Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spyware popups slow

Started by dssole23 , Sep 25 2012 11:16 PM

  • Please log in to reply

#1
dssole23
Posted 25 September 2012 - 11:16 PM

dssole23

    Member

  • Member
  • PipPip
  • 77 posts
hey i have a laptop toshiba satellitebl635 and i think it was spywre mall ware i run the otl and here is the log



OTL logfile created on: 9/26/2012 1:05:13 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Family\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.46 Gb Available Physical Memory | 24.69% Memory free
3.82 Gb Paging File | 0.99 Gb Available in Paging File | 25.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.99 Gb Total Space | 175.07 Gb Free Space | 80.31% Space Free | Partition Type: NTFS

Computer Name: MARIA-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/26 01:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.exe
PRC - [2012/09/20 21:29:07 | 000,690,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
PRC - [2012/07/30 09:10:10 | 000,215,072 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Program Files\Trademanager\AliIM.exe
PRC - [2012/06/28 03:17:24 | 004,971,584 | ---- | M] (阿里云计算有限公司) -- C:\Program Files\Trademanager\miser\AliimSafe.exe
PRC - [2012/06/17 12:25:31 | 000,107,520 | ---- | M] () -- C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/06/06 15:54:16 | 000,048,680 | ---- | M] (Mobile Stream) -- C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
PRC - [2012/05/24 16:56:12 | 000,255,880 | ---- | M] (Vertro Inc.) -- C:\Users\Family\AppData\LocalLow\alotservice\alotservice.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/03/23 13:55:32 | 002,178,560 | ---- | M] (Jackpot Rewards) -- C:\Program Files\Shop To Win\ShopToWin.exe
PRC - [2011/05/19 11:58:36 | 012,909,928 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2011/03/31 11:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 05:26:06 | 001,034,272 | ---- | M] () -- C:\Program Files\Trademanager\WWUIUnits.dll
MOD - [2012/07/30 05:25:44 | 000,870,432 | ---- | M] () -- C:\Program Files\Trademanager\protocol.dll
MOD - [2012/06/19 10:13:32 | 000,075,808 | ---- | M] () -- C:\Program Files\Trademanager\P2PEnv.dll
MOD - [2012/06/17 22:04:22 | 000,219,168 | ---- | M] () -- C:\Program Files\Trademanager\wwparams.dll
MOD - [2012/06/17 12:26:26 | 001,624,576 | ---- | M] () -- C:\Users\Family\AppData\LocalLow\FCTB000100569\Toolbar\Toolbar.dll
MOD - [2012/06/17 12:26:26 | 000,360,960 | ---- | M] () -- C:\Users\Family\AppData\LocalLow\FCTB000100569\Toolbar\Helper.dll
MOD - [2012/06/17 12:25:11 | 001,615,360 | ---- | M] () -- C:\Program Files\Shop to Win 29\Toolbar.dll
MOD - [2012/06/17 12:25:11 | 000,378,880 | ---- | M] () -- C:\Program Files\Shop to Win 29\Helper.dll
MOD - [2012/06/10 17:54:49 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/06/10 17:54:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/06/10 17:54:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/06/10 17:54:06 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/06/10 12:52:27 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/06/21 08:11:42 | 000,322,376 | ---- | M] () -- C:\Windows\System32\aliedit\aliedit.dll
MOD - [2011/05/04 19:53:28 | 001,058,664 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll
MOD - [2011/02/14 21:31:50 | 000,077,720 | ---- | M] () -- C:\Program Files\Trademanager\zlibwapi.dll
MOD - [2011/02/14 21:30:52 | 000,278,936 | ---- | M] () -- C:\Program Files\Trademanager\pcre.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV - [2012/09/20 21:29:19 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/23 22:11:00 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/17 12:25:31 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/05/24 16:56:12 | 000,255,880 | ---- | M] (Vertro Inc.) [Auto | Running] -- C:\Users\Family\AppData\LocalLow\alotservice\alotservice.exe -- (AlotService)
SRV - [2012/04/19 06:54:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/31 11:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/03/04 18:34:06 | 000,621,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/06/06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)
DRV - [2011/10/23 09:48:50 | 000,026,624 | ---- | M] (Faveset LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapklink.sys -- (tapklink)
DRV - [2010/11/25 02:59:16 | 000,603,240 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/02/22 18:03:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A3 CA F8 9E 4A CD 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files\Shop to Win 29\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{54EA81FD-7602-4FBA-9410-5100D976EF37}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.2000.2(B)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Program Files\Trademanager\nptrademanager.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\Family\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.4\FF [2012/06/17 12:25:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CouponDropDown) - {11111111-1111-1111-1111-110011431152} - C:\Program Files\CouponDropDown\CouponDropDown.dll (215 Apps)
O2 - BHO: (Deals Plugin) - {11111111-1111-1111-1111-110011461137} - C:\Program Files\Deals Plugin\Deals Plugin.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Shop to Win) - {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files\Shop to Win 29\Shop to Win 29.dll (Shop To Win, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro, Inc)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKCU..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKCU..\Run: [DirectDrawEx] C:\Users\Family\AppData\Local\DirectDrawEx\DirectDrawEx.exe File not found
O4 - HKCU..\Run: [DXM_Runtime] C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif ()
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKCU..\Run: [Epson Stylus NX420(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Shop To Win] C:\Program Files\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKCU..\Run: [Steam App 745] C:\Users\Family\AppData\Roaming\Steam App 745\Steam App 745.exe File not found
O4 - HKCU..\RunOnce: [DXM_Runtime] C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0736EB32-7B66-4D7B-B337-D327B57F3066}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F647929-27FB-4C77-B732-685065577221}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 00:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/09/26 00:03:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/09/26 00:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/09/26 00:01:36 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Alibaba
[2012/09/25 17:59:11 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\DXM_Runtime
[2012/09/23 13:09:41 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Local\DirectDrawEx
[2012/09/22 03:01:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 03:01:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 03:01:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 03:01:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 03:01:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 03:01:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 03:01:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 03:01:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 02:01:10 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\Steam App 745
[2012/09/20 22:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/20 22:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2012/09/19 20:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Deals Plugin
[2012/09/19 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Uncompressor
[2012/09/15 15:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
[2012/09/15 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\CouponDropDown
[2012/09/12 21:57:24 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll

========== Files - Modified Within 30 Days ==========

[2012/09/26 00:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000UA.job
[2012/09/26 00:29:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/26 00:03:49 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\TradeManager 2012.lnk
[2012/09/25 23:35:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000UA.job
[2012/09/25 22:23:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/25 21:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000Core.job
[2012/09/25 20:44:11 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 20:44:11 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 20:41:47 | 001,353,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/25 20:41:47 | 000,358,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/25 20:36:25 | 1501,974,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/23 23:22:48 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000Core.job
[2012/09/22 19:03:22 | 000,031,798 | ---- | M] () -- C:\Users\Family\Desktop\studs2.jpg
[2012/09/22 19:03:22 | 000,030,123 | ---- | M] () -- C:\Users\Family\Desktop\studs.jpg
[2012/09/22 15:44:25 | 000,018,974 | ---- | M] () -- C:\Users\Family\Documents\431269_525504394141816_1518222100_n.jpg
[2012/09/22 15:43:26 | 000,011,611 | ---- | M] () -- C:\Users\Family\Documents\530047_525504520808470_1274603664_a.jpg
[2012/09/22 15:43:26 | 000,006,508 | ---- | M] () -- C:\Users\Family\Documents\296489_525504357475153_1128019452_a.jpg
[2012/09/22 15:43:22 | 000,015,018 | ---- | M] () -- C:\Users\Family\Documents\523405_525504467475142_1021633911_a.jpg
[2012/09/20 21:48:27 | 000,002,269 | ---- | M] () -- C:\Users\Family\Desktop\HP webOS® Doctor™ Build Sprint.275.271, webOS 1.4.5.lnk
[2012/09/20 21:29:07 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/20 21:29:07 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/16 22:42:59 | 000,559,150 | ---- | M] () -- C:\Users\Family\Desktop\Wholesale.zip
[2012/09/16 05:53:29 | 000,433,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/11 21:10:34 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job

========== Files Created - No Company Name ==========

[2012/09/26 00:03:49 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\TradeManager 2012.lnk
[2012/09/22 19:16:10 | 000,031,798 | ---- | C] () -- C:\Users\Family\Desktop\studs2.jpg
[2012/09/22 19:15:49 | 000,030,123 | ---- | C] () -- C:\Users\Family\Desktop\studs.jpg
[2012/09/22 15:44:29 | 000,018,974 | ---- | C] () -- C:\Users\Family\Documents\431269_525504394141816_1518222100_n.jpg
[2012/09/22 15:44:21 | 000,006,508 | ---- | C] () -- C:\Users\Family\Documents\296489_525504357475153_1128019452_a.jpg
[2012/09/22 15:44:11 | 000,011,611 | ---- | C] () -- C:\Users\Family\Documents\530047_525504520808470_1274603664_a.jpg
[2012/09/22 15:44:01 | 000,015,018 | ---- | C] () -- C:\Users\Family\Documents\523405_525504467475142_1021633911_a.jpg
[2012/09/20 21:48:27 | 000,002,269 | ---- | C] () -- C:\Users\Family\Desktop\HP webOS® Doctor™ Build Sprint.275.271, webOS 1.4.5.lnk
[2012/09/16 22:42:58 | 000,559,150 | ---- | C] () -- C:\Users\Family\Desktop\Wholesale.zip
[2012/08/21 22:04:05 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/08/21 22:03:37 | 000,480,608 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2012/08/21 22:03:37 | 000,000,451 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2012/07/30 00:31:48 | 000,000,229 | ---- | C] () -- C:\Users\Family\AppData\Local\kclientgui.ini
[2012/06/17 13:07:28 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/06/17 12:26:06 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/04/17 21:19:42 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2012/09/26 00:10:28 | 000,000,142 | ---- | M] ()(C:\Users\Family\Desktop\???????????.lnk) -- C:\Users\Family\Desktop\欢迎光临阿里巴巴国际站.lnk
[2012/09/26 00:10:28 | 000,000,142 | ---- | C] ()(C:\Users\Family\Desktop\???????????.lnk) -- C:\Users\Family\Desktop\欢迎光临阿里巴巴国际站.lnk

< End of report >
  • 0

Advertisements

#2
Gammo
Posted 29 September 2012 - 04:40 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
dssole23
Posted 29 September 2012 - 11:43 AM

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
i still havent resolve the problem please help me
  • 0

#4
Gammo
Posted 30 September 2012 - 05:43 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please post a fresh OTL log. :)

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
  • Note: the Extras.txt file only gets created on OTL's first run.

  • 0

#5
dssole23
Posted 30 September 2012 - 06:09 PM

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
only one notepad opened up




OTL logfile created on: 9/30/2012 7:59:42 PM - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Family\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 54.86% Memory free
3.73 Gb Paging File | 2.14 Gb Available in Paging File | 57.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.99 Gb Total Space | 174.46 Gb Free Space | 80.03% Space Free | Partition Type: NTFS

Computer Name: MARIA-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/27 17:12:32 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/09/26 01:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Downloads\OTL.exe
PRC - [2012/08/21 23:15:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/07/30 09:10:10 | 000,215,072 | ---- | M] (Alibaba software (Shanghai) Corporation.) -- C:\Program Files\Trademanager\AliIM.exe
PRC - [2012/07/15 20:30:44 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\MaRia\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/17 12:25:31 | 000,107,520 | ---- | M] () -- C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/06/06 15:54:16 | 000,048,680 | ---- | M] (Mobile Stream) -- C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
PRC - [2012/05/29 10:37:22 | 025,249,400 | ---- | M] (ooVoo LLC) -- C:\Program Files\ooVoo\ooVoo.exe
PRC - [2012/05/24 16:56:12 | 000,255,880 | ---- | M] (Vertro Inc.) -- C:\Users\Family\AppData\LocalLow\alotservice\alotservice.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/03/23 13:55:32 | 002,178,560 | ---- | M] (Jackpot Rewards) -- C:\Program Files\Shop To Win\ShopToWin.exe
PRC - [2011/05/19 11:58:36 | 012,909,928 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaUI.exe
PRC - [2011/03/31 11:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RaRegistry.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/10/16 00:41:02 | 000,101,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe
PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/09/14 06:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGCA.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 05:26:06 | 001,034,272 | ---- | M] () -- C:\Program Files\Trademanager\WWUIUnits.dll
MOD - [2012/07/30 05:25:44 | 000,870,432 | ---- | M] () -- C:\Program Files\Trademanager\protocol.dll
MOD - [2012/06/19 10:13:32 | 000,075,808 | ---- | M] () -- C:\Program Files\Trademanager\P2PEnv.dll
MOD - [2012/06/17 22:04:22 | 000,219,168 | ---- | M] () -- C:\Program Files\Trademanager\wwparams.dll
MOD - [2012/06/10 17:54:49 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/06/10 17:54:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/06/10 17:54:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/06/10 17:54:06 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/06/10 12:52:27 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/10 21:12:12 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/06/21 08:11:42 | 000,322,376 | ---- | M] () -- C:\Windows\System32\aliedit\aliedit.dll
MOD - [2011/05/06 05:48:06 | 000,015,296 | ---- | M] () -- C:\Program Files\Trademanager\RSAWrapper.dll
MOD - [2011/05/04 19:53:28 | 001,058,664 | ---- | M] () -- C:\Program Files\Ralink\Common\RaWLAPI.dll
MOD - [2011/02/14 21:30:52 | 000,278,936 | ---- | M] () -- C:\Program Files\Trademanager\pcre.dll
MOD - [2009/06/10 17:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Services (SafeList) ==========

SRV - [2012/09/27 17:12:32 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/20 21:29:19 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/17 12:25:31 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/05/24 16:56:12 | 000,255,880 | ---- | M] (Vertro Inc.) [Auto | Running] -- C:\Users\Family\AppData\LocalLow\alotservice\alotservice.exe -- (AlotService)
SRV - [2012/04/19 06:54:16 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/31 11:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/03/04 18:34:06 | 000,621,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2010/03/03 14:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 14:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/12 10:07:44 | 000,033,792 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/06/06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)
DRV - [2011/10/23 09:48:50 | 000,026,624 | ---- | M] (Faveset LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tapklink.sys -- (tapklink)
DRV - [2010/11/25 02:59:16 | 000,603,240 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010/06/23 10:24:58 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/02/22 18:03:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/10/26 23:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2355&t=01
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\SearchScopes\{501E4262-3014-4050-A82D-D6BCAAF42460}: "URL" = http://search.yahoo....416,18760,0,8,0
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\SearchScopes\{D1F16F51-E13C-448D-847F-3CEE4D20325A}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-us
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 A3 CA F8 9E 4A CD 01 [binary data]
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\URLSearchHook: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files\Shop to Win 29\Helper.dll ()
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\SearchScopes\{54EA81FD-7602-4FBA-9410-5100D976EF37}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.2000.2(B)
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Program Files\Trademanager\nptrademanager.dll ( )
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Users\Family\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.4\FF [2012/06/17 12:25:39 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CouponDropDown) - {11111111-1111-1111-1111-110011431152} - C:\Program Files\CouponDropDown\CouponDropDown.dll (215 Apps)
O2 - BHO: (Deals Plugin) - {11111111-1111-1111-1111-110011461137} - C:\Program Files\Deals Plugin\Deals Plugin.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Shop to Win) - {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files\Shop to Win 29\Shop to Win 29.dll (Shop To Win, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro, Inc)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000..\Run: [Epson Stylus NX420(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000..\Run: [Facebook Update] C:\Users\MaRia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [DirectDrawEx] C:\Users\Family\AppData\Local\DirectDrawEx\DirectDrawEx.exe File not found
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [DXM_Runtime] C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif ()
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [Epson Stylus NX420(Network)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [Shop To Win] C:\Program Files\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [Steam App 745] C:\Users\Family\AppData\Roaming\Steam App 745\Steam App 745.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\RunOnce: [DXM_Runtime] C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif ()
O4 - Startup: C:\Users\MaRia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..Trusted Domains: taobao.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0736EB32-7B66-4D7B-B337-D327B57F3066}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F647929-27FB-4C77-B732-685065577221}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/26 00:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeManager
[2012/09/26 00:03:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\aliedit
[2012/09/26 00:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/09/26 00:01:36 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\Alibaba
[2012/09/25 17:59:11 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\DXM_Runtime
[2012/09/23 13:09:41 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Local\DirectDrawEx
[2012/09/22 02:01:10 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\Steam App 745
[2012/09/20 22:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/09/20 22:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Palm, Inc
[2012/09/19 20:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Deals Plugin
[2012/09/19 20:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Uncompressor
[2012/09/15 15:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
[2012/09/15 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\CouponDropDown

========== Files - Modified Within 30 Days ==========

[2012/09/30 19:59:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000UA.job
[2012/09/30 19:44:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/30 19:44:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 18:27:34 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000UA.job
[2012/09/30 12:19:53 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 12:19:53 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 12:18:51 | 001,416,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/30 12:18:51 | 000,380,878 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/30 12:11:43 | 1501,974,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/29 21:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000Core.job
[2012/09/29 21:39:57 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3496659367-1868434254-1543647034-1000Core.job
[2012/09/26 00:03:49 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\TradeManager 2012.lnk
[2012/09/22 19:03:22 | 000,031,798 | ---- | M] () -- C:\Users\Family\Desktop\studs2.jpg
[2012/09/22 19:03:22 | 000,030,123 | ---- | M] () -- C:\Users\Family\Desktop\studs.jpg
[2012/09/22 15:44:25 | 000,018,974 | ---- | M] () -- C:\Users\Family\Documents\431269_525504394141816_1518222100_n.jpg
[2012/09/22 15:43:26 | 000,011,611 | ---- | M] () -- C:\Users\Family\Documents\530047_525504520808470_1274603664_a.jpg
[2012/09/22 15:43:26 | 000,006,508 | ---- | M] () -- C:\Users\Family\Documents\296489_525504357475153_1128019452_a.jpg
[2012/09/22 15:43:22 | 000,015,018 | ---- | M] () -- C:\Users\Family\Documents\523405_525504467475142_1021633911_a.jpg
[2012/09/20 21:48:27 | 000,002,269 | ---- | M] () -- C:\Users\Family\Desktop\HP webOS® Doctor™ Build Sprint.275.271, webOS 1.4.5.lnk
[2012/09/16 22:42:59 | 000,559,150 | ---- | M] () -- C:\Users\Family\Desktop\Wholesale.zip
[2012/09/16 05:53:29 | 000,433,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/11 21:10:34 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\DriverEasy Scheduled Scan.job

========== Files Created - No Company Name ==========

[2012/09/26 00:03:49 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\TradeManager 2012.lnk
[2012/09/22 19:16:10 | 000,031,798 | ---- | C] () -- C:\Users\Family\Desktop\studs2.jpg
[2012/09/22 19:15:49 | 000,030,123 | ---- | C] () -- C:\Users\Family\Desktop\studs.jpg
[2012/09/22 15:44:29 | 000,018,974 | ---- | C] () -- C:\Users\Family\Documents\431269_525504394141816_1518222100_n.jpg
[2012/09/22 15:44:21 | 000,006,508 | ---- | C] () -- C:\Users\Family\Documents\296489_525504357475153_1128019452_a.jpg
[2012/09/22 15:44:11 | 000,011,611 | ---- | C] () -- C:\Users\Family\Documents\530047_525504520808470_1274603664_a.jpg
[2012/09/22 15:44:01 | 000,015,018 | ---- | C] () -- C:\Users\Family\Documents\523405_525504467475142_1021633911_a.jpg
[2012/09/20 21:48:27 | 000,002,269 | ---- | C] () -- C:\Users\Family\Desktop\HP webOS® Doctor™ Build Sprint.275.271, webOS 1.4.5.lnk
[2012/09/16 22:42:58 | 000,559,150 | ---- | C] () -- C:\Users\Family\Desktop\Wholesale.zip
[2012/08/21 22:04:05 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2012/08/21 22:03:37 | 000,480,608 | ---- | C] () -- C:\Windows\System32\DiagFunc.dll
[2012/08/21 22:03:37 | 000,000,451 | ---- | C] () -- C:\Windows\System32\DiagFunc.ini
[2012/07/30 00:31:48 | 000,000,229 | ---- | C] () -- C:\Users\Family\AppData\Local\kclientgui.ini
[2012/06/17 13:07:28 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2012/06/17 12:26:06 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/04/17 21:19:42 | 000,000,071 | ---- | C] () -- C:\Windows\ENX420.ini
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:34 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/06/17 12:25:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DefaultTab
[2012/09/25 17:59:11 | 000,000,000 | --SD | M] -- C:\Users\Family\AppData\Roaming\DXM_Runtime
[2012/06/17 12:38:01 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Easeware
[2012/05/26 13:34:40 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Epson
[2012/07/24 09:39:15 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\HTC
[2012/08/11 23:23:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\ooVoo Details
[2012/09/23 13:09:28 | 000,000,000 | --SD | M] -- C:\Users\Family\AppData\Roaming\Steam App 745
[2012/05/11 13:03:51 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\Easeware
[2012/04/17 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\Epson
[2012/07/22 01:15:08 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\HTC
[2012/04/17 21:55:28 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\Leadertech
[2012/07/30 01:36:49 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\ooVoo Details
[2012/04/17 20:58:57 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\OpenOffice.org
[2012/04/13 11:56:48 | 000,000,000 | ---D | M] -- C:\Users\MaRia\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/09/26 00:10:28 | 000,000,142 | ---- | M] ()(C:\Users\Family\Desktop\???????????.lnk) -- C:\Users\Family\Desktop\欢迎光临阿里巴巴国际站.lnk
[2012/09/26 00:10:28 | 000,000,142 | ---- | C] ()(C:\Users\Family\Desktop\???????????.lnk) -- C:\Users\Family\Desktop\欢迎光临阿里巴巴国际站.lnk

< End of report >
  • 0

#6
Gammo
Posted 05 October 2012 - 08:16 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I'm sorry for the delayed response.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - [2012/06/17 12:25:31 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/05/24 16:56:12 | 000,255,880 | ---- | M] (Vertro Inc.) [Auto | Running] -- C:\Users\Family\AppData\LocalLow\alotservice\alotservice.exe -- (AlotService)
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=2355&t=01
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\SearchScopes\{D1F16F51-E13C-448D-847F-3CEE4D20325A}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-us
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\URLSearchHook: {c111c814-fd58-0a04-3924-998b53830e29} - C:\Program Files\Shop to Win 29\Helper.dll ()
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\SearchScopes\{54EA81FD-7602-4FBA-9410-5100D976EF37}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.2000.2(B)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.4\FF [2012/06/17 12:25:39 | 000,000,000 | ---D | M]
O2 - BHO: (CouponDropDown) - {11111111-1111-1111-1111-110011431152} - C:\Program Files\CouponDropDown\CouponDropDown.dll (215 Apps)
O2 - BHO: (Deals Plugin) - {11111111-1111-1111-1111-110011461137} - C:\Program Files\Deals Plugin\Deals Plugin.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Shop to Win) - {5ABD6C72-FFD7-B634-A92B-D77D5960E009} - C:\Program Files\Shop to Win 29\Shop to Win 29.dll (Shop To Win, LLC)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (VideoFileDownload) - {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [DirectDrawEx] C:\Users\Family\AppData\Local\DirectDrawEx\DirectDrawEx.exe File not found
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [DXM_Runtime] C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif ()
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [Shop To Win] C:\Program Files\Shop To Win\ShopToWin.exe (Jackpot Rewards)
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\Run: [Steam App 745] C:\Users\Family\AppData\Roaming\Steam App 745\Steam App 745.exe File not found
O4 - HKU\S-1-5-21-3496659367-1868434254-1543647034-1001..\RunOnce: [DXM_Runtime] C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif ()
[2012/09/25 17:59:11 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\DXM_Runtime
[2012/09/23 13:09:41 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Local\DirectDrawEx
[2012/09/22 02:01:10 | 000,000,000 | --SD | C] -- C:\Users\Family\AppData\Roaming\Steam App 745
[2012/09/19 20:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Deals Plugin
[2012/09/15 15:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\CouponDropDown
[2012/06/17 12:25:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DefaultTab
:Services

:Reg

:Files
ipconfig /flushdns /c
C:\Users\Family\AppData\LocalLow\alotservice
C:\Program Files\Shop to Win 29
C:\Program Files\PriceGong
C:\Program Files\alotappbar
C:\Program Files\OApps
C:\Program Files\Ask.com
C:\Program Files\Shop To Win

:Commands
[purity]
[resethosts]
[emptytemp]
[emptyflash]
[createrestorepoint]
[reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
dssole23
Posted 05 October 2012 - 05:12 PM

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
everything seems to be working better then before so far no pop ups thank you so much. i was wondering now can u help me with my other computer its another topic i have for windows xp
  • 0

#8
Gammo
Posted 06 October 2012 - 06:44 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
We aren't done yet. :)

Can you please include the C:\ComboFix.txt in your next reply?
  • 0

#9
dssole23
Posted 06 October 2012 - 10:21 AM

dssole23

    Member

  • Topic Starter
  • Member
  • PipPip
  • 77 posts
========== OTL ==========
Service DefaultTabUpdate stopped successfully!
Service DefaultTabUpdate deleted successfully!
C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe moved successfully.
Service AlotService stopped successfully!
Service AlotService deleted successfully!
C:\Users\Family\AppData\LocalLow\alotservice\alotservice.exe moved successfully.
HKU\S-1-5-21-3496659367-1868434254-1543647034-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D1F16F51-E13C-448D-847F-3CEE4D20325A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D1F16F51-E13C-448D-847F-3CEE4D20325A}\ not found.
HKU\S-1-5-21-3496659367-1868434254-1543647034-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c111c814-fd58-0a04-3924-998b53830e29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c111c814-fd58-0a04-3924-998b53830e29}\ deleted successfully.
C:\Program Files\Shop to Win 29\Helper.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{54EA81FD-7602-4FBA-9410-5100D976EF37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54EA81FD-7602-4FBA-9410-5100D976EF37}\ not found.
Registry key HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\ not found.
C:\Program Files\PriceGong\2.6.4\FF\components folder moved successfully.
C:\Program Files\PriceGong\2.6.4\FF\chrome\skin folder moved successfully.
C:\Program Files\PriceGong\2.6.4\FF\chrome\locale\en-US folder moved successfully.
C:\Program Files\PriceGong\2.6.4\FF\chrome\locale folder moved successfully.
C:\Program Files\PriceGong\2.6.4\FF\chrome\content folder moved successfully.
C:\Program Files\PriceGong\2.6.4\FF\chrome folder moved successfully.
C:\Program Files\PriceGong\2.6.4\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011431152}\ deleted successfully.
C:\Program Files\CouponDropDown\CouponDropDown.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011461137}\ deleted successfully.
C:\Program Files\Deals Plugin\Deals Plugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ABD6C72-FFD7-B634-A92B-D77D5960E009}\ deleted successfully.
C:\Program Files\Shop to Win 29\Shop to Win 29.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
C:\Users\Family\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
File C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9194649F-7143-4308-90C1-D6A35B0E354E}\ deleted successfully.
C:\Program Files\OApps\bho_project.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DirectDrawEx deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DXM_Runtime deleted successfully.
File move failed. C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Shop To Win deleted successfully.
C:\Program Files\Shop To Win\ShopToWin.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam App 745 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3496659367-1868434254-1543647034-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DXM_Runtime deleted successfully.
File move failed. C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif scheduled to be moved on reboot.
Folder move failed. C:\Users\Family\AppData\Roaming\DXM_Runtime scheduled to be moved on reboot.
C:\Users\Family\AppData\Local\DirectDrawEx folder moved successfully.
C:\Users\Family\AppData\Roaming\Steam App 745 folder moved successfully.

OTL by OldTimer - Version 3.2.68.0 log created on 10052012_190414

Files\Folders moved on Reboot...
File move failed. C:\Users\Family\AppData\Roaming\DXM_Runtime\DXM_Runtime.pif scheduled to be moved on reboot.
Folder move failed. C:\Users\Family\AppData\Roaming\DXM_Runtime scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
Gammo
Posted 06 October 2012 - 04:31 PM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Thanks for posting the OTL fix log.

Can you please post the ComboFix log (present at C:\Combofix.txt) as well?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP