Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

GetSavin Ad- Virus/Malware Needs Safely Removed [Solved]

Started by PBHRescue , Mar 13 2013 12:41 PM

  • This topic is locked This topic is locked

#1
PBHRescue
Posted 13 March 2013 - 12:41 PM

PBHRescue

    Member

  • Member
  • PipPip
  • 96 posts
Hello,
I am not sure how GetSavin got on my machine... but it has and it needs to be removed safely... I attempted to remove it from my Add or Remove Programs but during the process my firewall was able to block it's attempt at changing a registry entry. I know it's not good to mess with the Registry and understand how dangerous the registry boosters can be... so, I allowed my Firewall to block it. I then researched GetSavin and have read a lot of scary stuff about it. I hear it's a pretty malicious virus... and I need help to remove it safely... Thanks in advance for your help!

Here is my system information:
Windows XP Professional (Yes, I know... it's ancient. I have XP on my Desktop and Windows 7 on my Notebook.)
Version 2002 Service Pack 3
Computer: Intel® Pentium® 4 CPU 3.00GHz 2.99GHz, 1.00 GB of RAM

Here is the OTL Log:

OTL logfile created on: 3/13/2013 2:27:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 402.02 Mb Available Physical Memory | 39.34% Memory free
2.41 Gb Paging File | 1.55 Gb Available in Paging File | 64.45% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.32 Gb Total Space | 39.70 Gb Free Space | 57.27% Space Free | Partition Type: NTFS
Drive F: | 731.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PBHRESCUE | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/13 14:26:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2013/03/10 22:41:40 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/03/10 20:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/10/19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/10/15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/10/08 11:05:40 | 002,804,224 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe
PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe
PRC - [2012/09/27 13:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/06/20 10:36:39 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
PRC - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/11/09 14:40:04 | 001,156,968 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/11/09 14:38:16 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
PRC - [2011/11/09 11:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/11/04 14:27:48 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/06/16 23:40:58 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/11 03:50:01 | 000,298,496 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Automation\8b01c45039261ef4150bb6b270d1c74f\Inkjet.Automation.ni.dll
MOD - [2013/03/11 03:49:57 | 000,236,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Localization\25656dffe9a855c247bb288f2d204d9f\Inkjet.Localization.ni.dll
MOD - [2013/03/11 03:49:57 | 000,095,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.DeviceSettin#\d4eee885eacc8998377fbdd51c5609a0\Inkjet.DeviceSettings.ni.dll
MOD - [2013/03/11 03:49:46 | 000,762,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\569d22d5591f3d2d35bc64437011e919\System.Runtime.Remoting.ni.dll
MOD - [2013/03/11 03:49:28 | 000,302,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Utilities\b7b3b0789757a620eda5338bef36c381\Inkjet.Utilities.ni.dll
MOD - [2013/03/11 03:49:27 | 000,890,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Hardware\463e4575df85e896c197618b4c073def\Inkjet.Hardware.ni.dll
MOD - [2013/03/11 03:49:27 | 000,161,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.EKAiO2SDKLib\9fe9ee3a09926aa88b59f266ddcc192f\Interop.EKAiO2SDKLib.ni.dll
MOD - [2013/03/11 03:49:26 | 000,179,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Statistics\83d36c5c44a800ec1880ea8a9b7bd7db\Inkjet.Statistics.ni.dll
MOD - [2013/03/11 03:49:22 | 000,107,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Diagnostics\decf9d95c3df2ef822e0c48d1efba8c8\Inkjet.Diagnostics.ni.dll
MOD - [2013/03/11 03:49:22 | 000,078,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Inkjet.Configuration\f2554db13b4f250f3e005f6a1b0b9d06\Inkjet.Configuration.ni.dll
MOD - [2013/03/11 03:44:39 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/03/11 03:38:41 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/03/11 03:37:22 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/03/11 03:25:26 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\de3e6b59e3949f8086973d53518a9ecb\System.Windows.Forms.ni.dll
MOD - [2013/03/11 03:25:06 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8ba0620535aa28d509b9397500b7d530\System.Drawing.ni.dll
MOD - [2013/03/11 03:24:46 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\3d6d9da56c9f607615b55d6742d8427d\System.Xml.ni.dll
MOD - [2013/03/11 03:24:36 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\197761bb3230bf9d4f540305dcf6717c\System.Configuration.ni.dll
MOD - [2013/03/11 03:22:59 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\c182d7a0bd88caf2cddccb7491a5fa6e\System.ni.dll
MOD - [2013/03/11 03:22:45 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013/03/10 20:27:03 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2013/03/10 20:27:03 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2013/03/10 20:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 20:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 20:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 20:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2011/12/14 17:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
MOD - [2011/12/14 10:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvcLib.dll
MOD - [2011/12/14 10:22:56 | 000,319,488 | ---- | M] () -- C:\Program Files\NETGEAR\WNDA3100v2\WifiLib.dll
MOD - [2011/12/06 17:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/11/09 14:39:24 | 000,125,800 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
MOD - [2011/11/09 14:39:18 | 000,020,840 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.DLL
MOD - [2011/11/09 14:39:02 | 000,042,344 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
MOD - [2011/11/09 14:38:34 | 000,268,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
MOD - [2011/11/09 14:38:34 | 000,176,488 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2011/11/09 14:38:32 | 000,348,008 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
MOD - [2011/09/19 03:59:14 | 000,465,632 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
MOD - [2011/06/16 23:40:38 | 000,034,128 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
MOD - [2011/06/16 23:40:30 | 000,045,368 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
MOD - [2011/06/16 23:40:14 | 000,128,336 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll
MOD - [2011/06/16 23:39:52 | 000,023,872 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2008/08/21 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/08/21 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/07/19 23:18:00 | 000,059,904 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV - [2013/03/13 00:31:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/10 22:41:40 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/10/27 14:04:03 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/19 15:51:08 | 000,395,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/10/15 12:58:22 | 000,779,200 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2012/09/27 13:04:22 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/12/14 17:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/09 11:59:18 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/11/04 14:27:48 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/10 16:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2011/06/16 23:40:58 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Belkin\F5D705~1\GTNDIS5.SYS -- (GTNDIS5)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2012/10/02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,089,792 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/02/22 13:29:46 | 000,083,856 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/11/08 13:59:04 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/08/08 19:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/04/04 15:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 15:53:24 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/28 17:22:30 | 001,034,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2010/04/08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010/04/08 20:30:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2010/04/01 15:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/02/03 11:20:32 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/08/13 18:56:16 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ahcix86.sys -- (ahcix86)
DRV - [2009/08/13 16:10:36 | 000,096,368 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/05/05 09:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2009/05/05 09:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 18:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2007/11/02 16:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/10/12 06:40:00 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007/10/02 04:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007/06/28 18:09:10 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/06/28 18:08:48 | 000,015,400 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007/06/28 18:08:30 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3112.sys -- (SI3112)
DRV - [2007/05/09 06:13:00 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2006/08/15 02:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2006/04/24 11:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2006/02/26 11:21:22 | 000,029,184 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\viapdsk.sys -- (viapdsk)
DRV - [2004/06/01 05:02:00 | 000,006,016 | ---- | M] (ATI Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\atiide.sys -- (atiide)
DRV - [2001/08/17 12:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pitbullhappenings.com/
IE - HKCU\..\SearchScopes,DefaultScope = {5B7DBBC3-3E75-4063-B60E-FEACEB294499}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4B6BB267-63F8-4A11-BD3B-100F64C2FF9A}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{5B7DBBC3-3E75-4063-B60E-FEACEB294499}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...n=&geo=US&ver=2
IE - HKCU\..\SearchScopes\{B4D836AD-0AFE-4508-B59C-32A4046AC692}: "URL" = http://websearch.ask...01-E4F9F36BB773
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.pitbullhappenings.com"
FF - prefs.js..extensions.enabledAddons: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.5
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:15.0.4
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0
FF - prefs.js..extensions.enabledAddons: {6614d11d-d21d-b211-ae23-815234e1ebb5}:2.7.5
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20130129
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.5.8
FF - prefs.js..extensions.enabledAddons: {2a26ebf1-72d8-4964-9995-ec90896e049e}:2.1
FF - prefs.js..keyword.URL: "http://www.goodsearc...=2_1&keywords="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013/03/13 12:34:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/20 10:45:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/03/10 18:07:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 14:04:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 20:23:43 | 000,000,000 | ---D | M]

[2011/11/30 20:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2013/03/12 17:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions
[2013/03/10 22:44:06 | 000,000,000 | ---D | M] (GoodApp) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{2a26ebf1-72d8-4964-9995-ec90896e049e}
[2013/03/10 23:20:40 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/03/12 17:19:39 | 000,000,000 | ---D | M] (GetSavin) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\getsavin@jetpack
[2013/03/10 23:20:39 | 000,221,683 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\[email protected]
[2013/03/10 23:20:39 | 000,164,308 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi
[2013/03/10 23:20:39 | 000,531,283 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/01/18 03:32:45 | 001,032,326 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}.xpi
[2013/03/10 22:49:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/18 02:46:33 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2011/10/04 10:09:42 | 000,000,000 | ---- | M] () (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\{2a26ebf1-72d8-4964-9995-ec90896e049e}\forxpi.dat
[2013/03/10 22:43:46 | 000,002,576 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\searchplugins\askcom.xml
[2013/03/10 22:47:32 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\searchplugins\wot-safe-search.xml
[2013/03/10 22:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 10:45:45 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/10/27 14:04:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 10:42:05 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/08/30 11:01:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/28 12:53:25 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/27 14:04:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: registryAccess (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaoiagmlcohkmjodefppbmpjdiocmh\7.15.1.22688_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit PhantomPDF Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

O1 HOSTS File: ([2008/08/21 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120628034334.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GetSavin 5.0) - {BFFB4BF8-D3C8-4045-8F79-5FB71AF4A0B0} - C:\Documents and Settings\user\Local Settings\Application Data\getsavin\ie\getsavin_1363122601.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk = C:\Program Files\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1293325203218 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342920748906 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30442B37-E915-4BCB-9F80-1FE3431508E2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/25 20:21:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/22 00:24:09 | 000,000,175 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{16bce198-25b1-11e0-ad35-000c29e00d72}\Shell\AutoRun\command - "" = E:\
O33 - MountPoints2\{16bce198-25b1-11e0-ad35-000c29e00d72}\Shell\linuxlive3\command - "" = J:\usb-creator.exe
O33 - MountPoints2\{16bce198-25b1-11e0-ad35-000c29e00d72}\Shell\linuxlive4\command - "" = J:\wubi.exe
O33 - MountPoints2\{1db2f189-61e3-11e1-946e-001111a38e35}\Shell - "" = AutoRun
O33 - MountPoints2\{1db2f189-61e3-11e1-946e-001111a38e35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1db2f189-61e3-11e1-946e-001111a38e35}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{acd41628-25a2-11e0-ad31-000c29e00d72}\Shell\AutoRun\command - "" = E:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/13 13:33:03 | 012,614,304 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\user\Desktop\boost-speed-setup.exe
[2013/03/13 11:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2013/03/13 11:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2013/03/12 21:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\puppies
[2013/03/12 19:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2013/03/12 18:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2013/03/12 18:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2013/03/12 18:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/03/12 18:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/03/12 18:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/03/12 18:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/03/12 18:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2013/03/12 18:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/03/12 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/03/12 18:03:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013/03/12 18:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/12 18:00:01 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/03/12 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\MagicDisc
[2013/03/12 17:54:08 | 000,116,736 | ---- | C] (MagicISO, Inc.) -- C:\WINDOWS\System32\drivers\mcdbus.sys
[2013/03/12 17:54:03 | 000,000,000 | ---D | C] -- C:\Program Files\MagicDisc
[2013/03/12 17:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2013/03/12 17:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Elaborate Bytes
[2013/03/12 17:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\getsavin
[2013/03/12 17:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Download Manager
[2013/03/10 23:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\OnlineArmor
[2013/03/10 23:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2013/03/10 23:46:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Online Armor
[2013/03/10 23:46:10 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2013/03/10 23:46:10 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2013/03/10 23:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor
[2013/03/10 23:38:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/10 23:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\QuickBooks
[2013/03/10 23:23:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/03/10 22:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sun
[2013/03/10 22:42:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/03/10 17:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder (2)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/13 14:31:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/13 14:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/13 13:33:35 | 012,614,304 | ---- | M] (Auslogics Software Pty Ltd ) -- C:\Documents and Settings\user\Desktop\boost-speed-setup.exe
[2013/03/13 12:43:45 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/13 12:35:17 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/13 12:34:56 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/13 12:34:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1873647745-624764526-1125205251-1003.job
[2013/03/13 12:33:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/13 11:34:18 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Auslogics Disk Defrag.lnk
[2013/03/13 09:11:31 | 000,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/12 21:34:02 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2013/03/12 19:54:59 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/03/12 19:54:59 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2013/03/12 18:56:50 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Word 2010.lnk
[2013/03/12 18:20:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/03/12 17:54:20 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/03/12 17:54:19 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\user\Desktop\MagicDisc.lnk
[2013/03/12 17:41:14 | 767,354,880 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO
[2013/03/12 17:19:56 | 000,000,000 | ---- | M] () -- C:\end
[2013/03/12 15:31:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/11 16:42:21 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Online Armor.lnk
[2013/03/11 16:42:08 | 000,001,698 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Microsoft Security Essentials.lnk
[2013/03/11 03:35:52 | 000,566,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/11 03:35:52 | 000,105,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/11 03:27:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/10 23:39:06 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/10 23:23:37 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/03/10 18:31:36 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/10 17:09:37 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1873647745-624764526-1125205251-1003.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/13 11:34:18 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Auslogics Disk Defrag.lnk
[2013/03/12 19:54:59 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/03/12 19:54:59 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2013/03/12 18:56:50 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Microsoft Word 2010.lnk
[2013/03/12 17:54:20 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\MagicDisc.lnk
[2013/03/12 17:54:19 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\user\Desktop\MagicDisc.lnk
[2013/03/12 17:28:22 | 767,354,880 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO
[2013/03/12 17:17:48 | 000,000,000 | ---- | C] () -- C:\end
[2013/03/11 16:42:21 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Online Armor.lnk
[2013/03/11 16:42:08 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Microsoft Security Essentials.lnk
[2013/03/11 16:09:17 | 000,332,976 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/10 23:48:46 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/10 23:46:10 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2013/03/10 23:46:09 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2013/03/10 23:39:06 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2013/03/10 23:38:48 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/10 23:23:37 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2012/10/29 18:00:32 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2012/07/22 21:24:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012/03/02 16:22:45 | 000,294,926 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/15 22:40:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 17:57:12 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2011/12/21 13:35:24 | 000,005,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/12/21 13:35:24 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9BE08CA7B4.sys
[2011/12/16 04:15:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/12 02:14:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

========== ZeroAccess Check ==========

[2010/12/25 22:13:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/11/05 01:05:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/07/22 21:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2012/01/20 17:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/10/05 13:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2013/03/10 23:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2012/02/28 22:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2012/02/28 23:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2012/01/20 17:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/03/11 16:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2012/11/09 11:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrintProjects
[2012/01/20 17:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2013/03/13 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/09 11:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2012/02/01 11:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Foxit Software
[2012/02/28 22:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Motorola
[2013/03/10 23:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\OnlineArmor
[2013/03/13 14:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2012/10/05 13:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Temp
[2010/12/25 22:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2012/07/16 10:55:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2012/08/08 12:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YCanPDF

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
PBHRescue
Posted 13 March 2013 - 01:36 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
I'm not sure if this has anything to do with GetSavin Malware... but my CPU has been running at 100% and frequently freezing... and the computer was running super slow too most of the time, however, I ran the AusDefrager which seems to helped that issue quite a bit...

I was reviewing the OTL log and noticed my system still has McAfee... as well as MagioISO which I know I uninstalled both of them... weird.

Thanks, again, and in advance for your help!

Edited by PBHRescue, 13 March 2013 - 01:39 PM.

  • 0

#3
gringo_pr
Posted 13 March 2013 - 01:53 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello PBHRescue

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#4
PBHRescue
Posted 13 March 2013 - 02:24 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Hello Gringo,
Thank you for such a fast response. I just wanted to inform you that I'm at work now so, I'm not in front of my home computer. I'll be home in about 8 hours and will tend to all my dogs and then run the scans and post the logs for you. I just didn't want you to think I was ignoring you or slacking off while I'm browsing the forums.... Thanks again for your fast reply!
  • 0

#5
gringo_pr
Posted 13 March 2013 - 03:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
don't worry I do most of my work from 4 hours from now till 12 hours from so it will work out well


gringo
  • 0

#6
PBHRescue
Posted 13 March 2013 - 10:03 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Near beginning of running Security Check... I received some error... memory allocating error? I'm running the second program now... Also, I noticed on the Anti-Virus/Firewall Check it states Windows Firewall is Disabled... which it is, however, I do have Online Armor Firewall which is enabled but it's not listed in this check...

Here is the checkup.txt info:


Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 25.0.1364.172
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

Edited by PBHRescue, 13 March 2013 - 10:05 PM.

  • 0

#7
PBHRescue
Posted 13 March 2013 - 10:21 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Okay... after re-booting my system... it reminded me, my anti-virus program (Microsoft Security Essentials) gets turned off by itself... It's currently off now and I didn't disable it.

Here is the report from AdwCleaner:


# AdwCleaner v2.114 - Logfile created 03/14/2013 at 00:09:28
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : user - PBHRESCUE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\user\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\extensions\[email protected]
File Deleted : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\searchplugins\Askcom.xml
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\Eric Emminger\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\user\Local Settings\Application Data\getsavin

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\Software\PIP
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

File : C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\h06kxi0n.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.linkextend.addit.remoteInstallItems", "{ \"software\": {\"20\": {\"id\": \"20\[...]

File : C:\Documents and Settings\Eric Emminger\Application Data\Mozilla\Firefox\Profiles\4b2c5nej.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\user Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2746 octets] - [14/03/2013 00:09:28]

########## EOF - C:\AdwCleaner[S1].txt - [2806 octets] ##########
  • 0

#8
PBHRescue
Posted 13 March 2013 - 10:38 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Okay... I followed your instructions for the RogueKiller program precisely. Everything went fine... when I clicked on "Report" though, I received an error (see attachment) In the Error Box, I then clicked "Yes" and nothing happened...

Attached Thumbnails

  • notepaderror.JPG

  • 0

#9
gringo_pr
Posted 13 March 2013 - 10:51 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello PBHRescue

Are you running as an admin?

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#10
PBHRescue
Posted 13 March 2013 - 11:02 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Yes, I'm the Computer Administrator. I have two users on this computer (both are me) and both are administrators :) Thus far, the computer does seem to be working much better too! I just printed your last set of instructions and am about to close my web browser to perform your instructions.
  • 0

Advertisements

#11
gringo_pr
Posted 13 March 2013 - 11:44 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
very good and I will be here when it is ready


gringo
  • 0

#12
PBHRescue
Posted 14 March 2013 - 06:51 AM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Good Morning Gringo, My apologies... I fell asleep... Okay, I ran the ComboFix.. however after the computer restarted itself (only restarted once) no Logs show up and I don't know where to look to find them?? Computer seems to be running okay thus far...
  • 0

#13
PBHRescue
Posted 14 March 2013 - 05:41 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
I wanted to let you know... although my Window's "user" is a computer administrator... I believe it's stlll limited... I could not for the life of me recall the actual (hidden) "Administrators" Password... So, I'll be honest... I had an idiot moment... and after googling and researching... It put into my mind thought of being able to use the "XP Administrator Recovery Tool"... well, bad idea... after further research, I did learn a very easy way to recover my password that didn't include installing ANY software!! I simply had to log out of my "user" account... then after I was logged out, simply press ALT + Ctrl + Delete a couple times... then the Administrator account log in would appear, no password needed, clicked okay and then I was logged into the actual Administrator Account where I then changed the password. So, when I get off of work later.... I will try re-running the Combofix from the administrator account.

I would like to mention though, whenever I attempt to "uninstall" any program in my "add and remove programs" from teh control panel... it freezes my PC... very frustrating to say the least. I'm glad I learned how to access and use the actual "Administrator" account that is hidden from my "User Accounts"
  • 0

#14
gringo_pr
Posted 14 March 2013 - 06:19 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
OK let me know how it goes



gringo
  • 0

#15
PBHRescue
Posted 14 March 2013 - 10:49 PM

PBHRescue

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
ComboFix 13-03-14.02 - Administrator 03/15/2013 0:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.298 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\StrongVaultApp.exe.lnk
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\npf.sys
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-15 to 2013-03-15 )))))))))))))))))))))))))))))))
.
.
2013-03-15 04:11 . 2013-03-15 04:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2013-03-14 18:56 . 2013-03-14 18:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Eastman Kodak Company
2013-03-14 18:20 . 2013-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Intuit
2013-03-14 18:20 . 2013-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\OnlineArmor
2013-03-14 18:20 . 2013-03-14 18:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2013-03-14 18:19 . 2013-03-14 18:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Motorola
2013-03-14 18:13 . 2013-03-14 18:13 -------- d-----w- c:\documents and settings\Eric Emminger\Local Settings\Application Data\Identities
2013-03-14 18:13 . 2013-03-14 18:13 -------- d-----w- c:\documents and settings\Eric Emminger\Application Data\Windows Desktop Search
2013-03-14 18:13 . 2013-03-14 18:13 -------- d-----w- c:\documents and settings\Eric Emminger\Application Data\OnlineArmor
2013-03-14 17:22 . 2013-03-14 17:22 -------- d-----w- c:\program files\ImgBurn
2013-03-14 17:20 . 2013-03-14 17:20 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-03-14 17:20 . 2013-03-14 17:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Strongvault Online Backup
2013-03-14 17:20 . 2013-03-14 17:21 -------- d-----w- c:\program files\Strongvault Online Backup
2013-03-14 17:19 . 2013-03-14 17:20 -------- d-----w- C:\AI_RecycleBin
2013-03-14 17:17 . 2013-03-14 17:18 -------- d-----w- c:\program files\Deal Spy
2013-03-14 04:28 . 2013-03-14 04:32 -------- d-----w- C:\RK_Quarantine
2013-03-14 04:27 . 2013-02-07 20:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B9BECE0-2DCE-4233-AD5C-2759A4AE653D}\mpengine.dll
2013-03-13 15:34 . 2013-03-13 17:52 -------- d-----w- c:\program files\Auslogics
2013-03-12 22:10 . 2013-03-12 22:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-03-12 22:08 . 2013-03-12 22:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-03-12 22:08 . 2013-03-12 22:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-03-12 22:08 . 2013-03-12 22:08 -------- d-----w- c:\documents and settings\All Users\Microsoft
2013-03-12 22:06 . 2013-03-12 22:06 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-03-12 22:04 . 2013-03-12 22:04 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-03-12 22:03 . 2013-03-12 22:16 -------- d-----w- c:\windows\SHELLNEW
2013-03-12 22:00 . 2013-03-12 22:00 -------- d-----r- C:\MSOCache
2013-03-12 21:54 . 2009-02-24 22:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2013-03-12 21:54 . 2013-03-12 21:54 -------- d-----w- c:\program files\MagicDisc
2013-03-12 21:24 . 2013-03-12 21:24 -------- d-----w- c:\program files\Elaborate Bytes
2013-03-12 20:21 . 2013-02-07 20:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-11 03:48 . 2013-03-11 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2013-03-11 03:46 . 2012-10-02 19:03 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2013-03-11 03:46 . 2012-10-02 19:02 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2013-03-11 03:46 . 2012-10-02 19:02 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2013-03-11 03:46 . 2012-10-02 19:02 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2013-03-11 03:45 . 2013-03-14 05:27 -------- d-----w- c:\program files\Online Armor
2013-03-11 03:40 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-03-11 03:38 . 2013-03-11 03:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-11 03:23 . 2013-03-11 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Licenses
2013-03-11 02:42 . 2013-03-11 02:42 -------- d-----w- c:\program files\Common Files\Java
2013-03-11 02:42 . 2013-03-11 02:41 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-11 02:42 . 2013-03-11 02:41 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-10 22:07 . 2013-03-10 22:07 -------- d-----w- c:\windows\system32\wbem\Repository
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 04:31 . 2012-05-24 16:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 04:31 . 2012-01-19 19:28 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 02:41 . 2012-10-19 21:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-11 02:41 . 2012-01-17 02:11 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-05 20:05 . 2008-08-21 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2008-08-21 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2008-08-21 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2008-08-21 12:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2008-08-21 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 19:59 . 2013-01-20 19:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:16 . 2008-08-21 12:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2008-04-14 00:01 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2008-08-21 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-08-21 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2008-08-21 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-16 12:23 . 2008-08-21 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-10-27 18:04 . 2012-10-27 18:03 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{25DA541F-6ACF-4052-A8AA-1D58284729C7}]
2010-03-18 18:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-08-21 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-20 296056]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-08-15 1404928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"Conime"="c:\windows\system32\conime.exe" [2008-08-21 27648]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"EKStatusMonitor"="c:\program files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-10-02 2415104]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2012-10-08 2804224]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SMessaging"="c:\documents and settings\user\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe" [2012-04-04 31664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2011-11-9 5940056]
NETGEAR WNDA3100v2 Genie.lnk - c:\program files\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2012-10-29 8453376]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-11-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2011\QBW32.EXE [2011-11-9 1178984]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-10-02 366440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOPrinterTools.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Inkjet.AdminUtility.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinter64Util.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHostDirector.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOTransfer.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\EKAiOHostService.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9323:TCP"= 9323:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [1/18/2012 2:22 AM 132744]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/3/2012 12:07 PM 89792]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [3/10/2013 11:46 PM 208320]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [3/10/2013 11:46 PM 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [3/10/2013 11:46 PM 31920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/11/2011 7:38 PM 116608]
R2 DeviceMonitorService;DeviceMonitorService;c:\program files\Motorola Media Link\Lite\NServiceEntry.exe [6/16/2011 11:40 PM 87368]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [10/19/2012 3:51 PM 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [10/15/2012 12:58 PM 779200]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/3/2012 12:07 PM 161632]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [5/3/2012 10:37 AM 151880]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 5:00 PM 214896]
R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [1/18/2012 2:22 AM 138760]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [3/10/2013 11:45 PM 216072]
R2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [11/9/2011 11:59 AM 1248256]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/3/2012 12:07 PM 340920]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/3/2012 12:07 PM 83856]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [3/10/2013 11:46 PM 44992]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [?]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [3/10/2013 11:45 PM 4463864]
S2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [10/29/2012 6:17 PM 303360]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\drivers\bcmwlhigh5.sys [10/29/2012 6:18 PM 1034240]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2/28/2012 10:33 PM 6016]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/3/2012 12:07 PM 57600]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/3/2012 12:07 PM 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/3/2012 12:07 PM 87656]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2/28/2012 10:33 PM 25856]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/28/2012 10:33 PM 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/28/2012 10:33 PM 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2/28/2012 10:33 PM 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2/28/2012 10:33 PM 11008]
S4 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [1/22/2011 2:58 AM 189968]
S4 atiide;atiide;c:\windows\system32\drivers\atiide.sys [1/22/2011 2:58 AM 6016]
S4 viapdsk;VIA ATA/ATAPI Host Controller;c:\windows\system32\drivers\viapdsk.sys [1/22/2011 2:58 AM 29184]
S4 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [1/22/2011 2:58 AM 17968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 22:08 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 04:31]
.
2013-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 15:17]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-15 15:17]
.
2013-03-14 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 15:11]
.
2012-11-25 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-03-15 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2012-11-25 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
.
2013-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1873647745-624764526-1125205251-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
2013-03-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1873647745-624764526-1125205251-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-15 00:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2116)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-03-15 00:47:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-15 04:47
ComboFix2.txt 2013-03-14 05:45
.
Pre-Run: 41,531,125,760 bytes free
Post-Run: 41,512,243,200 bytes free
.
- - End Of File - - 90F0D4BBCE20904A3A4033DB1DC4874A
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP