | 000,946,181 | ---- | M] () -- C:\Users\LJ\Documents\GlobalPresence.pdf
[2012/09/03 17:39:33 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/09/03 17:39:33 | 000,001,836 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/09/03 17:39:33 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/09/01 11:31:13 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 12:00:47 | 000,143,466 | ---- | M] () -- C:\Users\LJ\Documents\dharmakaras vows.pdf
[2012/08/28 11:46:43 | 005,652,289 | ---- | M] () -- C:\Users\LJ\Documents\icon_nepbud.pdf
[2012/08/23 22:36:12 | 000,014,575 | ---- | M] () -- C:\Users\LJ\Documents\DOC5P.html
[3 C:\*.tmp files -> C:\*.tmp -> ]
[15 C:\Users\LJ\Documents\*.tmp files -> C:\Users\LJ\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/21 07:10:59 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/18 15:03:10 | 003,581,872 | ---- | C] () -- C:\Users\LJ\Documents\Tustin.zip
[2012/09/18 00:06:55 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/03 22:15:03 | 000,946,181 | ---- | C] () -- C:\Users\LJ\Documents\GlobalPresence.pdf
[2012/09/03 17:39:33 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/09/03 17:39:33 | 000,001,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/09/03 17:39:33 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/09/01 11:31:13 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/01 11:31:13 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/08/28 12:00:55 | 000,143,466 | ---- | C] () -- C:\Users\LJ\Documents\dharmakaras vows.pdf
[2012/08/28 11:46:19 | 005,652,289 | ---- | C] () -- C:\Users\LJ\Documents\icon_nepbud.pdf
[2012/08/23 22:36:29 | 000,014,575 | ---- | C] () -- C:\Users\LJ\Documents\DOC5P.html
[2012/08/22 23:53:43 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2012/04/20 15:10:45 | 000,000,785 | ---- | C] () -- C:\Users\LJ\Reverb_Vocal_Ambient_Room Custom.efx
[2011/09/16 17:19:52 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011/08/21 12:29:45 | 000,000,601 | ---- | C] () -- C:\Program Files\NEW vlc.exe - Shortcut.lnk
[2011/05/07 03:04:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/07 03:00:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/01 02:42:27 | 000,011,162 | -HS- | C] () -- C:\ProgramData\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/05/01 02:42:26 | 000,011,162 | -HS- | C] () -- C:\Users\LJ\AppData\Local\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2010/12/12 12:33:59 | 000,000,176 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2010/12/12 12:33:59 | 000,000,176 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010/01/15 06:55:40 | 027,786,776 | ---- | C] () -- C:\Users\LJ\brain.mp3
[2009/11/29 04:07:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/27 20:24:02 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/01/27 13:49:24 | 000,001,024 | ---- | C] () -- C:\Users\LJ\.rnd
[2009/01/09 15:18:44 | 000,000,137 | -H-- | C] () -- C:\Users\LJ\AppData\Roaming\lakerda1967.sys
[2009/01/09 15:18:24 | 000,010,584 | ---- | C] () -- C:\Users\LJ\AppData\Roaming\docXConverter (3).ini
[2009/01/06 17:06:39 | 000,000,368 | ---- | C] () -- C:\Users\LJ\Documents - Shortcut.lnk
[2008/11/18 12:23:47 | 000,087,608 | ---- | C] () -- C:\Users\LJ\AppData\Roaming\inst.exe
[2008/11/18 12:23:47 | 000,007,887 | ---- | C] () -- C:\Users\LJ\AppData\Roaming\pcouffin.cat
[2008/11/18 12:23:47 | 000,001,144 | ---- | C] () -- C:\Users\LJ\AppData\Roaming\pcouffin.inf
[2008/05/01 21:33:26 | 000,158,720 | ---- | C] () -- C:\Users\LJ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/01 19:47:03 | 000,000,552 | ---- | C] () -- C:\Users\LJ\AppData\Local\d3d8caps.dat
[2008/05/01 19:41:31 | 000,001,356 | ---- | C] () -- C:\Users\LJ\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2011/11/18 16:23:34 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\@
[2011/11/18 16:23:34 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\L
[2012/09/21 09:27:55 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\U
[2012/09/21 06:29:32 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\U\00000001.@
[2012/08/27 03:22:12 | 000,002,048 | -HS- | M] () -- C:\Users\LJ\AppData\Local\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\@
[2011/11/18 16:23:34 | 000,000,000 | -HSD | M] -- C:\Users\LJ\AppData\Local\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\L
[2011/11/18 16:23:34 | 000,000,000 | -HSD | M] -- C:\Users\LJ\AppData\Local\{ecc2646a-d379-9dae-534e-9a76f6d5c107}\U
[2012/03/01 04:14:11 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\LocalLow\Microsoft\Silverlight\is\ojb5nqmu.0xl\ygpqetbv.jdm\1\l
[2009/11/26 11:34:58 | 000,001,150 | ---- | M] () -- C:\Users\LJ\AppData\Roaming\Lunascape\Lunascape6\plugins\{9BDD5314-20A6-4d98-AB30-8325A95771EE}\data\extensions\[email protected]\components\Resources\u.ico
[2012/01/26 21:43:39 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XSK7NTKH\mail.google.com\mail\u
[2011/07/31 17:12:47 | 000,000,084 | ---- | M] () -- C:\Users\LJ\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XSK7NTKH\s.cxt.ms\lso.swf\u.sol
[2012/08/20 00:57:45 | 000,000,082 | ---- | M] () -- C:\Users\LJ\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XSK7NTKH\t.cxt.ms\lso.swf\u.sol
[2009/11/26 11:34:58 | 000,001,150 | ---- | M] () -- C:\Users\LJ\AppData\Roaming\Mozilla\Firefox\Profiles\rgjk7zra.default\extensions\[email protected]\components\Resources\u.ico
[2012/08/19 00:42:11 | 000,572,694 | ---- | M] () -- C:\Users\LJ\Documents\CCE\database\vendor.n
[2011/11/02 22:12:35 | 000,046,417 | ---- | M] () -- C:\Users\LJ\Pictures\l.jpg
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2008/09/04 21:33:05 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\aAvgApi
[2011/05/07 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Alien Skin
[2010/09/29 04:13:19 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Amazon
[2011/05/07 05:52:33 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\AVG
[2009/06/28 19:37:33 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\BitTorrent
[2010/06/30 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\DAEMON Tools Lite
[2009/02/17 01:28:33 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Deckadance
[2012/09/21 06:22:29 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Digiarty
[2011/07/26 03:22:43 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\FFSJ
[2011/12/13 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\FileZilla
[2011/07/26 02:10:26 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\GetRightToGo
[2011/08/05 22:55:27 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\GrabPro
[2011/06/17 15:47:32 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Lunascape
[2012/04/19 23:32:01 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\MAGIX
[2011/11/24 23:54:39 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Maxthon3
[2008/12/31 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\NCH Swift Sound
[2012/06/25 17:51:23 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\OfficeRecovery
[2012/09/21 06:22:19 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Opera
[2011/11/21 03:06:45 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Orbit
[2009/12/17 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Pamela
[2009/12/18 15:14:05 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Pamela Call Recorder
[2011/08/05 22:55:31 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\ProgSense
[2012/09/21 06:23:16 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Radical Software Ltd
[2012/04/11 21:14:37 | 000,000,000 | -HSD | M] -- C:\Users\LJ\AppData\Roaming\Total Anti Malware Protection
[2012/09/20 13:18:35 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\TuneUp Software
[2012/09/21 09:44:25 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\uTorrent
[2011/05/10 20:21:03 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\VideoCharge Studio
[2011/07/26 03:54:01 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\Vso
[2012/03/17 02:36:07 | 000,000,000 | ---D | M] -- C:\Users\LJ\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB11393$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\LJ\Documents\Hasan Salaam - Tales of the Lost Tribe.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\LJ\Documents\Hasan Salaam - 15 Minutes.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\LJ\Documents\Hasan Salaam - 14 How to Make a Ni--er(dirty) HS.mp3:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\LJ\Documents\Curtis Mayfield - Makings of You (Slowed)000.mp3:TOC.WMV
@Alternate Data Stream - 24 bytes -> C:\Windows:178D7C3082B8CB22
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 21 September 2012 - 08:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets kill it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajfo53e5)
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://findgala.com/...q={searchTerms}
[2012/07/16 03:20:29 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\LJ\APPDATA\LOCAL\{BFE8D4C1-CF16-11E1-8270-B8AC6F996F26}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BFE8D4C1-CF16-11E1-8270-B8AC6F996F26}: C:\Users\LJ\AppData\Local\{BFE8D4C1-CF16-11E1-8270-B8AC6F996F26}\ [2012/07/16 03:20:29 | 000,000,000 | ---D | M]
O4 - HKCU..\Run: [srfgfi] "C:\Windows\System32\rundll32.exe" "C:\Users\LJ\AppData\Roaming\srfgfi.dll",GetPCDResolution File not found
[2012/09/21 00:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/05/01 02:42:27 | 000,011,162 | -HS- | C] () -- C:\ProgramData\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/05/01 02:42:26 | 000,011,162 | -HS- | C] () -- C:\Users\LJ\AppData\Local\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
@Alternate Data Stream - 24 bytes -> C:\Windows:178D7C3082B8CB22

:Reg
[HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] 
""="%systemroot%\system32\wbem\wbemess.dll" 
[-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] 

:Files
C:\Windows\Installer\{ecc2646a-d379-9dae-534e-9a76f6d5c107}
C:\Users\LJ\AppData\Local\{ecc2646a-d379-9dae-534e-9a76f6d5c107}
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
rasun7sol
Posted 21 September 2012 - 09:21 AM

rasun7sol

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thank you for the suggestion. I copied and pasted all you told me to and hit Run Fix. Now the new problem is that the computer cannot reboot. EAch time, I get a blue screen thats disappears too quickly to read before the PC restarts and tries again. It says something like, your computer encountered and error and has done something to prevent damage. It brings me to the menu at each automatic restart. I tried to reboot in safe mode and I tried to reboot to the last good configuration, to the same results. Now I'm running the memory diagnostic, its the only other option besides starting windows normally.
  • 0

#4
Essexboy
Posted 21 September 2012 - 09:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see nothing there that would do that .. So

Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows Vista RC
3. Farbar Recovery Scan Tool

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

Posted Image

Drag and drop the Windows Vista ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#5
Essexboy
Posted 25 September 2012 - 11:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP