Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups are slowing down computer and Aol Tool Bar. [Closed]


  • This topic is locked This topic is locked

#1
NeedWings

NeedWings

    Member

  • Member
  • PipPip
  • 13 posts
My pc is acting kind of wacky.
It's been off for the last few months, now that have turned it on it's slow and has pop ups.





OTL logfile created on: 4/23/2013 2:56:51 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ruth\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.98 Mb Total Physical Memory | 235.24 Mb Available Physical Memory | 30.67% Memory free
1.19 Gb Paging File | 0.31 Gb Available in Paging File | 25.93% Paging File free
Paging file location(s): c:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 3.57 Gb Free Space | 9.33% Space Free | Partition Type: NTFS

Computer Name: MCQW01 | User Name: Ruth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/23 11:16:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
PRC - [2013/02/12 14:29:31 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/12 14:28:38 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/02/12 14:28:34 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/12 14:28:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/02/07 20:05:36 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/02/06 05:01:31 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/22 17:25:53 | 014,717,144 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/02/06 05:00:33 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/09/19 19:17:40 | 000,397,088 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2013/04/22 17:26:00 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/12 14:29:31 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/12 14:28:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/07 20:05:36 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/02/06 05:01:30 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\el90xbc5.sys -- (EL90XBC)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2013/02/01 17:30:40 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)
DRV - [2013/02/01 17:30:38 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 15:05:25 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avkmgr.sys -- (avkmgr)
DRV - [2012/10/16 17:53:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - [2011/10/30 14:14:50 | 000,027,600 | ---- | M] (CrystalIdea Software) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CisUtMonitor.sys -- (CisUtMonitor)
DRV - [2009/03/25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/03/25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/03/25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/03/25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/03/25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2004/08/03 22:29:50 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/03 22:29:48 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/03 22:29:46 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/03 22:29:44 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/03 22:29:44 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/03 22:29:42 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/03 22:29:38 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/08/03 22:29:38 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/03 22:29:38 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/03 22:29:38 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/06/11 01:52:26 | 000,098,815 | ---- | M] (Visual Networks) [Kernel | Boot | Unknown] -- C:\WINDOWS\System32\drivers\ipvnmon.sys -- (IPVNMon)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...000000cf1745dc0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E7C37A7C-7F78-47A4-BC64-A4B54BEF46F7}: "URL" = http://www.google.co...ie7&rlz=1I7RNWM
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B7affbfae-c4e2-4915-8c0f-00fa3ec610a1%7D:5.74.1.9183
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Ruth\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 05:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/06 05:00:19 | 000,000,000 | ---D | M]

[2012/10/17 18:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Extensions
[2013/02/15 20:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions
[2013/02/15 20:33:35 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2012/10/24 13:53:52 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions\[email protected]
[2013/02/15 20:33:55 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\searchplugins\aol-search.xml
[2012/10/02 19:44:57 | 000,001,435 | ---- | M] () -- C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\searchplugins\spamfreesearch.xml
[2013/02/06 04:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/06 05:01:32 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 22:25:01 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.claro-sea...000000cf1745dc0
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.claro-sea...000000cf1745dc0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Ruth\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealOne Player Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll
CHR - Extension: Super Mario Bros = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\abaipnligghjcjklcoekcgnpkcifgdkc\6.0_0\
CHR - Extension: Angry Birds = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: 3DTin = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\algoakekcdmbbikdjgjdahbfihboglmi\1.1_0\
CHR - Extension: Splitman = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbceciicbilpdhmlghijikklgjhclnmi\1.0_0\
CHR - Extension: TV = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: ibibo Chess = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgpnmaohmoiefjealeblfgdfnkepnejg\1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Bounceball = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bnonnffemhpfblohaicmfmofbfaaoobf\1.1_0\
CHR - Extension: Bouncy Mouse = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Crazy Rollercoaster = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc\1.3_0\
CHR - Extension: Cut the Rope = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\15_0\
CHR - Extension: Super Mario 63 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gndaiddfbhkpcljnfdpgemffmlnjfgdp\1_0\
CHR - Extension: Isoball 3 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.3.0_0\
CHR - Extension: Santa Can Fly = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ijnjeadmcoiglgongpaknblabefpogei\2.0.0_0\
CHR - Extension: Typing Test - KeyHero = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm\1.4.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Gravity Duck = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.3.0_0\
CHR - Extension: Bird Brawl = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kmfmnamhddafiplkkobdinpjcnidlplk\1.0.0.0_0\
CHR - Extension: Super Mario World - HD = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pailmekhfbjjgajlehgifomabggldfff\5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Wolf Toss = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjlncddmdljpioccbmempchonhlifakc\1.1.2.6_0\
CHR - Extension: Cargo Bridge 2 = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml\1.0.0_0\
CHR - Extension: Canvas Rider = C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk\0.71_0\

O1 HOSTS File: ([2002/08/29 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDesktopIniCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/...pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} http://zone.msn.com/...pcaploader1.cab (PopCapLoaderCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6763437-438C-4BBF-A84B-0C3B32E20F8D}: DhcpNameServer = 10.0.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ruth\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/23 11:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\fbi money pan, no safe networking mode - Geeks to Go Forums_files
[2013/04/23 11:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ruth\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums_files
[2013/04/23 11:16:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2013/04/23 11:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/04/22 05:15:28 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.Z.ZZ..ZZZ
[2013/04/22 05:14:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ruth\Recent
[2012/09/12 12:45:02 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\sndvol32.exe
[2012/08/24 18:31:27 | 001,384,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvbvm60.dll
[2012/08/24 18:31:27 | 001,021,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files\tv_enua.exe
[2012/08/24 18:31:27 | 000,955,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\spchcpl.exe
[2012/08/24 18:31:27 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OLEAUT32.DLL
[2012/08/24 18:31:27 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\SETUP1.EXE
[2012/08/24 18:31:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VTEXT.DLL
[2012/08/24 18:31:27 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Program Files\OLEPRO32.DLL
[2012/08/24 18:31:27 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ASYCFILT.DLL
[2012/08/24 18:31:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Program Files\VB6STKIT.DLL
[2012/08/24 18:31:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ST6UNST.EXE
[2012/08/24 18:31:27 | 000,061,440 | ---- | C] (Slackker) -- C:\Program Files\Talking Math Tutor.exe
[2012/08/24 18:31:27 | 000,022,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\COMCAT.DLL
[2012/08/24 18:31:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\STDOLE2.TLB
[2006/07/04 19:06:11 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ruth\My Documents\*.tmp files -> C:\Documents and Settings\Ruth\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/23 14:35:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/23 14:24:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/23 14:17:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/23 14:00:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/04/23 11:19:28 | 000,083,512 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\fbi money pan, no safe networking mode - Geeks to Go Forums.htm
[2013/04/23 11:17:55 | 000,102,592 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.htm
[2013/04/23 11:16:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ruth\Desktop\OTL.exe
[2013/04/23 11:06:24 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/23 11:05:07 | 000,000,311 | ---- | M] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\poetsch.bat
[2013/04/23 10:59:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013/04/23 10:56:06 | 000,001,252 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2013/04/23 10:55:48 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/23 10:55:46 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/04/23 10:54:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2013/04/23 10:54:41 | 000,356,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/23 06:51:04 | 000,457,256 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2013/04/23 06:51:04 | 000,075,754 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2013/04/23 06:44:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/23 05:34:50 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/04/22 20:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/04/22 17:29:48 | 008,308,875 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\lecture_audio.mp3
[2013/04/22 17:20:36 | 008,308,875 | ---- | M] () -- C:\Documents and Settings\Ruth\Desktop\comp14_unit1_lecture_audio.mp3
[2013/04/22 11:48:13 | 037,847,756 | ---- | M] () -- C:\Program Files\PF.Magic.zip
[2013/04/22 10:44:08 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/04/22 10:10:13 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Ruth\My Documents\*.tmp files -> C:\Documents and Settings\Ruth\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/23 11:19:26 | 000,083,512 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\fbi money pan, no safe networking mode - Geeks to Go Forums.htm
[2013/04/23 11:17:46 | 000,102,592 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.htm
[2013/04/23 11:05:07 | 000,000,311 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\poetsch.bat
[2013/04/23 05:44:12 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/23 04:45:36 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/04/23 02:48:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/04/23 02:48:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2013/04/22 17:28:43 | 008,308,875 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\lecture_audio.mp3
[2013/04/22 17:19:05 | 008,308,875 | ---- | C] () -- C:\Documents and Settings\Ruth\Desktop\comp14_unit1_lecture_audio.mp3
[2013/04/22 11:48:13 | 037,847,756 | ---- | C] () -- C:\Program Files\PF.Magic.zip
[2013/04/22 05:20:42 | 000,356,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/05 17:32:08 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2012/11/05 17:24:25 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll
[2012/10/17 19:18:19 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/10/16 01:20:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/07 11:32:22 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/05 13:31:33 | 000,000,032 | R--- | C] () -- C:\Documents and Settings\All Users\hash.dat
[2012/09/12 12:45:02 | 000,188,029 | ---- | C] () -- C:\Program Files\preview.png
[2012/09/12 10:43:12 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/08/24 14:39:11 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\WebCamLib.dll
[2008/05/08 18:18:01 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2004/12/04 13:19:56 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Ruth\Local Settings\Application Data\fusioncache.dat
[2003/11/29 08:55:00 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\PFP110JPR.{PB
[2003/11/29 08:55:00 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ruth\Application Data\PFP110JCM.{PB

========== ZeroAccess Check ==========

[2003/11/20 09:30:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/26 10:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\.mono
[2013/02/06 20:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2008/10/11 17:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2008/10/18 17:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Awem
[2004/08/27 13:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BF8051E7-626F-4a11-AF7A-625A7B555862
[2012/11/12 17:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Browser Manager
[2006/11/11 19:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA
[2007/08/31 16:12:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Enkord
[2008/09/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum
[2008/10/24 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2008/10/03 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/08/25 11:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreshGames
[2008/09/27 20:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2007/04/27 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gamelab
[2006/12/11 00:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Genimo
[2008/10/21 19:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2008/11/09 13:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2008/12/20 10:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii Games
[2007/02/16 18:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/03/28 16:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2008/05/31 14:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lifetime
[2012/10/16 18:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/10/20 18:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MonteCristo
[2008/11/05 19:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/11/08 19:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\My Games
[2008/11/02 21:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MythPeople
[2007/06/01 15:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/09/17 19:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeptunesAdve
[2007/01/15 20:48:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norbyte
[2009/02/01 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/11 13:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayPond
[2008/09/27 22:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2006/09/16 02:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2007/09/01 18:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrettyGoodGames
[2012/08/22 18:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2007/11/28 17:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2006/07/28 20:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2012/10/17 19:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2008/09/27 17:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2008/05/17 14:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2010/05/13 18:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/02/10 15:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/08/30 14:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2004/09/19 18:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2008/10/17 15:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheRace_dev
[2007/06/09 21:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ValuSoft
[2004/08/27 10:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2008/05/11 15:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2012/09/26 10:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\.mono
[2007/12/12 20:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Age of Japan II
[2008/02/04 18:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\AlwaysNeat
[2008/09/04 19:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Ancient Quest of Saqqarah__real
[2008/10/03 19:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Angkor
[2012/08/24 14:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Apowersoft
[2006/11/05 21:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Beep Industries
[2007/05/21 13:49:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\BFGTOOLBAR
[2007/09/03 11:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Big Fish Games
[2006/12/09 16:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Boomzap
[2008/10/16 18:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\cerasus.media
[2007/02/13 16:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Chicken Chase
[2013/01/31 21:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Claro LTD
[2008/11/12 11:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/12 17:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\CrystalIdea Software
[2013/04/22 04:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Dropbox
[2006/11/11 19:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\EA
[2007/10/11 18:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\EleFun Games
[2009/02/02 22:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Fabulous Finds
[2008/10/24 16:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Flood Light Games
[2008/10/03 18:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\FloodLightGames
[2009/02/09 22:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\ForgottenRiddles2
[2008/10/07 17:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Friday's games
[2007/10/05 19:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Gaijin Ent
[2007/07/04 13:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\GameHouse
[2007/04/27 14:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\gamelab
[2008/11/08 19:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\gemsweeperextractedgfx
[2006/12/11 00:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Genimo
[2012/08/11 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\GetRightToGo
[2008/12/20 10:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Gogii Games
[2008/09/07 17:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\ITTNord
[2007/11/28 16:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Jane s Hotel
[2008/12/29 17:27:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\JewelMatch2
[2003/11/28 21:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Leadertech
[2006/04/26 14:30:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Magic Match
[2012/10/08 01:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\MAGIX
[2008/10/24 19:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Meridian93
[2008/05/18 16:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\My Games
[2008/05/26 20:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\MysteryStudio
[2008/08/06 20:17:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Mysteryville2
[2007/01/15 20:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Norbyte
[2012/08/23 21:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\OpenOffice.org
[2008/02/03 14:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Pirateville
[2006/11/01 23:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\pixelStorm
[2009/02/01 15:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\PlayFirst
[2008/07/09 17:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Playrix Entertainment
[2012/08/22 18:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\RapidTyping
[2008/05/10 21:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Restorer
[2008/11/09 17:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Righteous Kill
[2013/04/22 21:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\spiral
[2013/02/13 18:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\splitscreen
[2008/12/22 18:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SprillBermudeEng
[2012/09/12 11:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Styler
[2012/10/24 15:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\SumatraPDF
[2007/11/09 17:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Super-Cow
[2012/10/05 13:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Unity
[2007/09/22 18:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\VeniceMysteryData
[2012/10/11 22:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Warsow 1.0
[2006/05/14 18:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ruth\Application Data\Wildfire

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:861A898F
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6390D9FB
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:221F35CC
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507AEDA
@Alternate Data Stream - 440 bytes -> C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.Z.ZZ..ZZZ:1
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F098C56D
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF4BA1F5
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1677AB3F
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8F2B426
@Alternate Data Stream - 170 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:86FA1A34
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C4BD503
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB0BFA84
@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1F86F437
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E0BB7B35
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:687D1056
@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:23C6969A
@Alternate Data Stream - 160 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:10861A5E
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85F3AC32
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09D0186E
@Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CC2686CD
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C065E0D
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4DCBA8B
@Alternate Data Stream - 154 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8961A52
@Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:258F3E77
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91B3E405
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C79FB81
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A47E53E8
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:053FEC11
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75B1A93C
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5814AB4F
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1EA0D54
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8A0F20CD
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:766442E5
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2753F1AE
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1792752F
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D93F5F7
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71236697
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:067DB605
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3EAFDE57
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9A953997
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AFE59F2
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:60516BC3
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B4A0E23
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45292A84
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07FFC655
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7290F122
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B337D07E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9398DBB4
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D02044C
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3214A283
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E22BBE8
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:981884E7
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C3E753C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D24FC46
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3DAC3B29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38020A20
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D055FC10
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B3A35EC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48F154AF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DEF96BC8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B9710577
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:814B9485
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370EF5E8
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03392111
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C213B3C4
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BCAA2E9
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED66F190
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB6E0B6B
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48FEA089
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3327BC4F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD93CF96
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E3C56885
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDD83DC4
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A360D1FA
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6EC66C03
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:353B7B11
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4C1D9362
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CCF42AF8
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22786385
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:95B8F7F6
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B6F784D3
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3A4217C
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F54261D3
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9124CA95
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BAD46F6
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B845F669
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B79AEF3
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8DACDD8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7F66BF58
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:59D05D9A
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:192F4D18
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C4DF735
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D7E5A8F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8104EE7
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello NeedWings

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
NeedWings

NeedWings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
This what it gave me:

Security Check:
Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 18
Java 7 Update 13
Java version out of Date!
Adobe Flash Player 11.6.602.180
Mozilla Firefox 18.0.2 Firefox out of Date!
Google Chrome 24.0.1312.57
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


adwcleaner:
# AdwCleaner v2.202 - Logfile created 04/23/2013 at 22:10:02
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ruth - MCQW01
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ruth\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\searchplugins\spamfreesearch.xml
File Deleted : C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser Manager
Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Claro LTD
Folder Deleted : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Ruth\Local Settings\Application Data\PackageAware

***** [Registry] *****

Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\e2df8bbd39b912
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BAE35237-8D73-44D0-905C-8A95EA1E7E69}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5C66DD8-308B-4A4F-AF0A-3D04F25B5343}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EECF410C-006C-4A05-AD13-6741A0814DBF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : HKLM\SOFTWARE\e2df8bbd39b912
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.claro-search.com/?affID=116695&tt=4612_3&babsrc=NT_ss&mntrId=e41b95ec000000000000000cf1745dc0 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\prefs.js

Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 7);
Deleted : user_pref("aol_toolbar.button.aol_mail_5496.click", "1");
Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;w[...]
Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Deleted : user_pref("aol_toolbar.cookie.search", "");
Deleted : user_pref("aol_toolbar.curtain.congrats", "curtain");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Deleted : user_pref("aol_toolbar.guid", "{E2FBE8B3-9908-16AE-7813-75B39352E115}");
Deleted : user_pref("aol_toolbar.install.distroid", "aol");
Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9183");
Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Deleted : user_pref("aol_toolbar.install.ncid", "");
Deleted : user_pref("aol_toolbar.metrics.activestampdate", "23");
Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "3");
Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Deleted : user_pref("aol_toolbar.metrics.log", false);
Deleted : user_pref("aol_toolbar.metrics.originalDate", "14");
Deleted : user_pref("aol_toolbar.metrics.originalHours", "6");
Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Deleted : user_pref("aol_toolbar.metrics.originalMonth", "11");
Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Deleted : user_pref("aol_toolbar.metrics.originalYear", "2012");
Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Deleted : user_pref("aol_toolbar.remote.publish.xml", "1366732909227");
Deleted : user_pref("aol_toolbar.rtw.active", false);
Deleted : user_pref("aol_toolbar.search.button", true);
Deleted : user_pref("aol_toolbar.search.cid", "15-02-2013");
Deleted : user_pref("aol_toolbar.search.focusnewtab", true);
Deleted : user_pref("aol_toolbar.search.instd", "20121024185232062");
Deleted : user_pref("aol_toolbar.search.newtab", true);
Deleted : user_pref("aol_toolbar.search.oid", "14-11-2012");
Deleted : user_pref("aol_toolbar.search.placement", "right");
Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Deleted : user_pref("aol_toolbar.search.savehistory", false);
Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Deleted : user_pref("aol_toolbar.skin.custom", false);
Deleted : user_pref("aol_toolbar.surf.date", "44");
Deleted : user_pref("aol_toolbar.surf.lastDate", "23");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "3");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Deleted : user_pref("aol_toolbar.surf.month", "185");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "2371");
Deleted : user_pref("aol_toolbar.surf.total", "3304");
Deleted : user_pref("aol_toolbar.surf.week", "185");
Deleted : user_pref("aol_toolbar.surf.year", "2566");
Deleted : user_pref("aol_toolbar.ticker.active", false);
Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Deleted : user_pref("aol_toolbar.weather.degc", "7");
Deleted : user_pref("aol_toolbar.weather.degf", "44");
Deleted : user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/26.png");
Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Deleted : user_pref("aol_toolbar.weather.metric", true);
Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Cloudy");
Deleted : user_pref("aol_toolbar.weather.update", "1366734591104");
Deleted : user_pref("aol_toolbar.winamp.volume", "");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\izas49bl.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Ruth\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.2541] : homepage = "hxxp://www.claro-search.com/?affID=116695&tt=4612_3&babsrc=HP_ss&mntrId=e41b95ec0000[...]

*************************

AdwCleaner[R1].txt - [29587 octets] - [14/11/2012 22:32:15]
AdwCleaner[S1].txt - [17901 octets] - [18/10/2012 13:27:03]
AdwCleaner[S2].txt - [30440 octets] - [14/11/2012 22:34:41]
AdwCleaner[S3].txt - [12318 octets] - [23/04/2013 22:10:02]

########## EOF - C:\AdwCleaner[S3].txt - [12379 octets] ##########


RougeKiller:
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Ruth [Admin rights]
Mode : Remove -- Date : 04/23/2013 22:45:37
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[25] : NtClose @ 0x80567C07 -> HOOKED (Unknown @ 0xF7E3FD04)
SSDT[41] : NtCreateKey @ 0x80573887 -> HOOKED (Unknown @ 0xF7E3FCBE)
SSDT[50] : NtCreateSection @ 0x80565433 -> HOOKED (Unknown @ 0xF7E3FD0E)
SSDT[53] : NtCreateThread @ 0x80578925 -> HOOKED (Unknown @ 0xF7E3FCB4)
SSDT[63] : NtDeleteKey @ 0x80595ABA -> HOOKED (Unknown @ 0xF7E3FCC3)
SSDT[65] : NtDeleteValueKey @ 0x805936DA -> HOOKED (Unknown @ 0xF7E3FCCD)
SSDT[66] : NtDeviceIoControlFile @ 0x805796DB -> HOOKED (IPVNMon.sys @ 0xF754BCEF)
SSDT[68] : NtDuplicateObject @ 0x805749DA -> HOOKED (Unknown @ 0xF7E3FCFF)
SSDT[98] : NtLoadKey @ 0x805ADCBB -> HOOKED (Unknown @ 0xF7E3FCD2)
SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (Unknown @ 0xF7E3FCA0)
SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (Unknown @ 0xF7E3FCA5)
SSDT[177] : NtQueryValueKey @ 0x8056A531 -> HOOKED (Unknown @ 0xF7E3FD27)
SSDT[193] : NtReplaceKey @ 0x8065012A -> HOOKED (Unknown @ 0xF7E3FCDC)
SSDT[200] : NtRequestWaitReplyPort @ 0x8056DD9E -> HOOKED (Unknown @ 0xF7E3FD18)
SSDT[204] : NtRestoreKey @ 0x8064FCC1 -> HOOKED (Unknown @ 0xF7E3FCD7)
SSDT[213] : NtSetContextThread @ 0x8062E8FB -> HOOKED (Unknown @ 0xF7E3FD13)
SSDT[237] : NtSetSecurityObject @ 0x80598227 -> HOOKED (Unknown @ 0xF7E3FD1D)
SSDT[247] : NtSetValueKey @ 0x8057DAF3 -> HOOKED (Unknown @ 0xF7E3FCC8)
SSDT[255] : NtSystemDebugControl @ 0x8064AD09 -> HOOKED (Unknown @ 0xF7E3FD22)
SSDT[257] : NtTerminateProcess @ 0x80585851 -> HOOKED (Unknown @ 0xF7E3FCAF)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7E3FD36)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7E3FD3B)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Maxtor 6E040L0 +++++
--- User ---
[MBR] d94eb3d2a4e9f69e25d736f02121ab55
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 39158 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04232013_02d2245.txt >>
RKreport[1]_S_04232013_02d2244.txt ; RKreport[2]_D_04232013_02d2245.txt
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello NeedWings

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
NeedWings

NeedWings

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks, all the pop ups are gone. It's still slow. The AOL tool bar is still here.


Here is Combofix report:
ComboFix 13-04-25.01 - Ruth 04/25/2013 12:55:44.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.476 [GMT -5:00]
Running from: c:\documents and settings\Ruth\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Ruth\Application Data\bfgtoolbar
c:\documents and settings\Ruth\Application Data\bfgtoolbar\1.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\10.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\2.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\20off.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\3.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\4.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\5.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\6.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\7.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\8.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\9.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\action.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\atlantis.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\bfg_greetings.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\bfgtoolbarDLL.zip
c:\documents and settings\Ruth\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg
c:\documents and settings\Ruth\Application Data\bfgtoolbar\card.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\COMBOSEARCH.acs
c:\documents and settings\Ruth\Application Data\bfgtoolbar\logo.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\mahjong.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\mygames.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\mygamestoolbar.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\new.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\newgames.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\puzzle.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\search.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\thereef.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\topten.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\webgames.bmp
c:\documents and settings\Ruth\Application Data\bfgtoolbar\word.bmp
c:\documents and settings\Ruth\Application Data\Microsoft\~DFK59c080.tmp
c:\documents and settings\Ruth\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Ruth\Application Data\Microsoft\bass.dll
c:\documents and settings\Ruth\Application Data\Microsoft\engine_vx.dll
c:\documents and settings\Ruth\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Ruth\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Ruth\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Ruth\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Ruth\Application Data\Microsoft\rsaadjd.dll
c:\documents and settings\Ruth\My Documents\~WRL2615.tmp
c:\documents and settings\Ruth\Start Menu\Internet Explorer.lnk
c:\documents and settings\Ruth\WINDOWS
c:\program files\OLEAUT32.dll
C:\Thumbs.db
c:\windows\igator
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system\oeminfo.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\regobj.dll
c:\windows\system32\SET1378.tmp
c:\windows\system32\SET359.tmp
c:\windows\system32\SET365.tmp
c:\windows\system32\SET4C1.tmp
c:\windows\system32\SET4D4.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SETEB9.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-03-25 to 2013-04-25 )))))))))))))))))))))))))))))))
.
.
2013-04-25 10:55 . 2013-04-10 01:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1DB38719-41E2-4B00-9EB5-F20211D8E647}\mpengine.dll
2013-04-24 03:27 . 2013-04-10 01:08 6906960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-23 16:05 . 2013-04-23 16:05 311 ----a-w- c:\documents and settings\Ruth\Local Settings\Application Data\poetsch.bat
2013-04-23 08:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-04-23 08:04 . 2013-03-02 02:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-04-23 08:04 . 2013-03-02 02:06 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-04-23 08:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-04-23 08:01 . 2012-12-16 12:23 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-04-23 07:48 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-04-23 07:48 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-04-23 07:48 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-04-23 07:44 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-04-22 10:15 . 2013-04-22 10:19 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ..ZZ.Z.ZZ..ZZZ
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-22 22:25 . 2012-09-12 15:34 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-22 22:25 . 2012-09-12 15:34 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-02 10:33 . 2012-10-16 16:58 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-08 08:36 . 2004-08-04 05:56 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-04 04:20 2193408 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-04 05:56 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-04 05:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-03-02 02:06 . 2004-08-04 05:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 01:25 . 2004-08-04 04:17 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-04 03:59 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-27 21:13 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-08-23 16:42 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 04:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 01:05 . 2013-02-08 01:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 01:04 . 2012-08-21 22:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-08 01:03 . 2012-09-13 20:57 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-08 01:03 . 2012-09-13 20:57 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-01 22:30 . 2012-10-24 20:38 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-02-01 22:30 . 2012-10-24 20:38 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-26 03:55 . 2004-08-04 05:56 552448 ------w- c:\windows\system32\oleaut32.dll
2009-03-14 17:55 . 2012-09-12 17:45 311296 ----a-w- c:\program files\sndvol32.exe
2006-07-05 00:05 . 2006-07-05 00:06 774144 -c--a-w- c:\program files\RngInterstitial.dll
2001-11-10 23:50 . 2012-08-24 23:31 61440 ----a-w- c:\program files\Talking Math Tutor.exe
2001-06-13 04:04 . 2012-08-24 23:31 17920 ----a-w- c:\program files\STDOLE2.TLB
2001-06-13 04:04 . 2012-08-24 23:31 164112 ----a-w- c:\program files\OLEPRO32.DLL
2001-06-13 04:04 . 2012-08-24 23:31 147728 -c--a-w- c:\program files\ASYCFILT.DLL
2000-03-10 22:29 . 2012-08-24 23:31 955656 ----a-w- c:\program files\spchcpl.exe
2000-03-10 22:27 . 2012-08-24 23:31 1021232 ----a-w- c:\program files\tv_enua.exe
1999-05-10 05:00 . 2012-08-24 23:31 1384448 ----a-w- c:\program files\msvbvm60.dll
1999-01-12 20:19 . 2012-08-24 23:31 173056 ----a-w- c:\program files\VTEXT.DLL
1998-06-20 05:00 . 2012-08-24 23:31 286720 ----a-w- c:\program files\SETUP1.EXE
1998-06-18 05:00 . 2012-08-24 23:31 73216 ----a-w- c:\program files\ST6UNST.EXE
1998-06-18 05:00 . 2012-08-24 23:31 102912 ----a-w- c:\program files\VB6STKIT.DLL
1998-05-31 05:00 . 2012-08-24 23:31 22288 ----a-w- c:\program files\COMCAT.DLL
2013-04-24 07:01 . 2013-04-24 07:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 18:06 163328 --sha-r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 19:47 31232 --sha-r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 21:30 216064 --sha-r- c:\windows\SYSTEM32\nbDX.dll
2010-01-07 06:00 107520 --sha-r- c:\windows\SYSTEM32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ruth\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ruth\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ruth\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Ruth\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 21:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-17 171448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Ruth\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 2510 series.lnk]
path=c:\documents and settings\Ruth\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 2510 series.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Ruth\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=c:\documents and settings\Ruth\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ruth^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\Ruth\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59 122880 ----a-w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27 28672 ----a-w- c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-10-28 17:18 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 01]
2003-06-11 06:52 380928 ----a-w- c:\program files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
2003-06-11 06:52 122880 ----a-w- c:\program files\Visual Networks\Visual IP InSight\SBC\ipmon32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-01-27 16:11 947152 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-04-24 22:58 4616192 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47 204800 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Ruth\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:66.112.31.252/255.255.255.255,68.116.255.72/255.255.255.248:Enabled:@xpsp2res.dll,-22009
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [10/24/2012 3:38 PM 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/24/2012 3:38 PM 86752]
S3 CisUtMonitor;CisUtMonitor;c:\windows\SYSTEM32\DRIVERS\CisUtMonitor.sys [11/12/2012 5:50 PM 27600]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [10/16/2012 11:19 AM 40776]
S3 wimmount;wimmount;c:\windows\SYSTEM32\DRIVERS\wimmount.sys [2/7/2013 4:45 AM 19024]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - IPVNMon
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-22 22:23 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-12 22:26]
.
2013-04-25 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-01-31 20:05]
.
2013-04-25 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-01-31 20:05]
.
2013-04-25 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-01-31 20:05]
.
2013-04-24 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-01-31 20:05]
.
2013-04-25 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-18 21:06]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-18 21:06]
.
2013-04-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2012-10-18 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-10-04 20:42]
.
2013-04-25 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
2013-02-13 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6b1545fc911c4e81a28aa35c92e8d5f9
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6b1545fc911c4e81a28aa35c92e8d5f9
TCP: DhcpNameServer = 10.0.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Ruth\Application Data\Mozilla\Firefox\Profiles\eza33z31.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-Optimizer Pro - c:\program files\Optimizer Pro\OptProLauncher.exe
AddRemove-46D88D6E-2384-4DFA-A02C-7ED5B10234D6 - c:\program files\Adams Guitar\uninstall.exe
AddRemove-A685FAD1-F68B-4C3E-A627-D2DD2E8CEFC1 - c:\program files\ButtonBeats Piano Player\uninstall.exe
AddRemove-AVS Audio Editor_is1 - c:\program files\AVS4YOU\AVSAudioEditor\unins000.exe
AddRemove-AVS Audio Recorder_is1 - c:\program files\AVS4YOU\AVSAudioRecorder\unins000.exe
AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe
AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe
AddRemove-BroadJump Client Foundation - c:\program files\BroadJump\Client Foundation\Uninst.isu
AddRemove-FlashBoot_is1 - f:\flashboot\unins000.exe
AddRemove-Installation Assistant - c:\program files\Installation Assistant\Uninstall.exe
AddRemove-Personalized Learning Center - c:\program files\The Learning Company\Personalized Learning Center\Uninst.isu
AddRemove-Pikachu's Adventure Game - C:\Uninstall.exe
AddRemove-Read6932.exe - c:\tlcwin\Rrread69\Uninst\DeIsL1.isu
AddRemove-sl-adk - c:\program files\OApps\sl-adk_uninstall.exe
AddRemove-WinAce Archiver - f:\winace\SXUNINST.EXE
AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
AddRemove-{EB9F3F92-4857-4121-AA6F-1C424AC6C266}_is1 - c:\program files\Apowersoft\Screen Recording Suite\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-25 13:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-04-25 13:15:16
ComboFix-quarantined-files.txt 2013-04-25 18:14
.
Pre-Run: 4,521,213,952 bytes free
Post-Run: 4,619,378,688 bytes free
.
- - End Of File - - 2131DFC6243755DB67B1850F0A20E9C7

Edited by NeedWings, 25 April 2013 - 05:19 PM.

  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello NeedWings


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:


AV: Avira Desktop
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.





At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Common Files\SpeedyPC Software

File::
c:\windows\Tasks\SpeedyPC Registration3.job
c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
c:\windows\Tasks\SpeedyPC Update Version3.job

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP