Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tried to remove Privitize VPN, killed all running processes. [Solved]


  • This topic is locked This topic is locked

#1
johonn

johonn

    Member

  • Member
  • PipPipPip
  • 120 posts
Hey guys,

So since privitize vpn was right on TPB next to download links, I assumed it was safe. Dumb move. Should have looked it up first.

Anyway now I need to get rid of it. Funny thing is, I didn't notice any problems with windows till I tried to uninstall it. When I tried to uninstall it (or one of the programs it installed, actually) it killed what seemed to be all running processes. All my programs shut down and I got "X program encountered a problem and needed to close" messages from about 20 or so things, one or two that I hadn't even heard of before - gotta check that I guess. Anyway looks like it will be harder than I thought to get rid of it.

I'm running XP btw, which is probably also evident in the OTL logfile.

Thanks for the help!

Edit: using Chrome as my main browser. Not sure that info is in the log but it may be relevant.

LOG:

OTL logfile created on: 4/17/2013 6:27:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\My Documents\Downloads\software\Malware related
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 67.05% Memory free
6.83 Gb Paging File | 5.96 Gb Available in Paging File | 87.32% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 19.44 Gb Free Space | 28.09% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 273.77 Gb Free Space | 39.19% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 572.76 Gb Free Space | 40.99% Space Free | Partition Type: NTFS

Computer Name: JOHONN-DESKTOP | User Name: Johonn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/17 18:27:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\My Documents\Downloads\software\Malware related\OTL.exe
PRC - [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/13 11:04:17 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/15 23:19:21 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/01/11 11:25:38 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
PRC - [2010/06/15 04:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/12/18 12:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008/12/18 12:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/09/22 17:54:40 | 000,045,056 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012/08/27 22:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 22:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/31 11:21:46 | 000,396,288 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSBackupManager.dll
MOD - [2011/01/31 11:21:46 | 000,342,528 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll
MOD - [2011/01/11 11:25:38 | 000,467,968 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSWatcher4.dll
MOD - [2011/01/11 11:25:38 | 000,048,128 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogManager.dll
MOD - [2011/01/09 11:00:42 | 000,051,712 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll
MOD - [2011/01/09 11:00:42 | 000,043,008 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLibrariesManager.dll
MOD - [2011/01/09 11:00:42 | 000,038,400 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll
MOD - [2011/01/09 11:00:42 | 000,009,728 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_Proxy.dll
MOD - [2011/01/09 11:00:40 | 000,144,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\Settings.dll
MOD - [2011/01/09 11:00:40 | 000,111,616 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\BlockLevel2.dll
MOD - [2010/08/31 06:43:58 | 000,080,384 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll
MOD - [2010/08/31 06:42:12 | 000,023,040 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/15 06:00:28 | 000,921,088 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll
MOD - [2010/06/15 04:53:48 | 001,417,216 | ---- | M] () -- C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2008/12/18 12:05:40 | 000,457,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
MOD - [2008/12/18 12:05:40 | 000,191,008 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
MOD - [2008/12/18 12:04:44 | 000,109,088 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
MOD - [2008/10/07 01:33:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/03/13 11:04:17 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/30 10:05:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/11 11:25:38 | 000,362,624 | ---- | M] (Genie-Soft) [Auto | Running] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/12/18 12:05:40 | 000,457,248 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2008/12/18 12:05:40 | 000,191,008 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - [2013/04/17 18:20:10 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E06D7381-08CF-48D8-A45A-B4D7A920207F}\MpKsl31556bc7.sys -- (MpKsl31556bc7)
DRV - [2009/11/17 20:46:14 | 005,937,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/11/17 20:46:13 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (Monfilt)
DRV - [2009/11/17 20:46:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ambfilt.sys -- (Ambfilt)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/01/13 19:32:02 | 000,712,704 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008/11/12 16:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2008/08/01 10:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 10:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/18 03:28:10 | 000,384,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WPN111.sys -- (WPN111)
DRV - [2008/04/14 08:00:00 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/14 08:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2007/04/18 09:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 09:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 09:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 07:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 06:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 05:32:34 | 000,016,168 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2007/04/10 05:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 05:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 05:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 05:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 05:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 05:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 05:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2007/04/10 05:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchou.com/...fbc00114e&r=453

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...000001fbc00114e
IE - HKCU\..\SearchScopes,DefaultScope = 3AC374FC-8DCB-4AE5-8637-483CDFE8E029
IE - HKCU\..\SearchScopes\3AC374FC-8DCB-4AE5-8637-483CDFE8E029: "URL" = http://searchou.com/q=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search The Web (privitize)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=672991"
FF - prefs.js..browser.search.selectedEngine: "Search The Web (privitize)"
FF - prefs.js..browser.startup.homepage: "http://searchou.com/...00001fbc00114e"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.0.3
FF - prefs.js..extensions.enabledItems: {C985A313-E665-40EE-A705-4AED7F63B1C7}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.74.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://searchou.com/...00001fbc00114e"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 19:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C985A313-E665-40EE-A705-4AED7F63B1C7}: C:\Documents and Settings\Johonn\Local Settings\Application Data\{C985A313-E665-40EE-A705-4AED7F63B1C7}\ [2010/07/20 17:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected] [2013/04/02 18:20:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 13:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/16 22:54:10 | 000,000,000 | ---D | M]

[2009/10/18 14:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Extensions
[2013/04/02 18:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions
[2011/09/29 23:49:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/04/02 18:20:55 | 000,000,000 | ---D | M] (MaagniePic) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected]
[2010/02/02 08:38:29 | 000,000,000 | ---D | M] (Google Wave Add-on for Firefox) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected]
[2011/09/29 23:49:25 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected]
[2013/04/02 18:20:28 | 000,001,378 | ---- | M] () -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\searchplugins\privitize.xml
[2011/10/19 12:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/27 23:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/15 08:38:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/19 12:48:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/07/20 17:22:48 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JOHONN\LOCAL SETTINGS\APPLICATION DATA\{C985A313-E665-40EE-A705-4AED7F63B1C7}
[2010/03/07 19:12:21 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/11/08 04:00:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Bejeweled = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\.bak
CHR - Extension: Angry Birds = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TooManyTabs for Chrome = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Honey = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.1.3_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmelius - Ad Blocker and Better UI for Gmail = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.7.3_0\
CHR - Extension: 20 Cubed = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef\1.12_0\
CHR - Extension: Chain Reaction = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.2.1_0\
CHR - Extension: LastPass = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.24_0\
CHR - Extension: TiltShiftMaker = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
CHR - Extension: Bloons Tower Defense 4 = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibpkopmblbfloefojafboaliohmapnpl\1.0.0_0\
CHR - Extension: LoU Tweak = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb\1.5.9_0\
CHR - Extension: Autodesk Homestyler = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Gravity Duck = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.3.0_0\
CHR - Extension: Lagoonia = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnjcaihkcddgdgaghmnmfpkkfilombbm\1.38_0\
CHR - Extension: MaagniePic = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojbfdgembpnlcpjkaimaebhmedianjff\1\
CHR - Extension: Gmail = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0\

O1 HOSTS File: ([2012/11/13 21:08:47 | 000,001,211 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (privitize Helper Object) - {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files\Industriya\privitize\1.8.16.22\bh\privitize.dll (Industriya LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Johonn\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Documents and Settings\Johonn\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Johonn\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Johonn\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Johonn\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{066111F7-001A-4084-AE6F-48A61FA66B67}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Johonn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johonn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 12:12:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/20 22:41:41 | 000,000,000 | RH-D | M] - I:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 22:56:50 | 000,000,036 | RH-- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7362d2c1-0062-11e2-a1ad-001fbc00114e}\Shell - "" = AutoRun
O33 - MountPoints2\{7362d2c1-0062-11e2-a1ad-001fbc00114e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7362d2c1-0062-11e2-a1ad-001fbc00114e}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{76cb22b1-dfc7-11e0-a187-001fbc00114e}\Shell - "" = AutoRun
O33 - MountPoints2\{76cb22b1-dfc7-11e0-a187-001fbc00114e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{76cb22b1-dfc7-11e0-a187-001fbc00114e}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/16 17:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/04/03 00:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EAGLE Layout Editor 6.4.0
[2013/04/03 00:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-6.4.0
[2013/04/02 18:54:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/02 18:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Start Menu\Programs\PrivitizeVPN
[2013/04/02 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
[2013/04/02 18:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CLSoft LTD
[2013/04/02 18:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\MagniPic
[2013/04/02 18:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MaagniePic
[2013/04/02 18:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/04/02 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Industriya
[2013/04/02 18:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Application Data\Industriya
[2013/03/25 20:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/25 09:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/03/25 00:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/25 00:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/25 00:14:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/12/27 14:25:49 | 009,163,464 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/17 18:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/17 17:36:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003UA.job
[2013/04/17 16:55:37 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/17 16:46:29 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/17 16:45:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/17 16:45:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 16:45:56 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-329068152-1788223648-682003330-1003.job
[2013/04/17 16:45:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/17 00:43:18 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/17 00:43:18 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/17 00:43:18 | 000,028,068 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/17 00:43:18 | 000,028,068 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/17 00:43:18 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/16 21:36:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003Core.job
[2013/04/16 17:29:20 | 003,744,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/15 21:25:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/15 20:36:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/09 00:46:39 | 004,933,461 | ---- | M] () -- C:\WINDOWS\{00000006-00000000-00000009-00001102-00000004-20071102}.CDF
[2013/04/09 00:46:39 | 004,933,461 | ---- | M] () -- C:\WINDOWS\{00000006-00000000-00000009-00001102-00000004-20071102}.BAK
[2013/04/03 00:03:36 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Johonn\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/30 18:59:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-329068152-1788223648-682003330-1003.job
[2013/03/29 21:21:18 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Johonn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/25 20:27:00 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/25 09:48:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/25 00:14:04 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/25 20:27:00 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/02/27 16:42:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Johonn\Local Settings\Application Data\PUTTY.RND
[2013/02/15 00:54:20 | 000,050,672 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/01/29 21:26:53 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/11/13 20:47:47 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Johonn\.recently-used.xbel
[2012/08/30 12:33:45 | 000,004,021 | ---- | C] () -- C:\Documents and Settings\Johonn\Application Data\LTspiceIV.ini
[2012/08/27 11:14:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 22:12:06 | 000,002,880 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/09/16 22:12:06 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\85399E84D3.sys
[2011/09/01 21:36:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/09/01 21:31:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2011/09/01 21:31:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2009/11/11 20:22:30 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Johonn\webct_upload_applet.properties
[2009/11/07 22:38:11 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Johonn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/11/03 08:44:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/21 15:06:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/28 16:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/11/08 10:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2011/01/29 17:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/11/03 08:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2013/04/02 18:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CLSoft LTD
[2013/04/17 18:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/11/01 17:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2013/04/17 18:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MaagniePic
[2012/10/12 10:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2013/02/27 15:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soft Gold
[2009/10/18 15:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/02/03 21:37:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2011/06/24 21:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2013/04/16 23:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\.minecraft
[2013/04/17 18:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\.purple
[2013/02/15 01:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Amazon
[2009/11/05 20:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\CadSoft
[2009/11/03 08:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Canneverbe_Limited
[2013/04/17 16:48:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Dropbox
[2011/04/13 12:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Foxit Software
[2011/04/20 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Fritzing
[2010/01/23 18:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\GARMIN
[2011/04/08 17:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Genie-Soft
[2013/03/22 18:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\gtk-2.0
[2013/04/17 18:22:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Industriya
[2010/04/14 23:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\inkscape
[2009/11/01 15:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\InterTrust
[2011/04/11 20:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\iolo
[2011/04/19 18:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\JGoodies
[2012/10/12 10:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Musicnotes
[2011/03/20 13:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Notepad++
[2010/02/07 22:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\NumusDiskBuilder
[2011/04/20 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\nView_Wallpaper
[2009/11/08 23:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\OpenOffice.org
[2011/03/27 17:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Opera
[2013/02/27 15:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Soft Gold
[2013/04/03 19:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\uTorrent
[2009/11/09 00:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\Wireshark
[2010/03/31 09:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Johonn\Application Data\xm1

========== Purity Check ==========



< End of report >

Edited by johonn, 17 April 2013 - 04:49 PM.

  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello johonn


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Thanks for the reply.

AdwCleaner log:

# AdwCleaner v2.200 - Logfile created 04/18/2013 at 20:31:19
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Johonn - JOHONN-DESKTOP
# Boot Mode : Normal
# Running from : E:\My Documents\Downloads\software\Malware related\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\clsoft ltd
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Program Files\MagniPic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.8 (en-US)

File : C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\prefs.js

C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\user.js ... Deleted !

Deleted : user_pref("browser.search.order.1", "Search The Web (privitize)");
Deleted : user_pref("browser.search.selectedEngine", "Search The Web (privitize)");
Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\edqbe94n.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v11.1.1190.0

File : C:\Documents and Settings\Johonn\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [351 octets] - [18/04/2013 20:29:01]
AdwCleaner[S2].txt - [3455 octets] - [18/04/2013 20:31:19]

########## EOF - C:\AdwCleaner[S2].txt - [3515 octets] ##########


---------------------------------------------------------------------------------------------------------------


RKreport Log:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Johonn [Admin rights]
Mode : Remove -- Date : 04/18/2013 20:47:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Documents and Settings\Johonn\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe") [-] -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:5643) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD74 0GD-00FLA0 SCSI Disk Device +++++
--- User ---
[MBR] 9fc67f106e0092a54e1a15f9bd69a396
[BSP] adb0cee320a0a92469da45a0d4d49da8 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST375064 0AS SCSI Disk Device +++++
--- User ---
[MBR] 5361e272f42e4a6dbffb7d7bd05cd93a
[BSP] bc7aa01aaf63872db4e8d3c05099b177 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 715402 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_04182013_02d2047.txt >>
RKreport[1]_S_04182013_02d2045.txt ; RKreport[2]_D_04182013_02d2047.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello johonn

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Hi,

Thanks again for the help.

Here's the log from combofix. I'm not noticing any problems, though I didn't really notice any beforehand, either. I do still see Privitize VPN in my installed programs list though, so I'd like to fully get rid of it. I haven't tried simply uninstalling it, because last time I did that it killed all my processes and didn't uninstall anything.

LOG:

ComboFix 13-04-18.03 - Johonn 04/19/2013 1:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2334 [GMT -4:00]
Running from: e:\my documents\Downloads\software\Malware related\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\_ctypes.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\_elementtree.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\_hashlib.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\_socket.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\_ssl.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\pyexpat.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\pysqlite2._sqlite.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\python27.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\pythoncom27.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\PyWinTypes27.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\select.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\unicodedata.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32api.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32com.shell.shell.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32crypt.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32event.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32file.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32inet.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32pdh.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32process.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32profile.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32security.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\win32ts.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\windows._cacheinvalidation.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._controls_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._core_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._gdi_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._html2.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._misc_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._windows_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wx._wizard.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wxbase294u_net_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wxbase294u_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wxmsw294u_adv_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wxmsw294u_core_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wxmsw294u_html_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI31202\wxmsw294u_webview_vc90.dll
c:\documents and settings\All Users\Application Data\85399E84D3.sys
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Johonn\Local Settings\Application Data\{C985A313-E665-40EE-A705-4AED7F63B1C7}
c:\documents and settings\Johonn\Local Settings\Application Data\{C985A313-E665-40EE-A705-4AED7F63B1C7}\chrome.manifest
c:\documents and settings\Johonn\Local Settings\Application Data\{C985A313-E665-40EE-A705-4AED7F63B1C7}\chrome\content\_cfg.js
c:\documents and settings\Johonn\Local Settings\Application Data\{C985A313-E665-40EE-A705-4AED7F63B1C7}\chrome\content\overlay.xul
c:\documents and settings\Johonn\Local Settings\Application Data\{C985A313-E665-40EE-A705-4AED7F63B1C7}\install.rdf
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\_ctypes.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\_elementtree.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\_hashlib.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\_socket.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\_ssl.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\pyexpat.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\pysqlite2._sqlite.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\python27.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\pythoncom27.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\PyWinTypes27.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\select.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\unicodedata.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32api.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32com.shell.shell.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32crypt.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32event.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32file.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32inet.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32pdh.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32process.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32profile.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32security.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\win32ts.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\windows._cacheinvalidation.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._controls_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._core_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._gdi_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._html2.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._misc_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._windows_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wx._wizard.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wxbase294u_net_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wxbase294u_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wxmsw294u_adv_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wxmsw294u_core_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wxmsw294u_html_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI31202\wxmsw294u_webview_vc90.dll
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))
.
.
2013-04-19 00:45 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BA25163B-9FE5-436B-BB6E-213AB5CA2285}\mpengine.dll
2013-04-16 00:28 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-03 04:12 . 2013-04-03 04:12 -------- d-----w- c:\program files\EAGLE-6.4.0
2013-04-02 22:21 . 2013-04-02 22:21 -------- d-----w- c:\program files\PrivitizeVPN
2013-04-02 22:20 . 2013-04-17 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MaagniePic
2013-04-02 22:20 . 2013-04-02 22:20 -------- d-----w- c:\program files\Industriya
2013-04-02 22:20 . 2013-04-17 22:22 -------- d-----w- c:\documents and settings\Johonn\Application Data\Industriya
2013-03-25 13:48 . 2013-03-25 13:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2013-03-25 04:14 . 2013-03-25 04:14 -------- d-----w- c:\program files\Common Files\Skype
2013-03-25 04:14 . 2013-03-25 04:14 -------- d-----r- c:\program files\Skype
2013-03-21 21:08 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2010-07-20 22:37 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 15:04 . 2013-03-13 15:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 15:04 . 2009-11-09 03:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-13 15:04 . 2012-09-17 02:54 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-13 15:04 . 2010-12-28 03:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2009-10-18 16:09 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:06 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:06 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:06 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 00:38 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2013-02-12 04:29 . 2011-09-17 02:12 2880 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-30 03:01 . 2009-10-18 11:28 90112 ----a-w- c:\windows\DUMP7d9c.tmp
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-27 18:25 . 2010-12-27 18:25 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-03-29 1631144]
"RemoteCenter"="c:\program files\Creative\SBAudigy4\Entertainment Center\RcMan.exe" [2004-09-21 172032]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-06-15 98304]
"F.lux"="c:\documents and settings\Johonn\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2009-09-05 45091]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2004-09-22 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 1051264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18782720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"PrivitizeVPN"="c:\program files\PrivitizeVPN\PrivitizeVPN.exe" [2013-04-02 196784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-27 9163464]
.
c:\documents and settings\Johonn\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Johonn\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 05:00 45056 ------w- c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-26 05:19 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Documents and Settings\\Johonn\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Johonn\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [1/11/2011 11:25 AM 362624]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [11/17/2009 8:46 PM 1684736]
S3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [1/29/2013 9:26 PM 712704]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/18/2008 3:28 AM 384608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-16 01:25 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 18:56]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 18:56]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003Core.job
- c:\documents and settings\Johonn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 08:55]
.
2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003UA.job
- c:\documents and settings\Johonn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 08:55]
.
2013-04-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://searchou.com/?id=c81df34f000000000000001fbc00114e
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\
FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=c81df34f000000000000001fbc00114e
FF - prefs.js: keyword.URL - hxxp://searchou.com/?q={searchTerms}&id=c81df34f000000000000001fbc00114e
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Google Wave Add-on for Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LastPass: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Corel File Shell Monitor - c:\program files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
MSConfigStartUp-DeviceDiscovery - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-19 01:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\nvLsp.dll
.
Completion time: 2013-04-19 01:07:09
ComboFix-quarantined-files.txt 2013-04-19 05:07
.
Pre-Run: 20,395,192,320 bytes free
Post-Run: 28,231,434,240 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\wubildr.mbr = "Ubuntu"
.
- - End Of File - - 99FADB7BF3DA68B6962C1B9E727CDA4F
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello johonn

I would like you to rerun OTL for me and send me the fresh scan for me.

Run New OTL Scan


  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

#7
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Here's the report:

OTL logfile created on: 4/19/2013 1:09:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\My Documents\Downloads\software\Malware related
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 74.74% Memory free
6.83 Gb Paging File | 6.27 Gb Available in Paging File | 91.81% Paging File free
Paging file location(s): c:\pagefile.sys 4096 8192 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.23 Gb Total Space | 26.24 Gb Free Space | 37.90% Space Free | Partition Type: NTFS
Drive E: | 698.63 Gb Total Space | 277.82 Gb Free Space | 39.77% Space Free | Partition Type: NTFS

Computer Name: JOHONN-DESKTOP | User Name: Johonn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\My Documents\Downloads\software\Malware related\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Johonn\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
PRC - C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
PRC - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe (Genie-Soft)
PRC - C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe (The PHP Group)
PRC - C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe ()
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
PRC - C:\Documents and Settings\Johonn\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\pysqlite2._sqlite.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32com.shell.shell.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\_elementtree.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32api.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._html2.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\_socket.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32ts.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32crypt.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\windows._cacheinvalidation.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._gdi_.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._misc_.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\pythoncom27.dll ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\_ctypes.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32profile.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._core_.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\PyWinTypes27.dll ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32security.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\_ssl.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32pdh.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._windows_.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\_hashlib.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32process.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._wizard.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32file.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32inet.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\wx._controls_.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\unicodedata.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\pyexpat.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\win32event.pyd ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Temp\_MEI13082\select.pyd ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSBackupManager.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSIndexDB.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSWatcher4.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSLogManager.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_XP.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\QueueManager.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSLibrariesManager.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSLogging.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\VSSEngine_Proxy.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\Settings.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\BlockLevel2.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSEncryption.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\GSCurl.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\sqlite3.dll ()
MOD - C:\Program Files\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Program Files\Pidgin\plugins\spellchk.dll ()
MOD - C:\Program Files\Pidgin\plugins\xmppdisco.dll ()
MOD - C:\Program Files\Pidgin\plugins\xmppconsole.dll ()
MOD - C:\Program Files\Pidgin\plugins\ticker.dll ()
MOD - C:\Program Files\Pidgin\plugins\winprefs.dll ()
MOD - C:\Program Files\Pidgin\plugins\pidginrc.dll ()
MOD - C:\Program Files\Pidgin\plugins\win2ktrans.dll ()
MOD - C:\Program Files\Pidgin\plugins\notify.dll ()
MOD - C:\Program Files\Pidgin\plugins\ssl-nss.dll ()
MOD - C:\Program Files\Pidgin\plugins\timestamp.dll ()
MOD - C:\Program Files\Pidgin\plugins\offlinemsg.dll ()
MOD - C:\Program Files\Pidgin\plugins\timestamp_format.dll ()
MOD - C:\Program Files\Pidgin\plugins\statenotify.dll ()
MOD - C:\Program Files\Pidgin\plugins\sendbutton.dll ()
MOD - C:\Program Files\Pidgin\plugins\relnot.dll ()
MOD - C:\Program Files\Pidgin\plugins\psychic.dll ()
MOD - C:\Program Files\Pidgin\plugins\ssl.dll ()
MOD - C:\Program Files\Pidgin\libjabber.dll ()
MOD - C:\Program Files\Pidgin\plugins\libmsn.dll ()
MOD - C:\Program Files\Pidgin\liboscar.dll ()
MOD - C:\Program Files\Pidgin\plugins\libqq.dll ()
MOD - C:\Program Files\Pidgin\libymsg.dll ()
MOD - C:\Program Files\Pidgin\plugins\libsilc.dll ()
MOD - C:\Program Files\Pidgin\plugins\libgg.dll ()
MOD - C:\Program Files\Pidgin\plugins\libsametime.dll ()
MOD - C:\Program Files\Pidgin\plugins\libnovell.dll ()
MOD - C:\Program Files\Pidgin\plugins\libmyspace.dll ()
MOD - C:\Program Files\Pidgin\plugins\libirc.dll ()
MOD - C:\Program Files\Pidgin\plugins\libbonjour.dll ()
MOD - C:\Program Files\Pidgin\plugins\libsimple.dll ()
MOD - C:\Program Files\Pidgin\plugins\log_reader.dll ()
MOD - C:\Program Files\Pidgin\plugins\libxmpp.dll ()
MOD - C:\Program Files\Pidgin\plugins\convcolors.dll ()
MOD - C:\Program Files\Pidgin\plugins\libyahoo.dll ()
MOD - C:\Program Files\Pidgin\plugins\libyahoojp.dll ()
MOD - C:\Program Files\Pidgin\plugins\markerline.dll ()
MOD - C:\Program Files\Pidgin\plugins\history.dll ()
MOD - C:\Program Files\Pidgin\plugins\autoaccept.dll ()
MOD - C:\Program Files\Pidgin\plugins\idle.dll ()
MOD - C:\Program Files\Pidgin\plugins\joinpart.dll ()
MOD - C:\Program Files\Pidgin\plugins\libicq.dll ()
MOD - C:\Program Files\Pidgin\plugins\extplacement.dll ()
MOD - C:\Program Files\Pidgin\plugins\libaim.dll ()
MOD - C:\Program Files\Pidgin\plugins\newline.dll ()
MOD - C:\Program Files\Pidgin\plugins\gtkbuddynote.dll ()
MOD - C:\Program Files\Pidgin\idletrack.dll ()
MOD - C:\Program Files\Pidgin\plugins\buddynote.dll ()
MOD - C:\Program Files\Pidgin\plugins\iconaway.dll ()
MOD - C:\Program Files\Pidgin\libsilc-1-1-2.dll ()
MOD - C:\Program Files\Pidgin\libsilcclient-1-1-2.dll ()
MOD - C:\Program Files\Pidgin\libxml2.dll ()
MOD - C:\Program Files\Pidgin\libmeanwhile-1.dll ()
MOD - C:\Program Files\Pidgin\libgtkspell.dll ()
MOD - C:\Documents and Settings\Johonn\Local Settings\Apps\F.lux\flux.exe ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\libpangocairo-1.0-0.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\libpng12-0.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\libgio-2.0-0.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\libcairo-2.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\lib\gtk-2.0\2.10.0\engines\libwimp.dll ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Program Files\Common Files\GTK\2.0\bin\zlib1.dll ()
MOD - C:\Program Files\Aspell\bin\aspell-15.dll ()


========== Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (GenieTimelineService) -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe (Genie-Soft)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Johonn\LOCALS~1\Temp\catchme.sys File not found
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (WPN111) -- C:\WINDOWS\system32\drivers\WPN111.sys (Atheros Communications, Inc.)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (COMMONFX.DLL) -- C:\WINDOWS\system32\COMMONFX.DLL (Creative Technology Ltd)
DRV - (CT20XUT.DLL) -- C:\WINDOWS\system32\CT20XUT.DLL (Creative Technology Ltd.)
DRV - (CTHWIUT.DLL) -- C:\WINDOWS\system32\CTHWIUT.DLL (Creative Technology Ltd.)
DRV - (CTEXFIFX.DLL) -- C:\WINDOWS\system32\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV - (CTEDSPSY.DLL) -- C:\WINDOWS\system32\CTEDSPSY.DLL (Creative Technology Ltd)
DRV - (CTEDSPIO.DLL) -- C:\WINDOWS\system32\CTEDSPIO.DLL (Creative Technology Ltd)
DRV - (CTEDSPFX.DLL) -- C:\WINDOWS\system32\CTEDSPFX.DLL (Creative Technology Ltd)
DRV - (CTERFXFX.DLL) -- C:\WINDOWS\system32\CTERFXFX.DLL (Creative Technology Ltd)
DRV - (CTEAPSFX.DLL) -- C:\WINDOWS\system32\CTEAPSFX.DLL (Creative Technology Ltd)
DRV - (CTSBLFX.DLL) -- C:\WINDOWS\system32\CTSBLFX.DLL (Creative Technology Ltd)
DRV - (CTAUDFX.DLL) -- C:\WINDOWS\system32\CTAUDFX.DLL (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...000001fbc00114e
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\..\SearchScopes\3AC374FC-8DCB-4AE5-8637-483CDFE8E029: "URL" = http://searchou.com/q=
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=672991"
FF - prefs.js..browser.startup.homepage: "http://searchou.com/...00001fbc00114e"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.0.3
FF - prefs.js..extensions.enabledItems: {C985A313-E665-40EE-A705-4AED7F63B1C7}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.74.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://searchou.com/...00001fbc00114e"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 19:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected] [2013/04/02 18:20:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/23 13:02:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/16 22:54:10 | 000,000,000 | ---D | M]

[2009/10/18 14:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Extensions
[2013/04/02 18:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions
[2011/09/29 23:49:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/04/02 18:20:55 | 000,000,000 | ---D | M] (MaagniePic) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected]
[2010/02/02 08:38:29 | 000,000,000 | ---D | M] (Google Wave Add-on for Firefox) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected]
[2011/09/29 23:49:25 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\extensions\[email protected]
[2013/04/02 18:20:28 | 000,001,378 | ---- | M] () -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\searchplugins\privitize.xml
[2011/10/19 12:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/27 23:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/15 08:38:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/19 12:48:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOHONN\LOCAL SETTINGS\APPLICATION DATA\{C985A313-E665-40EE-A705-4AED7F63B1C7}
[2010/03/07 19:12:21 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/11/08 04:00:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Johonn\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Bejeweled = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\
CHR - Extension: Xmarks Bookmark Sync = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\.bak
CHR - Extension: Angry Birds = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: TooManyTabs for Chrome = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Honey = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.1.3_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Add to Amazon Wish List = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: Alexa Traffic Rank = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\3.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmelius - Ad Blocker and Better UI for Gmail = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl\5.7.3_0\
CHR - Extension: 20 Cubed = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\geghmabifcdlkmpnkapfefbbfaonhcef\1.12_0\
CHR - Extension: Chain Reaction = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gemgfpodpjapjhfohdlibagceiknakpa\1.2_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.2.1_0\
CHR - Extension: LastPass = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.24_0\
CHR - Extension: TiltShiftMaker = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.3_0\
CHR - Extension: Bloons Tower Defense 4 = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ibpkopmblbfloefojafboaliohmapnpl\1.0.0_0\
CHR - Extension: LoU Tweak = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iglgjgbiphjfbkbdgaffpdplhhbmpmkb\1.5.9_0\
CHR - Extension: Autodesk Homestyler = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Gravity Duck = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.3.0_0\
CHR - Extension: Lagoonia = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mnjcaihkcddgdgaghmnmfpkkfilombbm\1.38_0\
CHR - Extension: MaagniePic = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojbfdgembpnlcpjkaimaebhmedianjff\1\
CHR - Extension: Gmail = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Johonn\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0\

O1 HOSTS File: ([2013/04/19 01:05:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKU\S-1-5-21-329068152-1788223648-682003330-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-329068152-1788223648-682003330-1003..\Run: [F.lux] C:\Documents and Settings\Johonn\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-329068152-1788223648-682003330-1003..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-329068152-1788223648-682003330-1003..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKU\S-1-5-21-329068152-1788223648-682003330-1003..\Run: [RemoteCenter] C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-329068152-1788223648-682003330-1003..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Johonn\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Johonn\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Johonn\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1788223648-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1788223648-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1788223648-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1788223648-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{066111F7-001A-4084-AE6F-48A61FA66B67}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Johonn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Johonn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/18 12:12:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/19 00:57:33 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/04/19 00:55:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/04/19 00:55:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/04/19 00:55:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/04/19 00:55:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/04/19 00:55:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/19 00:55:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/18 20:44:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Desktop\RK_Quarantine
[2013/04/16 17:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/04/03 00:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EAGLE Layout Editor 6.4.0
[2013/04/03 00:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\EAGLE-6.4.0
[2013/04/02 18:54:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/04/02 18:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Start Menu\Programs\PrivitizeVPN
[2013/04/02 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
[2013/04/02 18:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MaagniePic
[2013/04/02 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Industriya
[2013/04/02 18:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Application Data\Industriya
[2013/03/25 20:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/25 09:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/03/25 00:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/25 00:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/25 00:14:00 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/03/21 17:08:05 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2010/12/27 14:25:49 | 009,163,464 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/19 13:11:29 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/19 13:01:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/19 13:01:54 | 004,933,461 | ---- | M] () -- C:\WINDOWS\{00000006-00000000-00000009-00001102-00000004-20071102}.CDF
[2013/04/19 13:01:40 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/04/19 13:01:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/19 13:01:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/19 02:04:18 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/19 02:04:18 | 000,030,432 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/19 02:04:18 | 000,028,068 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/19 02:04:18 | 000,028,068 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/19 02:04:18 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000006-00000000-00000009-00001102-00000004-20071102}.rfx
[2013/04/19 02:04:04 | 004,933,461 | ---- | M] () -- C:\WINDOWS\{00000006-00000000-00000009-00001102-00000004-20071102}.BAK
[2013/04/19 01:36:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003UA.job
[2013/04/19 01:24:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/19 01:05:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/04/19 00:57:38 | 000,000,354 | RHS- | M] () -- C:\boot.ini
[2013/04/19 00:54:54 | 000,000,823 | ---- | M] () -- C:\Documents and Settings\Johonn\Desktop\Shortcut to ComboFix.lnk
[2013/04/18 23:43:43 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\Johonn\.recently-used.xbel
[2013/04/18 21:36:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003Core.job
[2013/04/16 17:29:20 | 003,744,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/15 21:25:21 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/15 20:36:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/03 00:03:36 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Johonn\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/02 06:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/03/29 21:21:18 | 000,067,072 | ---- | M] () -- C:\Documents and Settings\Johonn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/25 20:27:00 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/25 09:48:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/25 00:14:04 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/19 00:57:38 | 000,000,238 | ---- | C] () -- C:\Boot.bak
[2013/04/19 00:57:35 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/04/19 00:55:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/04/19 00:55:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/04/19 00:55:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/04/19 00:55:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/04/19 00:55:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/04/19 00:54:54 | 000,000,823 | ---- | C] () -- C:\Documents and Settings\Johonn\Desktop\Shortcut to ComboFix.lnk
[2013/04/18 23:43:43 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\Johonn\.recently-used.xbel
[2013/03/25 20:27:00 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/02/27 16:42:32 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Johonn\Local Settings\Application Data\PUTTY.RND
[2013/02/15 00:54:20 | 000,050,672 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/01/29 21:26:53 | 000,015,312 | R--- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/08/30 12:33:45 | 000,004,021 | ---- | C] () -- C:\Documents and Settings\Johonn\Application Data\LTspiceIV.ini
[2012/08/27 11:14:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/16 22:12:06 | 000,002,880 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/09/01 21:36:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/09/01 21:31:14 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2011/09/01 21:31:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2009/11/11 20:22:30 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Johonn\webct_upload_applet.properties
[2009/11/07 22:38:11 | 000,067,072 | ---- | C] () -- C:\Documents and Settings\Johonn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/11/03 08:44:10 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/21 15:06:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello johonn

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image text box.
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/...000001fbc00114e
    IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\..\SearchScopes\3AC374FC-8DCB-4AE5-8637-483CDFE8E029: "URL" = http://searchou.com/q=
    IE - HKU\S-1-5-21-329068152-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    FF - prefs.js..browser.startup.homepage: "http://searchou.com/?id=c81df34f000000000000001fbc00114e"
    FF - prefs.js..keyword.URL: "http://searchou.com/?q={searchTerms}&id=c81df34f000000000000001fbc00114e"
    [2013/04/02 18:20:28 | 000,001,378 | ---- | M] () -- C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\searchplugins\privitize.xml
    O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
    [2013/04/02 18:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Start Menu\Programs\PrivitizeVPN
    [2013/04/02 18:21:20 | 000,000,000 | ---D | C] -- C:\Program Files\PrivitizeVPN
    [2013/04/02 18:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MaagniePic
    [2013/04/02 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Industriya
    [2013/04/02 18:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Johonn\Application Data\Industriya
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo
  • 0

#9
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Thanks! Looks like it's gone. I really appreciate the help! I'll keep watching how the system is going and let you know if anything seems weird.

Thanks again.

Here's the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
HKU\S-1-5-21-329068152-1788223648-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-329068152-1788223648-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
HKU\S-1-5-21-329068152-1788223648-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://searchou.com/...00001fbc00114e" removed from browser.startup.homepage
Prefs.js: "http://searchou.com/...00001fbc00114e" removed from keyword.URL
C:\Documents and Settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\searchplugins\privitize.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PrivitizeVPN deleted successfully.
C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe moved successfully.
C:\Documents and Settings\Johonn\Start Menu\Programs\PrivitizeVPN folder moved successfully.
Folder move failed. C:\Program Files\PrivitizeVPN scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\MaagniePic folder moved successfully.
C:\Program Files\Industriya\privitize\1.8.16.22\bh folder moved successfully.
C:\Program Files\Industriya\privitize\1.8.16.22 folder moved successfully.
C:\Program Files\Industriya\privitize folder moved successfully.
C:\Program Files\Industriya folder moved successfully.
C:\Documents and Settings\Johonn\Application Data\Industriya\privitize folder moved successfully.
C:\Documents and Settings\Johonn\Application Data\Industriya folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\My Documents\Downloads\software\Malware related\cmd.bat deleted successfully.
E:\My Documents\Downloads\software\Malware related\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Johonn
->Java cache emptied: 833182 bytes

User: LocalService
->Java cache emptied: 0 bytes

User: NetworkService

Total Java Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 456 bytes

User: All Users

User: Default User
->Flash cache emptied: 56502 bytes

User: Johonn
->Flash cache emptied: 59185 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04212013_010112

Files\Folders moved on Reboot...
C:\Program Files\PrivitizeVPN folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello johonn

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

Advertisements


#11
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Seems to be running quite well now, didn't have any problems running the script or anything.

Thanks again!

Log:

ComboFix 13-04-20.02 - Johonn 04/21/2013 10:52:12.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2320 [GMT -4:00]
Running from: e:\my documents\Downloads\software\Malware related\ComboFix.exe
Command switches used :: c:\documents and settings\Johonn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\_ctypes.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\_elementtree.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\_hashlib.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\_socket.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\_ssl.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\pyexpat.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\pysqlite2._sqlite.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\python27.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\pythoncom27.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\PyWinTypes27.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\select.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\unicodedata.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32api.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32com.shell.shell.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32crypt.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32event.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32file.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32inet.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32pdh.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32process.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32profile.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32security.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\win32ts.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\windows._cacheinvalidation.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._controls_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._core_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._gdi_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._html2.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._misc_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._windows_.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wx._wizard.pyd
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wxbase294u_net_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wxbase294u_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wxmsw294u_adv_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wxmsw294u_core_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wxmsw294u_html_vc90.dll
c:\docume~1\Johonn\LOCALS~1\Temp\_MEI4802\wxmsw294u_webview_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\_ctypes.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\_elementtree.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\_hashlib.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\_socket.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\_ssl.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\pyexpat.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\pysqlite2._sqlite.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\python27.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\pythoncom27.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\PyWinTypes27.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\select.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\unicodedata.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32api.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32com.shell.shell.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32crypt.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32event.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32file.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32inet.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32pdh.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32process.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32profile.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32security.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\win32ts.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\windows._cacheinvalidation.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._controls_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._core_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._gdi_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._html2.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._misc_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._windows_.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wx._wizard.pyd
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wxbase294u_net_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wxbase294u_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wxmsw294u_adv_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wxmsw294u_core_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wxmsw294u_html_vc90.dll
c:\documents and settings\Johonn\Local Settings\Temp\_MEI4802\wxmsw294u_webview_vc90.dll
I:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2013-03-21 to 2013-04-21 )))))))))))))))))))))))))))))))
.
.
2013-04-21 01:38 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2674410E-B063-4159-B5A5-20A9CA7DE30D}\mpengine.dll
2013-04-19 05:14 . 2013-04-10 03:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-03 04:12 . 2013-04-03 04:12 -------- d-----w- c:\program files\EAGLE-6.4.0
2013-03-25 13:48 . 2013-03-25 13:48 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2013-03-25 04:14 . 2013-03-25 04:14 -------- d-----w- c:\program files\Common Files\Skype
2013-03-25 04:14 . 2013-03-25 04:14 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2010-07-20 22:37 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-13 15:04 . 2013-03-13 15:04 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-13 15:04 . 2009-11-09 03:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-13 15:04 . 2012-09-17 02:54 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-13 15:04 . 2010-12-28 03:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2009-10-18 16:09 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:06 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:06 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:06 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 00:38 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
2013-02-12 04:29 . 2011-09-17 02:12 2880 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-30 03:01 . 2009-10-18 11:28 90112 ----a-w- c:\windows\DUMP7d9c.tmp
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2010-12-27 18:25 . 2010-12-27 18:25 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Johonn\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 20:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-03-29 1631144]
"RemoteCenter"="c:\program files\Creative\SBAudigy4\Entertainment Center\RcMan.exe" [2004-09-21 172032]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-06-15 98304]
"F.lux"="c:\documents and settings\Johonn\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]
"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2009-09-05 45091]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2004-09-22 45056]
"CTSysVol"="c:\program files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"Genie TimeLine Tray"="c:\program files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe" [2011-01-11 1051264]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18782720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-12-27 9163464]
.
c:\documents and settings\Johonn\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Johonn\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 17:29 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 05:00 45056 ------w- c:\program files\Creative\SBAudigy4\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2007-04-09 17:32 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-03-26 05:19 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Documents and Settings\\Johonn\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Johonn\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [1/11/2011 11:25 AM 362624]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [11/17/2009 8:46 PM 1684736]
S3 RT80x86;Linksys WPC600N/WMP600N Wireless-N Card Driver;c:\windows\system32\drivers\rt2860.sys [1/29/2013 9:26 PM 712704]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/18/2008 3:28 AM 384608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-16 01:25 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 18:56]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-18 18:56]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003Core.job
- c:\documents and settings\Johonn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 08:55]
.
2013-04-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1788223648-682003330-1003UA.job
- c:\documents and settings\Johonn\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 08:55]
.
2013-04-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Johonn\Application Data\Mozilla\Firefox\Profiles\or9uor95.default\
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Google Wave Add-on for Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LastPass: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-privitize - c:\program files\Industriya\privitize\1.8.16.22\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-21 10:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\nvLsp.dll
.
Completion time: 2013-04-21 10:59:31
ComboFix-quarantined-files.txt 2013-04-21 14:59
ComboFix2.txt 2013-04-19 05:07
.
Pre-Run: 28,083,953,664 bytes free
Post-Run: 28,208,394,240 bytes free
.
- - End Of File - - 50F8428BAD24BF2FF5F6CEB0A680FC28
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello johonn

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Here's the report you requested:

toolbar on IE and Chrome
µTorrent
7-Zip 9.20
ABViewer 9
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Content Viewer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS5.5
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 3.6
Adobe Reader X (10.0.1)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Avery Template - U_0363_01_BabyBlocks_0805_01_en
Bonjour
Bridge Construction Set Demo 1.39
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon EOS-1Ds Mark II WIA Driver
Canon EOS 5D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.0
Canon Utilities EOS Utility
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities WFT-E1/E2 Utility
Canon Utilities ZoomBrowser EX
CDBurnerXP
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro X
Corel PaintShop Photo Pro X3
Creative MediaSource
Creative System Information
Dropbox
EAGLE 5.6.0
EAGLE 5.8.0
EAGLE 6.3.0
EAGLE 6.4.0
ERUNT 1.1j
F.lux
Fotosizer 1.36
Foxit Reader
Fraps
Garmin Communicator Plugin
Garmin USB Drivers
Genie Timeline Free 2.1
GNU Aspell 0.50-3
Google Chrome
Google Drive
Google Earth
Google Gears
Google SketchUp 7
Google Talk Plugin
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Update
ICA
Inkscape 0.47
IPM_PSP_CL
IPM_PSP_COM
ISO Recorder
iTunes
Java 7 Update 17
Java Auto Updater
Java™ 6 Update 29
JDiskReport 1.4.0
JGoodies JDiskReport 1.3.2
LastPass (uninstall only)
Linksys Wireless Manager
LTspice IV
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Musicnotes Software Suite 1.7.2
Notepad++
Numus Disk Builder and Burner 2.2.7
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX v8.09.04
oDesk Team
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org 3.1
Opera 11.01
PDF Settings
PDF Settings CS5
Pidgin
Pontifex II
Portal
PSPPContent
PSPPRO_DCRAW
Pure Networks Platform
Realtek High Definition Audio Driver
RollerCoaster Tycoon 2 Triple Thrill Pack
RollerCoaster Tycoon Deluxe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Setup
Skype™ 6.1
Sound Blaster Audigy 4
Steam
Texmaker
TmNationsForever
Ubuntu
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VLC media player 2.0.5
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
WinImage
WinPcap 4.1.1
Wireshark 1.2.3
WModem Driver Installer
XML Paper Specification Shared Components Pack 1.0
Zune Desktop Theme
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove


µTorrent
Adobe Reader X (10.0.1)
Java 7 Update 17
Java™ 6 Update 29

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Update Adobe reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.



: Malwarebytes' Anti-Malware :


I see You have MBAM installed on the computer - that is great!! it is a very good program! I would like you to run a quick scan for me now

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#15
johonn

johonn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 120 posts
Could you just tell me why I need to remove these programs?

µTorrent
Adobe Reader X (10.0.1)
Java 7 Update 17
Java™ 6 Update 29

I use uTorrent and java, unless there is a newer version of Java on the machine. I believe I do have a different PDF reader installed, if not I'll install it now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP