Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

explorer.exe crashing often...found viruses [Solved]


  • This topic is locked This topic is locked

#1
inzeo

inzeo

    Member

  • Member
  • PipPip
  • 47 posts
So dad's computer gets a virus and Gringo helps me fix it. While doing the work needed I decide to see what might be in my computer because:
1. explorer.exe crashes often
2. a redirect ended up on my computer about 2 weeks ago (tho I believed I had conquered it)
3. eset online found MANY problems
4. I have lots of out of date and unneeded programs...but some won't uninstall.

Please, I believe i have multiple trojans, many holes in my security from old out of date versions of programs, and probably a ton of registry and start up problems.
Below is the otl.exe log

any and all help appreciated

OTL logfile created on: 3/24/2013 4:50:16 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19400)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 45.25% Memory free
6.70 Gb Paging File | 4.26 Gb Available in Paging File | 63.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 929.44 Gb Total Space | 238.89 Gb Free Space | 25.70% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive G: | 14.89 Gb Total Space | 14.89 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive H: | 1397.26 Gb Total Space | 736.03 Gb Free Space | 52.68% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 557.12 Gb Free Space | 29.90% Space Free | Partition Type: NTFS
Drive L: | 596.17 Gb Total Space | 58.86 Gb Free Space | 9.87% Space Free | Partition Type: NTFS
Drive R: | 596.17 Gb Total Space | 224.38 Gb Free Space | 37.64% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/24 16:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/03/02 11:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/02/27 14:38:14 | 000,384,640 | ---- | M] (AppWork GmbH) -- C:\Users\Owner\AppData\Local\JDownloader 2.0\JDownloader2.exe
PRC - [2013/01/20 17:49:56 | 000,969,104 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/25 05:12:03 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/07/25 05:11:50 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/07/24 18:05:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,258,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/03/26 00:11:28 | 000,108,544 | ---- | M] (Montpellier-Informatique) -- C:\Program Files\Predator2\PredatorACE.exe
PRC - [2010/12/20 18:10:14 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2010/12/20 18:09:52 | 000,505,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/29 13:15:00 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/09/10 13:31:36 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/23 00:04:56 | 000,879,630 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-1671177\libstdc++-6.dll
MOD - [2013/03/23 00:04:55 | 002,342,624 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-1671177\lib7-Zip-JBinding.dll
MOD - [2013/03/23 00:04:55 | 000,047,972 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-1671177\mingwm10.dll
MOD - [2013/03/23 00:04:55 | 000,043,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-1671177\libgcc_s_dw2-1.dll
MOD - [2013/03/23 00:04:54 | 000,879,630 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-8261432\libstdc++-6.dll
MOD - [2013/03/23 00:04:54 | 000,047,972 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-8261432\mingwm10.dll
MOD - [2013/03/23 00:04:54 | 000,043,008 | ---- | M] () -- C:\Users\Owner\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-8261432\libgcc_s_dw2-1.dll
MOD - [2013/03/10 17:22:06 | 000,459,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 17:22:05 | 012,662,224 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 17:22:04 | 004,050,896 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 17:21:18 | 000,596,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 17:21:18 | 000,124,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 17:21:16 | 001,552,848 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/20 13:22:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll
MOD - [2013/02/20 13:22:10 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/02/20 13:21:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/02/20 13:21:18 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll
MOD - [2013/02/20 13:21:10 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/02/20 13:18:27 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/02/20 13:18:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/02/29 04:04:35 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/21 11:19:50 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/13 20:50:04 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2009/06/21 23:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/04/04 12:27:06 | 000,007,680 | ---- | M] () -- C:\Program Files\Alcohol Soft\Alcohol 120\Plugins\Images\bw5mount.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2013/03/12 14:24:52 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/24 18:05:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/03/26 00:11:28 | 000,108,544 | ---- | M] (Montpellier-Informatique) [Auto | Running] -- C:\Program Files\Predator2\PredatorACE.exe -- (PredatorACE)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/04 05:07:26 | 000,285,696 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/09/29 13:15:00 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/09/10 13:31:36 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/02/28 18:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\IQE4E94.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a4nosxiy)
DRV - [2013/03/24 03:12:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50B44A50-3FC0-4967-9A78-DFCEB5F46A5F}\MpKsl929db3e4.sys -- (MpKsl929db3e4)
DRV - [2013/02/09 20:20:39 | 008,944,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/20 14:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012/08/20 14:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012/07/02 17:25:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/04/09 17:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2012/04/05 22:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012/04/05 22:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/05 22:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 18:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011/10/27 16:57:23 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2011/07/27 11:48:16 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/12/28 18:31:08 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:23:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2010/08/12 15:14:40 | 000,230,736 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/08/02 16:19:22 | 000,025,728 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandadb.sys -- (androidusb)
DRV - [2010/07/29 00:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/26 11:30:17 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/29 22:09:06 | 000,059,904 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker\kprocesshacker.sys -- (KProcessHacker)
DRV - [2009/11/10 04:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 04:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 04:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/30 07:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/11/14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/11/12 17:02:46 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/11/12 17:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/09/29 13:17:06 | 000,029,952 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/09/10 13:28:48 | 000,036,896 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/01/15 04:25:24 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/11/13 01:21:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007/08/29 04:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/03/20 20:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2006/12/28 06:50:26 | 000,016,000 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\9kdUSBXP.sys -- (SNL320XP)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/01/09 19:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2005/05/03 08:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C42B5B9-17ED-4537-8FE8-7363B216ECCA}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5C42B5B9-17ED-4537-8FE8-7363B216ECCA}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0
FF - prefs.js..extensions.enabledAddons: facepad%40lazyrussian.com:0.9.6
FF - prefs.js..extensions.enabledAddons: greasefire%40skrul.com:1.0.8
FF - prefs.js..extensions.enabledAddons: guiconfig%40slosd.net:1.2.2
FF - prefs.js..extensions.enabledAddons: handytag%40elitwork.com:2.2
FF - prefs.js..extensions.enabledAddons: MafiaaFire%40mafiaafire.com:0.9d
FF - prefs.js..extensions.enabledAddons: magnetiser%40hotsexgary.com:0.975
FF - prefs.js..extensions.enabledAddons: multilinks%40plugin:3.0.0.19
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6
FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621
FF - prefs.js..extensions.enabledAddons: tagmarks%40felipc.com:1.0.1
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.15.1
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Bcd617372-6743-4ee4-bac4-fbf60f35719e%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.15
FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5
FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.25.1
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic%40eric.h.jung:3.1.3
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.5
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.6
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.2
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.4.3
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:0.6.2.4
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.4
FF - prefs.js..extensions.enabledItems: {FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}:1.3.5
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.0.14
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.20110211
FF - prefs.js..extensions.enabledItems: {cd617372-6743-4ee4-bac4-fbf60f35719e}:2.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.131046
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.8.5
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: {BB359C50-BFC9-4f40-8302-3FE5A499A859}:3.6.1
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.71
FF - prefs.js..extensions.enabledItems: {a78f0ac6-753b-491b-9021-cd2aec3502d9}:3.6
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2009/06/12 15:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/20 23:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/12 14:24:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010/01/08 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/08 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/03/21 01:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions
[2009/08/05 08:24:15 | 000,000,000 | ---D | M] (Options Menu) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{1a6907cb-d310-4d82-bded-c0dd31f8d9a2}
[2009/11/02 14:37:04 | 000,000,000 | ---D | M] (Objection) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{289F3A4A-F3FF-4173-B994-DBC887E9C468}
[2011/02/07 08:29:25 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/02/08 19:38:58 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/07/14 20:22:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(63)
[2010/02/15 23:09:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(89)
[2013/01/24 11:11:18 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/04/17 09:53:08 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/06/30 23:49:58 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/06/17 15:19:59 | 000,000,000 | ---D | M] (Penn State Nittany Lions) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{a78f0ac6-753b-491b-9021-cd2aec3502d9}
[2009/06/10 22:57:05 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2010/07/23 00:55:24 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/11/03 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2010/07/14 20:22:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(64)
[2010/06/30 23:49:58 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2013/03/12 18:34:12 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/03/10 21:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}-trash
[2009/09/14 20:42:14 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2012/09/21 17:38:36 | 000,000,000 | ---D | M] (adblockvideo) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/03/04 12:26:11 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/07/15 22:19:31 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected](61).com
[2012/05/22 10:29:39 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/20 21:31:49 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/03/06 21:04:15 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/11/26 13:53:23 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/08/13 19:10:21 | 000,000,000 | ---D | M] (FlashLoader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/02/02 10:59:41 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/12/21 23:53:40 | 000,000,000 | ---D | M] ("Handytag") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/07/21 13:46:01 | 000,000,000 | ---D | M] (Next Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/07/14 20:22:29 | 000,000,000 | ---D | M] (Omnibar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected](62).com
[2011/06/29 07:01:47 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/02/15 23:09:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected](88).com
[2013/03/21 01:16:51 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/11/27 21:03:51 | 000,000,000 | ---D | M] (Tabberwocky) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/01/23 20:47:39 | 000,000,000 | ---D | M] (Tagmarks) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/02/21 22:53:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/20 21:31:49 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/05/11 07:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Sunbird\Profiles\uwu58twj.default\extensions
[2012/01/08 16:56:03 | 000,854,402 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/01/14 13:21:29 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/02/08 19:18:52 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/05/22 10:29:39 | 005,438,448 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/10/22 16:02:34 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/02/17 09:23:15 | 000,123,007 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/02/17 09:23:16 | 000,019,291 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/12/31 14:37:59 | 000,038,090 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/09/20 20:28:16 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/03/06 21:04:12 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/01/06 17:28:31 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/03/12 18:34:12 | 000,348,483 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/03/03 18:59:23 | 000,493,403 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi
[2011/07/17 11:43:27 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2013/03/04 12:25:45 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/18 08:48:37 | 001,494,925 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}.xpi
[2013/03/06 12:13:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/23 12:49:05 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/10/30 17:30:14 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/03/04 12:25:45 | 000,754,446 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/09/20 20:28:16 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/03/04 12:25:45 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009/06/10 22:57:05 | 000,828,588 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}\chrome\tmp.xpi
[2009/08/20 16:58:43 | 000,001,625 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\searchplugins\startpage-https.xml
[2013/03/12 14:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/12 14:24:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/02 06:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007/01/17 04:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2010/01/18 13:32:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2007/07/02 08:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/09/21 17:27:21 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/12 14:24:28 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Startpage HTTPS (Enabled)
CHR - default_search_provider: search_url = https://startpage.co...anguage=english
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://whatreallyhappened.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Translate = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: GroovesharkMenu = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfmokiidpofbgincdbjagbdkihkjfla\0.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bookmarks Tagger = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpiecafonfminhngabegejbligdagjfc\1.1.1_0\
CHR - Extension: Gmail Offline = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: Google Calendar = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Grooveshark Remote = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpifhknilaflibiifjhhofddbbchmhh\1.6.3_0\
CHR - Extension: Ghost incognito = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gedeaafllmnkkgbinfnleblcglamgebg\1.0.3_0\
CHR - Extension: FlashBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: Ads-free Grooveshark = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafggjhmihflaeblhdhjpbdadcofgfaf\0.5.1_0\
CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.21_0\
CHR - Extension: Evernote Web = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Linkclump = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.7.2_0\
CHR - Extension: AdSweep = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbdenjlkmp\2.1.6_0\
CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: AutoPager Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.8.0.4_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Click&Clean App = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.12_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Privacyfix by Privacychoice = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\4.0_0\

O1 HOSTS File: ([2011/10/05 21:46:31 | 000,437,128 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [InstallShieldSetup] "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -reboot"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\reboot.ini" File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: lastpass - file://C:\Users\Owner\AppData\LocalLow\lastpass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Owner\AppData\LocalLow\lastpass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.15.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: NameServer = 208.201.224.11,208.201.224.33
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll (MH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/03 01:29:29 | 000,000,000 | ---D | M] - L:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/24 16:38:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/22 15:46:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\backups
[2013/03/22 15:37:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2013/03/21 12:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/03/21 01:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass
[2013/03/20 22:17:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE
[2013/03/20 22:00:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVIDIA
[2013/03/13 00:01:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\JDownloader 2.0
[2013/03/13 00:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\i4j_jres
[2013/03/12 14:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/05 12:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\share
[2013/03/04 00:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/03/01 00:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013/03/01 00:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2012/01/30 11:56:25 | 010,965,504 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/24 16:38:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/24 16:35:41 | 000,008,512 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2013/03/24 15:59:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000UA.job
[2013/03/24 15:49:47 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 15:49:47 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/24 00:38:17 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/03/24 00:38:15 | 000,245,760 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/23 21:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000Core.job
[2013/03/22 15:38:11 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\HijackThis.exe
[2013/03/22 12:40:40 | 000,707,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/22 12:40:40 | 000,143,862 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/22 09:26:07 | 000,002,401 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013/03/21 01:16:57 | 010,965,504 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[2013/03/21 01:16:52 | 000,001,128 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2013/03/20 23:51:03 | 000,002,359 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2013/03/20 23:49:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 20:39:15 | 000,000,864 | ---- | M] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/03/20 19:49:21 | 000,016,505 | ---- | M] () -- C:\Users\Owner\Documents\maxUntitled 1.odt
[2013/03/20 19:49:04 | 000,029,054 | ---- | M] () -- C:\Users\Owner\Documents\Untitled 3.ods
[2013/03/18 23:52:47 | 000,016,084 | ---- | M] () -- C:\Users\Owner\Desktop\seagate.odt
[2013/03/14 06:04:04 | 000,002,086 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/13 00:06:08 | 000,001,900 | ---- | M] () -- C:\Users\Owner\Desktop\JDownloader.lnk
[2013/03/13 00:06:08 | 000,001,850 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2013/03/10 01:00:23 | 000,506,717 | ---- | M] () -- C:\Users\Owner\Desktop\American_Spanish_Phrases-USL.pdf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/21 01:16:43 | 000,001,128 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2013/03/20 20:39:15 | 000,000,864 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/03/20 19:49:19 | 000,016,505 | ---- | C] () -- C:\Users\Owner\Documents\maxUntitled 1.odt
[2013/03/20 19:49:02 | 000,029,054 | ---- | C] () -- C:\Users\Owner\Documents\Untitled 3.ods
[2013/03/18 18:27:48 | 000,016,084 | ---- | C] () -- C:\Users\Owner\Desktop\seagate.odt
[2013/03/12 23:50:55 | 000,001,900 | ---- | C] () -- C:\Users\Owner\Desktop\JDownloader.lnk
[2013/03/12 23:50:55 | 000,001,850 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk
[2013/03/12 23:50:42 | 000,001,850 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013/03/12 23:50:41 | 000,001,913 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013/03/12 23:50:41 | 000,001,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013/03/10 01:00:17 | 000,506,717 | ---- | C] () -- C:\Users\Owner\Desktop\American_Spanish_Phrases-USL.pdf
[2013/03/01 00:41:55 | 000,002,401 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2012/12/07 16:52:24 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/12/07 16:52:24 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/12/07 16:44:49 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/12/07 16:44:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/12/07 16:44:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/12/07 16:44:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/12/07 16:44:33 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012/09/28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/09/06 09:28:58 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012/09/06 09:28:56 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012/09/06 09:27:12 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/07/28 13:16:21 | 000,000,106 | ---- | C] () -- C:\Users\Owner\EnableUSBWrite.reg
[2012/07/25 08:14:42 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/05 16:16:21 | 000,008,512 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/01/20 22:17:01 | 000,191,727 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\gd.db
[2012/01/20 22:17:01 | 000,000,283 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\groovedown.settings
[2011/10/09 16:03:01 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/10/09 16:02:59 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/10/09 16:02:59 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/10/09 16:02:59 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/10/09 16:02:59 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/10/01 15:45:29 | 000,005,163 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\elul
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/25 13:48:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/28 13:59:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/07/28 13:59:58 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/06/30 13:55:58 | 000,000,140 | ---- | C] () -- C:\Windows\System32\ptl5.dat.{B03B289B-C438-4D0F-B3B0-52F9FE7B661D}
[2011/06/30 13:51:31 | 000,000,016 | ---- | C] () -- C:\Windows\System32\ptlx55.dat.{5728B11F-B697-47AA-9C1B-8ECB545B5193}
[2011/06/30 12:57:58 | 000,138,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
[2010/05/09 21:47:11 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2009/11/22 15:01:00 | 000,000,090 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.pls
[2009/11/05 08:54:35 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\sgeaxael3kiitbyhsirgbnkdqbs5vr4
[2009/08/27 12:06:32 | 000,000,081 | ---- | C] () -- C:\Users\Owner\notalonrecent
[2009/05/10 18:31:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/05/09 12:05:38 | 000,001,024 | ---- | C] () -- C:\Users\Owner\.rnd
[2009/05/06 20:48:55 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/04/24 21:00:26 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2009/04/24 20:30:41 | 000,245,760 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 20:22:24 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/24 16:41:17 | 002,621,440 | -HS- | C] () -- C:\Users\Owner\ntuser.bak

========== ZeroAccess Check ==========

[2006/11/02 05:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/04 22:07:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.Tribler
[2010/03/06 17:31:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\1morebee
[2009/07/14 19:26:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aisle 5 Games, Inc
[2009/11/25 15:50:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Alawar
[2011/02/07 09:45:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2010/10/12 11:01:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Anarchy
[2009/08/05 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Any Video Converter Professional
[2010/10/29 18:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Artifex Mundi
[2009/06/11 14:27:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2012/09/27 23:51:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2009/08/16 09:19:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylonia
[2012/09/28 00:02:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\backpocket.com
[2010/09/25 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Big Fish Games
[2009/08/25 15:13:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\blg
[2012/06/10 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BoneCraft
[2010/05/27 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Braintonik
[2013/01/25 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre
[2009/05/09 11:01:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canneverbe_Limited
[2009/08/03 12:56:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CasualForge
[2010/04/20 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD Art Display
[2013/02/20 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/08/19 16:12:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
[2010/05/04 11:20:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ContentGuard
[2012/12/07 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ControlCenter4
[2009/12/03 20:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Curious Sense
[2010/04/25 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DiskSpaceFan
[2011/10/09 19:04:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DisneyInteractiveStudios
[2011/01/01 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DivoGames
[2010/07/17 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Downloaded Installations
[2009/05/19 11:41:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dreamsdwell Stories
[2012/11/23 18:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2012/10/02 12:30:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
[2009/11/05 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ElementalsTheMagicKey
[2010/01/17 09:58:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ERS G-Studio
[2009/09/11 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EscapeFromParadise2
[2009/04/24 16:52:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ESET
[2009/07/02 13:41:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Faerie Solitaire
[2010/03/07 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Farm Mania 2
[2010/05/07 22:09:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2013/03/18 00:32:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\foobar2000
[2009/08/06 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit
[2010/02/05 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2011/02/11 11:17:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Friday's games
[2009/09/18 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\funkitron
[2009/11/25 20:20:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gamers Digital
[2009/10/13 11:17:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Games
[2009/10/23 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GamesCafe
[2011/10/09 14:10:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/08/15 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GraveyardShift
[2012/02/12 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Groovedown
[2011/08/07 01:45:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2009/10/16 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GTM_Bodie
[2010/01/12 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake
[2012/02/25 16:27:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hothead Games
[2009/05/27 20:34:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HuruBeachParty
[2009/07/04 14:45:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IronCode
[2009/10/22 07:39:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin_generic
[2009/09/21 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\johnsadventures.com
[2009/06/07 14:26:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeePass
[2012/01/20 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\lang
[2009/12/15 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/06/03 08:27:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lionhead Studios
[2010/01/22 10:10:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Magic Academy 2
[2010/05/26 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/11/06 16:00:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Merscom
[2012/06/10 17:12:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MinMaxGames
[2009/10/13 11:59:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Montpellier-Informatique
[2012/06/29 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2010/08/07 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NavNet Solutions
[2013/02/20 15:25:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nitro PDF
[2010/05/07 22:35:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nvu
[2009/04/25 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2010/03/27 07:59:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Peace Craft
[2009/06/13 00:21:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Pi Eye Games
[2011/02/11 10:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2009/11/14 14:00:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Playrix Entertainment
[2010/01/10 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Process Hacker
[2011/03/23 22:14:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PunkBuster
[2012/09/18 13:51:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\qBittorrent
[2012/06/01 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\redsn0w
[2009/07/16 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Reflexive JanesZOO
[2012/08/28 08:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RenPy
[2009/11/16 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIM Palm&PPC Upgrade Wizard
[2010/06/21 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\rockbox.org
[2010/10/23 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sahmon Games
[2013/03/23 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2011/07/01 16:35:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2010/01/08 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Songbird2
[2009/08/24 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stellarium
[2010/04/04 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\StreamTorrent
[2009/08/10 19:11:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2011/07/01 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Teleca
[2013/03/24 16:39:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
[2012/04/21 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrueCrypt
[2012/05/11 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUpMedia
[2010/12/21 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2009/06/28 08:29:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\UClick
[2011/02/13 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
[2013/03/24 17:06:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/01/09 10:33:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ValuSoft
[2010/01/01 18:34:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Virtual City
[2013/03/22 21:29:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Warner Bros. Interactive Entertainment
[2010/11/07 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C9B27A06
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B1CFD78
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EC01D6D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8DD20B4A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7ADCE5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1E86ADD2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:151760F0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA7D76BE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EE7AAC75
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DD36B71

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello inzeo


Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi Gringo

Ran all 3 scans...reports below

On a side note (as I presume it is unrelated) upon reboot I ran into an error

"Pheonix Award BIOS V6.00pg
Copyright 1994-2002
Floppy Disk(s) Fail (40)
F1 Continue
F2 Setup"

It has happened before and just hit F1 and all is fine.

Worked again this time, but don't know how important or pertinent it is to our work here

Thanks

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java™ 6 Update 16
Java™ 6 Update 21
Java™ SE Runtime Environment 6
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 21
Java version out of Date!
Adobe Flash Player 11.6.602.168
Mozilla Firefox (19.0.2)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

# AdwCleaner v2.115 - Logfile created 03/24/2013 at 19:01:29
# Updated 17/03/2013 by Xplode
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\jetpack

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19400

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\prefs.js

[OK] File is clean.

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jbz0529l.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [22091 octets] - [20/03/2013 23:24:24]
AdwCleaner[R2].txt - [22220 octets] - [20/03/2013 23:27:01]
AdwCleaner[R3].txt - [1467 octets] - [20/03/2013 23:38:44]
AdwCleaner[R4].txt - [1527 octets] - [20/03/2013 23:40:31]
AdwCleaner[R5].txt - [1489 octets] - [20/03/2013 23:47:14]
AdwCleaner[R6].txt - [1609 octets] - [20/03/2013 23:58:56]
AdwCleaner[S1].txt - [314 octets] - [20/03/2013 23:25:01]
AdwCleaner[S2].txt - [22818 octets] - [20/03/2013 23:27:13]
AdwCleaner[S3].txt - [323 octets] - [20/03/2013 23:46:55]
AdwCleaner[S4].txt - [1549 octets] - [20/03/2013 23:47:33]
AdwCleaner[S5].txt - [323 octets] - [24/03/2013 19:00:49]
AdwCleaner[S6].txt - [1698 octets] - [24/03/2013 19:01:29]

########## EOF - C:\AdwCleaner[S6].txt - [1758 octets] ##########


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 03/24/2013 19:35:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3} : NameServer (208.201.224.11,208.201.224.33) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Services\Tcpip\Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3} : NameServer (208.201.224.11,208.201.224.33) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\nvraid.sys -> HOOKED ([MAJOR] Unknown @ 0x878F71F8)

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10 EARS-00Z5B1 SCSI Disk Device +++++
--- User ---
[MBR] bcf0162a8e8f6c02c344acccce4597b4
[BSP] 8abefccd33de0d42deccd99166f8f0d0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 2048 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4339712 | Size: 951749 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD15 01FASS-00W2B SCSI Disk Device +++++
--- User ---
[MBR] cf09e2d07a1f575ad27d1aaab7e94cb3
[BSP] 013516fb2446321d0d776eaf1cfea63f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD64 00AACS-00G8B SCSI Disk Device +++++
--- User ---
[MBR] d4cc490d5488c6cd5b90c014ddc97fad
[BSP] 8f7d1b2c5ab2b6d781a128342fb52501 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_03242013_02d1935.txt >>
RKreport[1]_S_03242013_02d1928.txt ; RKreport[2]_D_03242013_02d1935.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello inzeo

The bios is looking for the floppy disk that most likely is not there - you need to go into the Bios and tell it not to look for it

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi Gringo

Ran combofix

Computer seems fine. seems to be running smoother.

What would you like me to do next?

Thank you

ComboFix 13-03-24.03 - Owner 03/24/2013 20:59:51.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.2006 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CEPx2E92.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-25 to 2013-03-25 )))))))))))))))))))))))))))))))
.
.
2013-03-25 04:11 . 2013-03-25 04:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-25 04:11 . 2013-03-25 04:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-25 04:11 . 2013-03-25 04:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-25 04:11 . 2013-03-25 04:11 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-03-25 01:02 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81DC9F27-7A66-4A8D-9AA0-D06773FD1F49}\mpengine.dll
2013-03-24 10:09 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 19:18 . 2013-03-21 19:18 -------- d-----w- c:\programdata\VS Revo Group
2013-03-21 08:16 . 2013-03-21 08:17 -------- d-----w- c:\program files\LastPass
2013-03-21 05:17 . 2013-03-21 05:17 -------- d-----w- c:\users\Owner\AppData\Local\CRE
2013-03-21 05:00 . 2013-03-21 05:00 -------- d-----w- c:\users\Owner\AppData\Roaming\NVIDIA
2013-03-13 07:01 . 2013-03-25 02:00 -------- d-----w- c:\users\Owner\AppData\Local\JDownloader 2.0
2013-03-13 07:01 . 2013-03-13 07:01 -------- d-----w- c:\program files\Common Files\i4j_jres
2013-03-05 19:54 . 2013-03-05 19:55 -------- d-----w- c:\program files\share
2013-03-01 07:41 . 2013-03-01 07:41 -------- d-----w- c:\program files\Seagate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 23:48 . 2009-05-29 16:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-03-21 08:16 . 2012-01-30 18:56 10965504 ----a-w- c:\program files\Common Files\lpuninstall.exe
2013-03-06 10:38 . 2011-06-11 09:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-24 06:12 . 2013-01-18 01:25 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-24 06:12 . 2010-08-13 22:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-19 15:58 . 2012-05-05 06:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-19 15:58 . 2011-08-26 01:42 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 03:20 . 2013-02-19 15:42 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:20 . 2013-02-19 15:42 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-10 03:20 . 2013-02-19 15:42 7964680 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20 . 2013-02-19 15:42 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20 . 2013-02-19 15:42 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20 . 2013-02-19 15:42 20534560 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-10 03:20 . 2013-02-19 15:42 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20 . 2013-02-19 15:42 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20 . 2013-02-19 15:42 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-10 03:20 . 2013-02-19 15:42 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-10 03:20 . 2013-01-18 00:25 15038296 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-10 03:20 . 2013-01-18 00:25 2528840 ----a-w- c:\windows\system32\nvapi.dll
2013-01-30 10:53 . 2009-10-03 02:17 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 11:59 . 2013-02-14 03:39 916480 ----a-w- c:\windows\system32\wininet.dll
2013-01-05 11:54 . 2013-02-14 03:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-05 11:54 . 2013-02-14 03:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-05 11:54 . 2013-02-14 03:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-05 11:54 . 2013-02-14 03:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-01-05 10:23 . 2013-02-14 03:39 385024 ----a-w- c:\windows\system32\html.iec
2013-01-05 08:47 . 2013-02-14 03:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-05 08:44 . 2013-02-14 03:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:26 . 2013-02-14 02:45 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-14 02:45 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-14 02:45 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:55 . 2013-02-14 02:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-04 01:38 . 2013-02-14 02:50 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-12 21:24 . 2013-03-12 21:24 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-10 00:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-11-22 4608]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2009-11-28 119104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-21 969104]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-3-2 1086816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-5-5 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackgroundSwitcher]
2009-11-28 12:25 119104 ----a-w- c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-06 21:41 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 17:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-09-29 20:14 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-03-09 09:30 636032 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 21:41]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 21:41]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 21:41]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 21:41]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{3298AD83-FB11-4B8D-B06B-AAA27FFDAB0C}.job
- c:\windows\system32\msfeedssync.exe [2013-02-14 08:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: lastpass - file://c:\users\Owner\AppData\LocalLow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Owner\AppData\LocalLow\lastpass\context.html?cmd=fillforms
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: NameServer = 208.201.224.11,208.201.224.33
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-AirVideoServer - c:\program files\AirVideoServer\AirVideoServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-24 21:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\IQE4E94.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,cd,7e,95,58,91,41,4c,a8,74,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,cd,7e,95,58,91,41,4c,a8,74,a0,\
.
[HKEY_USERS\S-1-5-21-1500155505-1741706647-2289308542-1000\Software\SecuROM\License information*]
"datasecu"=hex:dc,a3,81,82,fd,22,38,47,e7,15,bc,6c,e1,35,38,c6,33,da,7b,3f,1d,
48,9f,eb,6b,95,18,af,6d,d3,53,f9,c0,d1,a2,24,53,36,b3,31,76,8b,3b,71,fc,18,\
"rkeysecu"=hex:71,62,19,43,03,7a,a5,60,ab,c9,22,ec,40,9a,3f,26
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2744)
c:\program files\FileZilla FTP Client\fzshellext.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\CbFsNetRdr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Predator2\PredatorACE.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\UltraMon\UltraMon.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\UltraMon\UltraMonUiAcc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-03-24 21:55:13 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-25 04:54
ComboFix2.txt 2011-10-06 03:38
ComboFix3.txt 2011-10-06 03:14
.
Pre-Run: 255,830,343,680 bytes free
Post-Run: 255,763,591,168 bytes free
.
- - End Of File - - 901A092B141329B4D5FF917EEF67523D
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello inzeo

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#7
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi Gringo

Ran the script. Here is the log.

So far the computer seems to be running well....in particular restart time is much quicker

What is next?

Thank you

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


ComboFix 13-03-25.01 - Owner 03/25/2013 11:21:44.4.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3325.1637 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\elul
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-25 to 2013-03-25 )))))))))))))))))))))))))))))))
.
.
2013-03-25 18:31 . 2013-03-25 18:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-25 18:31 . 2013-03-25 18:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-25 18:31 . 2013-03-25 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-25 18:31 . 2013-03-25 18:31 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-03-25 05:18 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DF4617D-AE7F-472E-8784-790A0E745915}\mpengine.dll
2013-03-24 10:09 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-21 19:18 . 2013-03-21 19:18 -------- d-----w- c:\programdata\VS Revo Group
2013-03-21 08:16 . 2013-03-21 08:17 -------- d-----w- c:\program files\LastPass
2013-03-21 05:17 . 2013-03-21 05:17 -------- d-----w- c:\users\Owner\AppData\Local\CRE
2013-03-21 05:00 . 2013-03-21 05:00 -------- d-----w- c:\users\Owner\AppData\Roaming\NVIDIA
2013-03-13 07:01 . 2013-03-25 02:00 -------- d-----w- c:\users\Owner\AppData\Local\JDownloader 2.0
2013-03-13 07:01 . 2013-03-13 07:01 -------- d-----w- c:\program files\Common Files\i4j_jres
2013-03-05 19:54 . 2013-03-05 19:55 -------- d-----w- c:\program files\share
2013-03-01 07:41 . 2013-03-01 07:41 -------- d-----w- c:\program files\Seagate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-24 23:48 . 2009-05-29 16:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2013-03-21 08:16 . 2012-01-30 18:56 10965504 ----a-w- c:\program files\Common Files\lpuninstall.exe
2013-03-06 10:38 . 2011-06-11 09:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-02-24 06:12 . 2013-01-18 01:25 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-24 06:12 . 2010-08-13 22:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-19 15:58 . 2012-05-05 06:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-19 15:58 . 2011-08-26 01:42 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 03:20 . 2013-02-19 15:42 8944416 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-10 03:20 . 2013-02-19 15:42 892704 ----a-w- c:\windows\system32\nvdispgenco3220162.dll
2013-02-10 03:20 . 2013-02-19 15:42 7964680 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-10 03:20 . 2013-02-19 15:42 6267240 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-10 03:20 . 2013-02-19 15:42 2726176 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-10 03:20 . 2013-02-19 15:42 20534560 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-10 03:20 . 2013-02-19 15:42 1990944 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-10 03:20 . 2013-02-19 15:42 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-10 03:20 . 2013-02-19 15:42 12862400 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-10 03:20 . 2013-02-19 15:42 1012512 ----a-w- c:\windows\system32\nvdispco3220294.dll
2013-02-10 03:20 . 2013-01-18 00:25 15038296 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-10 03:20 . 2013-01-18 00:25 2528840 ----a-w- c:\windows\system32\nvapi.dll
2013-01-30 10:53 . 2009-10-03 02:17 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 11:59 . 2013-02-14 03:39 916480 ----a-w- c:\windows\system32\wininet.dll
2013-01-05 11:54 . 2013-02-14 03:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-01-05 11:54 . 2013-02-14 03:39 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-01-05 11:54 . 2013-02-14 03:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-01-05 11:54 . 2013-02-14 03:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-01-05 10:23 . 2013-02-14 03:39 385024 ----a-w- c:\windows\system32\html.iec
2013-01-05 08:47 . 2013-02-14 03:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-01-05 08:44 . 2013-02-14 03:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-05 05:26 . 2013-02-14 02:45 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26 . 2013-02-14 02:45 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28 . 2013-02-14 02:45 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:55 . 2013-02-14 02:45 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-04 01:38 . 2013-02-14 02:50 2048512 ----a-w- c:\windows\system32\win32k.sys
2013-03-12 21:24 . 2013-03-12 21:24 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-10 00:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2010-11-22 4608]
"BackgroundSwitcher"="c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2009-11-28 119104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-21 969104]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-3-2 1086816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2012-5-5 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackgroundSwitcher]
2009-11-28 12:25 119104 ----a-w- c:\program files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2009-06-10 13:22 334224 ----a-w- c:\program files\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-08-06 21:41 136176 ----atw- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 17:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2008-09-29 20:14 106496 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2012-03-09 09:30 636032 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 17:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 21:41]
.
2013-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 21:41]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 21:41]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 21:41]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{3298AD83-FB11-4B8D-B06B-AAA27FFDAB0C}.job
- c:\windows\system32\msfeedssync.exe [2013-02-14 08:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Clip selection - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: lastpass - file://c:\users\Owner\AppData\LocalLow\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Owner\AppData\LocalLow\lastpass\context.html?cmd=fillforms
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: NameServer = 208.201.224.11,208.201.224.33
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-25 11:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
nWØFÜ‹xFÜ‹ØFÜ‹ [0] 0x8BDC4589
nWØFÜ‹xFÜ‹ØFÜ‹ [0] 0xAD0FF289
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\IQE4E94.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,cd,7e,95,58,91,41,4c,a8,74,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6a,cd,7e,95,58,91,41,4c,a8,74,a0,\
.
[HKEY_USERS\S-1-5-21-1500155505-1741706647-2289308542-1000\Software\SecuROM\License information*]
"datasecu"=hex:dc,a3,81,82,fd,22,38,47,e7,15,bc,6c,e1,35,38,c6,33,da,7b,3f,1d,
48,9f,eb,6b,95,18,af,6d,d3,53,f9,c0,d1,a2,24,53,36,b3,31,76,8b,3b,71,fc,18,\
"rkeysecu"=hex:71,62,19,43,03,7a,a5,60,ab,c9,22,ec,40,9a,3f,26
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-03-25 11:35:03
ComboFix-quarantined-files.txt 2013-03-25 18:35
ComboFix2.txt 2013-03-25 04:55
ComboFix3.txt 2011-10-06 03:38
ComboFix4.txt 2011-10-06 03:14
.
Pre-Run: 262,964,817,920 bytes free
Post-Run: 262,901,567,488 bytes free
.
- - End Of File - - B7EDE01227A9B8419A7BAFF8349EEFA6
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello inzeo

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here you go, gringo

µTorrent
3D Sound Back Beta0.1
7-Zip 9.16 beta
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.15
Amazon Unbox Video
AMD APP SDK Runtime
AMD Catalyst Install Manager
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
Bloons TD 5 Deluxe version 1.10
Bonjour
Brother MFL-Pro Suite MFC-7360N
burnatonce
calibre
CamStudio
Camtasia Studio 6
Camtasia Studio 7
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD Wave Editor 1.98
CDisplay 1.8
CloneCD
Comic Life
Content Manager
Cool Edit Pro 2.0
Dell Support Center (Support Software)
Dell System Detect
doubleTwist
DriveImage XML (Private Edition)
DVD Shrink 3.2
DVDFab 8.2.1.3 (28/09/2012) Qt
EOS USB WIA Driver
Eraser 5.8.7
eReg
ESET Online Scanner v3
Evernote v. 4.6.3
eXtreme Music Manager 1.0.2.1 - Full Install!
FastPictureViewer WIC Codec Pack 1.30
FileZilla Client 3.3.2.1
Finale 2010
FLAC 1.2.1b (remove only)
foobar2000 v1.1.15
Foxit PDF Editor
Foxit PDF IFilter
Foxit Reader
GetDataBack for NTFS
GIMP 2.8.0
Google Chrome
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTC Driver Installer
Hulu Desktop
iExplorer 3.2.0.0
iPhone Configuration Utility
IrfanView (remove only)
iSkysoft Video Converter Ultimate(Build 2.3.2.2)
iTunes
iTunes Library Updater
Java Auto Updater
Java™ 6 Update 16
Java™ 6 Update 21
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 21
Java™ SE Runtime Environment 6
JDownloader 0.9
JDownloader 2.0
John's Background Switcher 4.1
K-Lite Codec Pack 9.7.5 (Basic)
LAME v3.98.3 for Audacity
LastPass(uninstall only)
LeapFrog Connect
LeapFrog My Pals Plugin
LG United Mobile Driver
Livescribe Connect
Livescribe Desktop
Logitech Harmony Remote Software 7
Logitech SetPoint 6.0
Logitech Touch Mouse Server 1.0
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MYMOVIES)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
mkw Audio Compression Toolkit
mkw Runtime Libraries
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Mp3tag Audio Indexer 1.05
Mp3tag v2.50
MPEG2 Codec(libmpeg2/mad)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Music Manager
NavNet
Nero 8
Nero Mega Plugin Pack
neroxml
Netflix in Windows Media Center
NirSoft Wireless Network Watcher
Nitro PDF Reader
Nuclear Coffee - ConvertVid
NVIDIA 3D Vision Controller Driver 305.27
NVIDIA Control Panel 305.27
NVIDIA Drivers
NVIDIA Graphics Driver 305.27
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0613
NVIDIA System Monitor
NVIDIA System Update
NVIDIA Update 1.10.8
NVIDIA Update Components
OpenAL
OpenOffice.org 3.4.1
Picasa 3
PlayFLV
Predator
Process Hacker 1.10
Product Documentation Launcher
Python 2.7.3
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Revo Uninstaller Pro 3.0.2
Ringtone Maker
SABnzbd 0.6.15
SeaTools for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
ShadowCopy
SimpleDivX
SopCast 3.5.0
Spirit Board v2.0
Spybot - Search & Destroy
Steam
Stellar Phoenix Photo Recovery
Stellar Phoenix Windows Data Recovery V3.0
StreamTorrent 1.0
swMSM
System Requirements Lab
TEFView 2.65
TeraCopy 2.1
TES Construction Set
TrueCrypt
TVUPlayer 2.5.3.1
Ubisoft Game Launcher
UltraMon
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
Veetle TV 0.9.18
VLC Connection Utility 2.60
VLC media player 2.0.5
Winamp
Winamp Detector Plug-in
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WinPcap 4.0.2
WinRAR archiver
WinSCP 4.2.7
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


µTorrent
Java™ 6 Update 16
Java™ 6 Update 21
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 21
Java™ SE Runtime Environment 6

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

Advertisements


#11
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi Gringo,

Tried to uninstall Java like you wanted and got an error for each and every attempt at each of the 5 programs..."internal error 2753. RegUtils"

The first attempt with revo crashed the computer...literally everything froze then shut down. then only tried to remove the programs with the windows uninstaller

ran the scans and the results are below

Thank you

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.25.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19400
Owner :: OWNER-PC [administrator]

Protection: Enabled

3/25/2013 8:32:11 PM
mbam-log-2013-03-25 (20-32-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256556
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:22 PM, on 3/25/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19400)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" /next
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [BackgroundSwitcher] "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" /next (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'UpdatusUser')
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: lastpass - file://C:\Users\Owner\AppData\LocalLow\lastpass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Owner\AppData\LocalLow\lastpass\context.html?cmd=fillforms
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O15 - Trusted Zone: *.dell.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: NameServer = 208.201.224.11,208.201.224.33
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Predator ACE (PredatorACE) - Montpellier-Informatique - C:\Program Files\Predator2\PredatorACE.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 10318 bytes
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

Use this to remove Java from the computer - http://singularlabs....larlabs-javara/

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" /next
      O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [BackgroundSwitcher] "C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" /next (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-1500155505-1741706647-2289308542-1006\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'UpdatusUser')
      O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
      O4 - Global Startup: UltraMon.lnk = ?

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#13
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi Gringo

the Java removal tool did not work.

removed the start up entries.

Expect the scan in a few hours......(needed to work on a paper for school and didn't want to interfere with the scan)

Thank you
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
no problem and I will be looking for you
  • 0

#15
inzeo

inzeo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
here's the eset log gringo.

Thank you for your patience

C:\Documents and Settings\Owner\AppData\Local\JDownloader 2.0\toolbar.exe Win32/Toolbar.Conduit application
C:\Documents and Settings\Owner\Local Settings\JDownloader 2.0\toolbar.exe Win32/Toolbar.Conduit application
C:\JDownloader 2.0\toolbar.exe Win32/Toolbar.Conduit application
C:\Program Files\Downloads\applications\flasher\psneuter Android/Exploit.Lotoor.AK trojan
C:\Program Files\LEGO Lord Of The Rings\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\java2.bat.vir BAT/Agent.NMA trojan
C:\Users\Owner\AppData\Local\JDownloader 2.0\toolbar.exe Win32/Toolbar.Conduit application
C:\Users\Owner\Local Settings\JDownloader 2.0\toolbar.exe Win32/Toolbar.Conduit application
J:\New Folder\testdisk-6.14-WIP.win\testdisk-6.14-WIP\recup_dir.227\f311443625_SoftonicDownloader.exe a variant of Win32/SoftonicDownloader.B application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RJEK5JX.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RKICLTX.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RKPK1ZU.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RL4KX93.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RLWCDPE.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RNIH06W.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RO8FYD5.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$ROYE528.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RP0BM5T Android/Exploit.Lotoor.AN trojan
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RPIUQ1M.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RPQ1L3H.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RS72CJI.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RU7T3VC.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RUBETH7.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RUHJYWX.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RUZQFZC.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RVO40WD.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RWF4T18.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RYLIZZ7.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RZ1NOO6.rar Win32/InstalleRex.E.Gen application
R:\$RECYCLE.BIN\S-1-5-21-1500155505-1741706647-2289308542-1000\$RZ9ZUN7.rar Win32/InstalleRex.E.Gen application
R:\Misc\096.PH.Pool.Party.wmv Win32/InstalleRex.E.Gen application
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP