Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

iCrossRider [Solved]

Started by Denisejm , Apr 19 2013 08:48 PM

  • This topic is locked This topic is locked

#16
Denisejm
Posted 27 April 2013 - 05:34 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
I just ran SpyBotS&D and it found iCrossRider again.
  • 0

Advertisements

#17
tom982
Posted 28 April 2013 - 12:21 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Denise,

Sorry for the delay, it's been a very busy weekend.

I'm sorry to hear it's cause you so much grief, but I'm afraid these things happen sometimes and you were just unlucky I guess.

We've got the MBAM log which is good enough, we'll just have to remove those manually :)

MBAM:

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.24.05

Windows XP Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: MYGIG [administrator]

Protection: Enabled

4/24/2013 10:16:36 AM
mbam-log-2013-04-24 (10-16-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202840
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

We should be able to finish off iCrossRider with OTL, but I would like a fresh log please:

OTL

  • Run OTL.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Regarding the missing coupons program, let's have a look to see what's left over then we can remove those manually as well:

System Look

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
*coupons*

:folderfind
*coupons*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Tom
  • 0

#18
Denisejm
Posted 28 April 2013 - 07:10 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
OTL.txt Report:


OTL logfile created on: 4/28/2013 9:01:07 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 65.03% Memory free
5.75 Gb Paging File | 4.12 Gb Available in Paging File | 71.68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 34.18 Gb Total Space | 5.45 Gb Free Space | 15.95% Space Free | Partition Type: NTFS
Drive D: | 897.33 Gb Total Space | 272.74 Gb Free Space | 30.39% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 646.55 Gb Free Space | 34.70% Space Free | Partition Type: NTFS
Drive F: | 698.64 Gb Total Space | 371.27 Gb Free Space | 53.14% Space Free | Partition Type: NTFS

Computer Name: MYGIG | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/23 12:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Avast5\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Avast5\AvastSvc.exe
PRC - [2008/03/24 18:48:52 | 003,310,928 | ---- | M] (Webshots.com) -- C:\Program Files (x86)\WebShots\Webshots.scr
PRC - [2000/11/24 14:12:20 | 000,212,992 | ---- | M] (MGI Software Corp.) -- C:\Program Files (x86)\MGI PhotoSuite 4\PhotoSuite.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/28 16:29:09 | 002,086,912 | ---- | M] () -- C:\Program Files\Avast5\defs\13042801\algo.dll
MOD - [2013/04/27 17:57:12 | 002,086,912 | ---- | M] () -- C:\Program Files\Avast5\defs\13042701\algo.dll
MOD - [2000/07/19 18:32:48 | 001,433,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\MGI Shared\Photo\PS4PVImageManager.dll
MOD - [2000/07/17 11:56:40 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Common Files\MGI Shared\Photo\PS4PhotoShopFilter.dll
MOD - [1999/08/04 12:00:00 | 000,019,968 | ---- | M] () -- C:\WINDOWS\SysWOW64\Cpuinf32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/09/10 12:14:54 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV - [2013/04/10 02:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Java x64 Version 7 Update 17 16Mar13\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/03/13 14:48:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/07/25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/18 08:00:00 | 000,110,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2007/02/18 08:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 08:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)
DRV - [2010/05/05 15:35:01 | 000,023,080 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/07/12 02:41:17 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\npf.sys -- (NPF)
DRV - [2007/02/18 08:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007/02/18 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)
DRV - [2006/09/07 13:19:22 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2002/07/16 21:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- C:\WINDOWS\SysWOW64\Drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = Yahoo!
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C}: "URL" = http://bing.zugo.com...cfg=2-80-0-Aqd3
IE - HKCU\..\SearchScopes\{396BB7C9-5011-4147-B1FA-E09617996123}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{3D41F773-C2A2-4541-8F58-DF94FA1311D3}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{928A65F1-E196-4684-A72F-468EF5214A24}: "URL" = http://www.tripadvis...q={searchTerms}
IE - HKCU\..\SearchScopes\{9ED67100-59C2-4EA1-B00A-5B3F66050152}: "URL" = http://query.nytimes...s}&opensearch=1
IE - HKCU\..\SearchScopes\{C92C89DF-3EF7-4640-B646-34D65835741D}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D01EF2D8-BE7A-4C3B-8053-B7959714AD54}: "URL" = http://www.fastbrows...E-0EE4AAF8FE4A}
IE - HKCU\..\SearchScopes\Yahoo!: "URL" = http://search.yahoo....-8&fr=chr-iobit
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java x64 Version 7 Update 17 16Mar13\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VLC Media Player 2.0.5\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Avast5\WebRep\FF [2013/03/14 12:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/04/12 10:30:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/27 13:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/27 13:55:59 | 000,000,000 | ---D | M]

[2013/04/26 11:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/04/27 13:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/27 13:56:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/01 14:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/12/30 06:47:50 | 000,002,037 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml
[2013/02/19 13:54:02 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java x64 Version 7 Update 17 16Mar13\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java x64 Version 7 Update 17 16Mar13\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\SysWOW64\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files (x86)\WebShots\Launcher.exe (Webshots.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8:64bit: - Extra context menu item: Send Image to Photo Library - C:\Documents and Settings\Administrator\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html ()
O8 - Extra context menu item: Send Image to Photo Library - C:\Documents and Settings\Administrator\Application Data\MGI\PhotoSuite4\Temp\MGI00000.html ()
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: flickr.com ([www] http in Trusted sites)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.co...sreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1321508482812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1321508432468 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.13.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DDC0173-88C1-41DE-B25C-585A91DC2F21}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CB7CFF-5BDF-4D03-B675-2F9E29EE4A2A}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C3728E0-79F6-4148-A857-00965E95E10C}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53EA468D-C928-4662-996B-38CD8D27EBD6}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EDEF09F-B6A1-4B5B-B62B-88BEB3A875C0}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D73C8726-9B00-4935-A8E3-AF24B6444BC5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Searchqu Toolbar\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Searchqu Toolbar\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\termsrv: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 06:56:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/27 19:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2013/04/27 16:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\MGI
[2013/04/27 13:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/26 16:52:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/26 16:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/04/26 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2013/04/26 11:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
[2013/04/26 11:52:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2013/04/26 11:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/26 11:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/26 10:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/26 10:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2013/04/26 10:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/26 10:33:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/26 10:33:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/26 10:13:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/04/24 10:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/24 10:39:56 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Administrator\My Documents\Desktop\esetsmartinstaller_enu.exe
[2013/04/23 13:00:04 | 000,000,000 | ---D | C] -- C:\Geeks to Go rootkit and malware removal programs
[2013/04/22 13:10:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2013/04/19 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/18 14:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Flashplayer 11x32 axau_mssd_aih
[2013/04/17 10:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MGI PhotoSuite 4
[2013/04/17 10:42:20 | 001,130,496 | ---- | C] (MGI Software Corp.) -- C:\WINDOWS\SysWow64\MGIIpl4PX.dll
[2013/04/17 10:42:20 | 000,098,304 | ---- | C] (MGI Software Corp.) -- C:\WINDOWS\SysWow64\MGI Album Screen Saver.scr
[2013/04/17 10:42:20 | 000,061,440 | ---- | C] (MGI Software Inc.) -- C:\WINDOWS\SysWow64\MGI Panorama Screen Saver.scr
[2013/04/17 10:42:20 | 000,024,576 | ---- | C] (MGI Software Corp.) -- C:\WINDOWS\SysWow64\MGIIpl4.dll
[2013/04/17 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MGI PhotoSuite 4
[2013/04/17 10:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Live Picture
[2013/04/16 19:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Corel User Files
[2013/04/16 19:03:31 | 000,000,000 | ---D | C] -- C:\MyFiles
[2013/04/16 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel WordPerfect
[2013/04/15 10:03:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MGI
[2013/04/13 16:04:24 | 000,000,000 | ---D | C] -- C:\motherboard_driver_sata_gb_sata2raid_ep45 v1.17.50.02
[2013/04/12 10:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 2.0.1
[2013/04/11 10:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/11 01:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Driver Genius Pro Edition
[2013/04/11 01:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Genius Pro.v8.0.Incl.Keymaker-CORE
[2013/04/11 00:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DriverGenius
[2013/04/11 00:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\JMicron Technology Corp
[2013/04/11 00:10:12 | 000,000,000 | ---D | C] -- C:\Drivers downloaded by Driver Genius 041013
[2013/04/11 00:04:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemInfoLOG Softwaree Download - Free Download -- Free Scan

========== Files - Modified Within 30 Days ==========

[2013/04/28 20:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/28 20:11:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/28 12:20:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
[2013/04/28 12:18:00 | 000,000,288 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/04/28 11:29:02 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/28 11:29:02 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Your File Updater.job
[2013/04/28 11:29:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1560305870-1003223559-3566357663-500.job
[2013/04/28 11:28:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/28 10:46:11 | 000,132,774 | ---- | M] () -- C:\0 0 0 Yahoo.bmp
[2013/04/28 10:36:51 | 000,030,054 | ---- | M] () -- C:\apod.bmp
[2013/04/28 10:12:12 | 000,000,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\- New 042013.lnk
[2013/04/28 10:09:46 | 000,109,568 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/27 23:38:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1560305870-1003223559-3566357663-500.job
[2013/04/27 17:19:27 | 000,001,509 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Solitaire.lnk
[2013/04/27 17:09:18 | 000,000,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Drive Index 042013.lnk
[2013/04/27 16:53:45 | 001,407,054 | ---- | M] () -- C:\My Computer Screenshot 042713.bmp
[2013/04/27 16:51:19 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2013/04/27 14:40:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\showdesktop.scf.scf
[2013/04/27 13:43:55 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\&Search.lnk
[2013/04/27 13:38:36 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MIX DL.lnk
[2013/04/27 12:54:48 | 000,001,219 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2013/04/27 12:50:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2013/04/27 12:50:54 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2013/04/27 12:49:02 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2013/04/27 12:48:01 | 000,000,461 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Programs.lnk
[2013/04/26 15:55:20 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2013/04/26 11:56:09 | 000,000,222 | ---- | M] () -- C:\boot.ini
[2013/04/26 10:01:55 | 003,888,054 | ---- | M] () -- C:\Documents and Settings\Administrator\Webshots Wallpaper.bmp
[2013/04/24 10:40:00 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Administrator\My Documents\Desktop\esetsmartinstaller_enu.exe
[2013/04/24 10:31:46 | 006,912,054 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\mbam.bmp
[2013/04/24 09:54:25 | 000,041,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\icr2c.jpg
[2013/04/23 12:17:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Desktop\OTL.exe
[2013/04/22 20:31:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2013/04/20 03:04:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2013/04/19 11:10:09 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/04/17 10:43:06 | 000,000,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MGI PhotoSuite 4.lnk
[2013/04/16 19:04:29 | 000,000,509 | ---- | M] () -- C:\WINDOWS\SysWow64\mapisvc.inf
[2013/04/16 11:42:13 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Desktop\04 April.lnk
[2013/04/08 11:59:38 | 000,042,078 | ---- | M] () -- C:\WINDOWS\PFP80JPR.{PB
[2013/04/08 11:59:38 | 000,008,438 | ---- | M] () -- C:\WINDOWS\PFP80JCM.{PB

========== Files Created - No Company Name ==========

[2013/04/28 10:43:50 | 000,132,774 | ---- | C] () -- C:\0 0 0 Yahoo.bmp
[2013/04/28 10:34:12 | 000,030,054 | ---- | C] () -- C:\apod.bmp
[2013/04/27 16:52:09 | 001,407,054 | ---- | C] () -- C:\My Computer Screenshot 042713.bmp
[2013/04/27 14:40:49 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\showdesktop.scf.scf
[2013/04/27 13:43:55 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\&Search.lnk
[2013/04/27 12:53:58 | 000,001,219 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Documents.lnk
[2013/04/27 12:50:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet.lnk
[2013/04/27 12:50:54 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (64-bit).lnk
[2013/04/27 12:50:10 | 000,001,509 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Solitaire.lnk
[2013/04/27 12:49:52 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Paint.lnk
[2013/04/27 12:49:02 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My Computer.lnk
[2013/04/27 12:48:09 | 000,000,386 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\- New 042013.lnk
[2013/04/27 12:48:01 | 000,000,461 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Desktop Programs.lnk
[2013/04/27 12:47:43 | 000,000,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Drive Index 042013.lnk
[2013/04/26 15:55:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mbam.context.scan
[2013/04/26 12:25:17 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Start Menu\Programs\Startup\Webshots.lnk
[2013/04/26 10:01:54 | 003,888,054 | ---- | C] () -- C:\Documents and Settings\Administrator\Webshots Wallpaper.bmp
[2013/04/24 10:31:46 | 006,912,054 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\mbam.bmp
[2013/04/24 09:53:49 | 000,041,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\icr2c.jpg
[2013/04/17 10:43:06 | 000,000,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MGI PhotoSuite 4.lnk
[2013/04/17 10:42:21 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2013/04/17 10:42:20 | 000,458,752 | ---- | C] () -- C:\WINDOWS\SysWow64\Fpl.dll
[2013/04/17 10:42:20 | 000,041,220 | ---- | C] () -- C:\WINDOWS\SysWow64\MGIScreenSaver.chm
[2013/04/16 11:42:13 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Desktop\04 April.lnk
[2013/04/12 10:28:35 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/08 11:59:38 | 000,042,078 | ---- | C] () -- C:\WINDOWS\PFP80JPR.{PB
[2013/04/08 11:59:38 | 000,008,438 | ---- | C] () -- C:\WINDOWS\PFP80JCM.{PB
[2013/02/20 00:25:57 | 000,307,282 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/11/02 13:37:38 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\dt.dat
[2012/09/16 12:12:44 | 000,037,376 | ---- | C] () -- C:\WINDOWS\SysWow64\VbVfw.dll
[2012/09/15 17:51:21 | 000,000,107 | ---- | C] () -- C:\WINDOWS\Tool - VobEdit.INI
[2012/09/13 12:05:23 | 000,074,703 | ---- | C] () -- C:\WINDOWS\SysWow64\mfc45.dat
[2012/03/02 17:14:00 | 000,000,098 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2011/08/05 22:25:10 | 000,000,031 | ---- | C] () -- C:\WINDOWS\SysWow64\mkvtoa4gfosini.dll
[2011/06/08 08:34:14 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2009/05/29 07:10:21 | 000,109,568 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/05/29 07:21:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 08:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2007/02/18 08:00:00 | 000,482,816 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/27 16:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MGI
[2013/04/26 10:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Webshots
[2010/02/18 13:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/07/05 10:14:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/05 00:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/09/25 16:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius
[2012/03/02 17:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier[2010/07/16 07:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2012/01/19 16:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro[2013/02/05 23:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2012/11/02 14:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/09/13 10:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic[2012/06/02 15:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2009/07/12 20:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft[2011/10/27 11:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/09/13 11:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software[2009/08/31 23:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/04 17:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/09/10 21:26:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013/02/05 23:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{5A85B23A-4B58-47D1-9B9C-DFBD7866099F}
[2013/02/05 23:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/02/05 23:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{D76294E6-03B8-4971-AF2E-3F846161A690}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D

< End of report >


The file names that I put in bold are files/programs that I don't know.

Edited by Denisejm, 28 April 2013 - 07:28 PM.

  • 0

#19
Denisejm
Posted 28 April 2013 - 07:12 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
There was no OTL Extras.Txt again.
  • 0

#20
Denisejm
Posted 28 April 2013 - 07:13 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
SystemLook 30.07.11 by jpshortstuff
Log created at 21:12 on 28/04/2013 by Administrator
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*coupons* "
No files found.

Searching for " "
No files found.

========== folderfind ==========

Searching for "*coupons*"
No folders found.

-= EOF =-
  • 0

#21
Denisejm
Posted 28 April 2013 - 07:33 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
I was just looking over the scans and programs that I ran and found that it wasn't MBAM that caused the problem, it was ESET Online Scanner. I still have it on my desktop but I really don't want to run it.
  • 0

#22
tom982
Posted 29 April 2013 - 04:36 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Denise,

Sorry for the delay. I turned 19 at the weekend and it's been very busy, so I'm playing catch up now!

My instructor is currently reviewing my fix and I will post it to you as soon as I get the go ahead :)

Tom
  • 0

#23
Denisejm
Posted 29 April 2013 - 09:48 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
HAPPY BIRTHDAY TOM!!! :cheers:


I'm not in a hurry so take your time.


When I got my pc back from the repair shop, Firefox no longer had my plug-ins or bookmarks. The tech must've removed them. If I remember correctly, the plug-ins that I was using were the bookmarks bar and enlarged fonts/icons. I haven't added them back and when I ran SpyBotS&D after being on Firefox, SpyBot didn't find iCrossRider again. It may be that one of the plug-ins for Firebox was placing it my pc. I also ran SuperAntiSpyware and it found 5 cookies that Firefox placed in my pc. The repair shop also ran some malware programs. He told me that he removed "a few" things but he didn't remember what they were. I had asked him to save any log files from things that he did but he didn't save any so I don't know what was the problems were or what he did/found/removed.


I'm interested in seeing if you found any problems too.
  • 0

#24
tom982
Posted 30 April 2013 - 10:27 AM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Denise,

Thank you! :)

I'm not sure what they removed in the repair shop but Coupon Companion is still present on your computer which we will have to remove with OTL. Thanks for letting me know which of those programs you didn't recognise, it was a big help! 2 of the 5 are safe but the other 3 we will have to remove:

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

    :OTL
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)

:files
C:\Program Files (x86)\Coupon Companion Plugin
C:\Documents and Settings\All Users\Application Data\EmailNotifier
C:\Documents and Settings\All Users\Application Data\ParetoLogic
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software

:reg
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}]

:commands
[EMPTYTEMP]

  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.


Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa

  • 0

#25
Denisejm
Posted 30 April 2013 - 11:22 AM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}\ deleted successfully.
C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll moved successfully.
========== FILES ==========
C:\Program Files (x86)\Coupon Companion Plugin folder moved successfully.
C:\Documents and Settings\All Users\Application Data\EmailNotifier folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ParetoLogic\RegCure Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\ParetoLogic folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\SpeedyPC Software folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 2344747 bytes
->Temporary Internet Files folder emptied: 5870653 bytes
->FireFox cache emptied: 17528507 bytes
->Flash cache emptied: 506 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57616 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 12024 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 616448 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 25.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04302013_131620

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8BD0.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8BEA.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8C51.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8C6B.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2DFOS1LC\page__st__15[1].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements

#26
Denisejm
Posted 30 April 2013 - 12:02 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
Java was updated to jre-7u21-windows-x64.
  • 0

#27
tom982
Posted 30 April 2013 - 12:40 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Denise,

Looking much better now! Could you post the OTL quick scan please? Just as a final check. Steps 4 and 5 of my OTL fix instructions:

http://www.geekstogo...ost__p__2290172

Tom
  • 0

#28
Denisejm
Posted 30 April 2013 - 01:22 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}\ not found.
File C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Coupon Companion Plugin not found.
File\Folder C:\Documents and Settings\All Users\Application Data\EmailNotifier not found.
File\Folder C:\Documents and Settings\All Users\Application Data\ParetoLogic not found.
File\Folder C:\Documents and Settings\All Users\Application Data\SpeedyPC Software not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 692112 bytes
->Temporary Internet Files folder emptied: 2580678 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2378627 bytes
->Flash cache emptied: 506 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 97766 bytes

Total Files Cleaned = 6.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04302013_151836

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD7C4.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD7DE.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD860.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD87A.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OB0HID87\page__st__15__p__2290172[2].htm moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#29
Denisejm
Posted 30 April 2013 - 01:25 PM

Denisejm

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 782 posts
I don't get iCrossRider any longer but I haven't added those Firefox plug-ins back in. Do you know if they may have caused iCrossRider to be installed in my pc?
  • 0

#30
tom982
Posted 30 April 2013 - 04:08 PM

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Denise,

The OTL log shows that the files have all been dealt with which is great! I would like to see one last OTL log just to double check everything is gone before I send you on your way:

OTL

  • Run OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window with OTL.txt, this is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and paste it in your reply.

Tom
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP