Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Optimzer Pro infection [Closed]


  • This topic is locked This topic is locked

#1
mashu

mashu

    New Member

  • Member
  • Pip
  • 4 posts
Hi everyone

I think I got this virus when I clicked a box about Adobe updates on a torrent site. I received a pop-up from Optimizer Pro telling me I had viruses etc.

My Chrome homepage has changed to this Delta Search page: http://www2.delta-se...C0D0011D87CC15A

There is a new program in my start menu called Browser Project, and I noticed something called Yontoo at startup, which I disabled in msconfig.

My OTL log:

OTL logfile created on: 28/04/2013 11:50:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Me\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.73 Mb Total Physical Memory | 293.27 Mb Available Physical Memory | 30.59% Memory free
2.26 Gb Paging File | 1.63 Gb Available in Paging File | 72.11% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 91.93 Gb Free Space | 49.55% Space Free | Partition Type: NTFS

Computer Name: MATTHEW | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/28 11:48:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\My Documents\Downloads\OTL.exe
PRC - [2013/04/17 02:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Documents and Settings\Me\Application Data\Yontoo\YontooDesktop.exe
PRC - [2013/04/17 02:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/22 15:09:37 | 002,787,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/03 22:39:30 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/28 11:39:44 | 000,013,600 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/04/27 21:39:37 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj\1.0_0\NPObject.dll
MOD - [2013/04/27 21:39:36 | 000,691,792 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj\1.0_0\BUSolution.dll
MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 09:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/22 15:09:37 | 002,787,280 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/03/22 15:08:36 | 002,520,016 | ---- | M] () -- c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/02/15 10:15:35 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013/02/15 10:11:33 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013/02/15 10:08:57 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/02/15 10:08:54 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/02/15 10:08:42 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/02/15 10:08:39 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013/01/11 18:58:35 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013/01/10 21:40:57 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 21:40:30 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013/01/10 21:39:14 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 21:39:03 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/27 11:41:54 | 000,525,664 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll
MOD - [2003/08/03 00:20:57 | 000,126,976 | ---- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\Me\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/13 18:55:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/22 15:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/27 17:22:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2007/11/03 22:39:30 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\MOZILL~1\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC305DA3-F564-44B3-90F6-3CD1868E0B11}\MpKsld6141efe.sys -- (MpKsld6141efe)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2011/04/24 23:14:38 | 000,225,856 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/09/22 17:31:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/05 10:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2009/05/05 10:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2008/12/21 22:49:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/11/24 12:29:00 | 000,647,333 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3114r.sys -- (SI3114r)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/01/08 21:42:44 | 000,022,144 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/08 21:40:24 | 000,167,168 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/08 21:39:34 | 000,617,600 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/08 21:38:26 | 001,068,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-se...C0D0011D87CC15A
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-se...C0D0011D87CC15A
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-se...C0D0011D87CC15A
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://uk.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "http://www2.delta-se...0D0011D87CC15A"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.19.1
FF - prefs.js..extensions.enabledAddons: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2012.1.11
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.10.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/27 17:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/16 12:55:31 | 000,000,000 | ---D | M]

[2008/08/31 13:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2013/04/27 20:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions
[2010/04/27 20:38:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/20 08:16:37 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2011/01/28 16:02:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/03/24 16:26:56 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/04/27 20:51:09 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2011/05/09 16:38:17 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/04/23 16:35:45 | 000,532,430 | ---- | M] () (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/04/27 20:50:29 | 000,006,470 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\searchplugins\BrowserProtect.xml
[2013/04/27 20:52:16 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\searchplugins\delta.xml
[2007/12/27 16:17:22 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\searchplugins\search.xml
[2012/03/06 18:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/27 17:22:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/12/13 10:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npagent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/20 11:05:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/09/05 14:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2012/06/04 13:52:13 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/04/27 20:50:29 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/09/17 17:24:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/04 13:52:13 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/04 13:52:13 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/17 17:24:41 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/04 13:52:13 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www2.delta-se...C0D0011D87CC15A
CHR - Extension: No name found = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nohfdhapjjlndfgjnmdlcabloeembdkj\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2007/12/10 05:17:32 | 000,648,085 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 17101 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC3C928-AEDE-43BC-BBF5-4A8CDA7600AA}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9aef921-d739-11d9-9ac6-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/27 20:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Start Menu\Programs\BrowserProtect
[2013/04/27 20:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2013/04/27 20:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013/04/27 20:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Delta
[2013/04/27 20:51:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\BabSolution
[2013/04/27 20:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Yontoo
[2013/04/27 20:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/04/27 20:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Delta
[2013/04/27 20:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/04/27 20:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Babylon
[2013/04/27 20:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/06/04 19:48:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Me\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/28 11:47:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/28 11:42:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/28 11:42:00 | 000,443,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/28 11:42:00 | 000,072,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/28 11:37:42 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/28 11:37:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/28 11:37:28 | 1005,375,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/28 11:36:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/04/27 23:19:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1006UA.job
[2013/04/27 23:06:13 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/27 23:02:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1009UA.job
[2013/04/27 20:51:09 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\EPUpdater.job
[2013/04/27 16:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1009Core.job
[2013/04/27 11:58:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/25 16:19:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1006Core.job
[2013/04/12 10:08:07 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/11 12:38:49 | 001,496,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 17:38:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/04/27 20:51:05 | 000,000,254 | ---- | C] () -- C:\WINDOWS\tasks\EPUpdater.job
[2012/02/16 07:59:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 22:11:23 | 000,039,140 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/04 19:48:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\vso_ts_preview.xml
[2009/06/04 19:48:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\inst.exe
[2009/06/04 19:48:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.cat
[2009/06/04 19:48:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.inf
[2008/12/21 22:51:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/05/14 16:46:24 | 000,009,108 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\wklnhst.dat
[2005/07/08 23:16:58 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/21 16:26:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/21 20:06:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/04/27 20:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/04/27 20:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect
[2011/01/26 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/12 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/02/23 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/01/23 00:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/05/10 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/02/02 17:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2013/04/27 20:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/02 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/06/04 21:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/09/01 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/04 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/23 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\AnvSoft
[2013/04/27 20:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BabSolution
[2013/04/27 20:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Babylon
[2012/03/24 00:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent
[2008/03/13 07:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent DNA
[2012/01/03 13:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/08/21 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\dBpoweramp
[2013/04/27 20:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Delta
[2011/04/19 22:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2012/11/26 18:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\ElevatedDiagnostics
[2010/09/06 21:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\FreeAudioPack
[2010/02/23 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MP3Rocket
[2010/02/23 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NCH Swift Sound
[2010/05/16 17:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2008/09/17 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PPMate
[2011/05/10 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\QFX Software
[2011/03/07 09:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sports Interactive
[2012/10/11 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Spotify
[2009/08/11 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2006/05/14 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Template
[2013/04/21 15:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\uTorrent
[2007/12/29 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\VersionTracker Pro
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Virgin Broadband
[2012/07/14 13:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Vso
[2013/04/28 11:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Yontoo

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6974837

< End of report >
  • 0

Advertisements


#2
mashu

mashu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL Extras:

OTL Extras logfile created on: 28/04/2013 11:50:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Me\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.73 Mb Total Physical Memory | 293.27 Mb Available Physical Memory | 30.59% Memory free
2.26 Gb Paging File | 1.63 Gb Available in Paging File | 72.11% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 91.93 Gb Free Space | 49.55% Space Free | Partition Type: NTFS

Computer Name: MATTHEW | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema
"C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager
"C:\Documents and Settings\Me\Desktop\amiga emulater\kaillerasrv-0.82-win32\kaillerasrv.exe" = C:\Documents and Settings\Me\Desktop\amiga emulater\kaillerasrv-0.82-win32\kaillerasrv.exe:*:Enabled:kaillerasrv
"C:\Program Files\BitTorrent_DNA\dna.exe" = C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:BitTorrent DNA -- ()
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Documents and Settings\Me\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Me\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{ED23E382-E5E3-4E21-B616-01FC59A40916}" = OpenOffice.org 3.3
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 9.15 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AudioConverter Studio_is1" = AudioConverter Studio 6.1
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DivX Setup.divx.com" = DivX Setup
"DriverAgent" = DriverAgent Plugin for Netscape by eSupport.com
"ERUNT_is1" = ERUNT 1.1j
"FileHippo.com" = FileHippo.com Update Checker
"Football Manager 2010" = Football Manager 2010
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"iLivid" = iLivid
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"KeyScrambler" = KeyScrambler
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (November 2008)" = Microsoft DirectX SDK (November 2008)
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.2.9_is1" = MyDefrag v4.2.9
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.3
"S3" = UniChromeII Graphics Driver and Utilities
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Soulseek" = SoulSeek Client 156c
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"uTorrent" = µTorrent
"VIA/S3G UniChrome Family Win2K/XP/Server2003 Display" = VIA/S3G Display Driver 6.14.10.0378
"VLC media player" = VLC media player 2.0.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/07/2012 16:12:03 | Computer Name = MATTHEW | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 10.3.0.39230, faulting module
fm.exe, version 10.3.0.39230, fault address 0x00c7e6ec.

Error - 28/07/2012 13:07:04 | Computer Name = MATTHEW | Source = Application Error | ID = 1000
Description = Faulting application fm.exe, version 10.3.0.39230, faulting module
fm.exe, version 10.3.0.39230, fault address 0x00c7e6ec.

Error - 16/10/2012 17:19:12 | Computer Name = MATTHEW | Source = Application Error | ID = 1000
Description = Faulting application avastui.exe, version 7.0.1466.549, faulting module
unknown, version 0.0.0.0, fault address 0x0184876b.

Error - 29/01/2013 12:38:53 | Computer Name = MATTHEW | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 4.1.522.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 29/01/2013 12:39:01 | Computer Name = MATTHEW | Source = Microsoft Security Client | ID = 5000
Description =

Error - 29/01/2013 12:51:41 | Computer Name = MATTHEW | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 29/01/2013 12:51:41 | Computer Name = MATTHEW | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 27/02/2013 06:14:08 | Computer Name = MATTHEW | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.145.487.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9203.0 Error
code: 0x80240038 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >
  • 0

#3
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello mashu and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your log now and will reply with instructions shortly.

Satchfan
  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello again Mashu

A couple of observations before we begin cleaning up this mess:

I think I got this virus when I clicked a box about Adobe updates on a torrent site


P2P - I see you have P2P software, (uTorrent ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Registry cleaners

I received a pop-up from Optimizer Pro


It's not a good idea to use registry cleaners/boosters.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I strongly advise you to get rid of Optimizer Pro and any other cleaner/optimizer/booster/tuneup/tweak type utilities that you have on this or any other computer.

One of the malware experts, miekiemoes, has an excellent write-up here
Another excellent article by Bill Castner is located here

===================================================

That said, there’s a fair bit to be done here so you’ll have a bit of work to do.

Uninstall programs

You have Ad-Aware and Microsoft Security Essentials, (MSE) antivirus programs installed.

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall Ad-Aware but it is your choice.

  • click Start, Settings, Control Panel, Add or remove programs
  • scroll down the list click on either Ad-Aware 2007 or Microsoft Security Client and then on Remove
  • repeat this for the other programs listed below


BrowserProtect
Yontoo 2.052
Delta toolbar
Delta Chrome Toolbar
iLivid

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================

Download and run Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.
When you’ve completed all that, please run OTL again and send a new log.

Please include the following in your next post :

AdwCleaner log
JRT.txt
aswMBR log
New OTL log


Thanks

Satchfan
  • 0

#5
mashu

mashu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Adw log:

# AdwCleaner v2.202 - Logfile created 04/28/2013 at 13:17:55
# Updated 23/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Me - MATTHEW
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Me\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\All Users\Application Data\BrowserProtect
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\DomaIQ Uninstaller

***** [Registry] *****

Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\5855de8de56fe546
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DomaIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

-\\ Google Chrome v26.0.1410.64

*************************

AdwCleaner[S1].txt - [2329 octets] - [28/04/2013 13:17:55]

########## EOF - C:\AdwCleaner[S1].txt - [2389 octets] ##########



JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.1 (04.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Me on 28/04/2013 at 13:25:38.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\DELTA BABYLON.EXE-13CD2A88.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Me\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Me\Local Settings\Application Data\ilivid player"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\z4kydkrs.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\z4kydkrs.default\searchplugins\browserprotect.xml
Successfully deleted: [File] C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\z4kydkrs.default\searchplugins\search.xml
Emptied folder: C:\Documents and Settings\Me\Application Data\mozilla\firefox\profiles\z4kydkrs.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/04/2013 at 13:27:57.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



aswMBR log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-28 13:37:06
-----------------------------
13:37:06.515 OS Version: Windows 5.1.2600 Service Pack 3
13:37:06.515 Number of processors: 1 586 0xC00
13:37:06.515 ComputerName: MATTHEW UserName: Me
13:37:07.640 Initialize success
13:41:56.765 AVAST engine defs: 13042701
13:42:03.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:42:03.718 Disk 0 Vendor: Maxtor_6L200M0 BANC1E00 Size: 194481MB BusType: 3
13:42:03.875 Disk 0 MBR read successfully
13:42:03.875 Disk 0 MBR scan
13:42:03.937 Disk 0 unknown MBR code
13:42:03.937 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 4502 MB offset 63
13:42:04.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 189971 MB offset 9221310
13:42:04.140 Disk 0 scanning sectors +398283480
13:42:04.328 Disk 0 scanning C:\WINDOWS\system32\drivers
13:42:28.515 Service scanning
13:42:43.953 Service MpKsl3e1603ab c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CE4CA9B-1008-4275-A5D8-C8A936002BB1}\MpKsl3e1603ab.sys **LOCKED** 32
13:43:01.531 Modules scanning
13:43:08.031 Disk 0 trace - called modules:
13:43:08.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys videX32.sys PCIIDEX.SYS
13:43:08.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86552ab8]
13:43:08.562 3 CLASSPNP.SYS[f7640fd7] -> nt!IofCallDriver -> [0x86537ed0]
13:43:08.562 5 xfilt.sys[f7651026] -> nt!IofCallDriver -> \Device\00000068[0x8657a410]
13:43:08.562 7 ACPI.sys[f74c7620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865c9940]
13:43:09.484 AVAST engine scan C:\WINDOWS
13:43:21.203 AVAST engine scan C:\WINDOWS\system32
13:48:45.671 AVAST engine scan C:\WINDOWS\system32\drivers
13:49:17.640 AVAST engine scan C:\Documents and Settings\Me
14:06:12.031 AVAST engine scan C:\Documents and Settings\All Users
14:07:32.406 Scan finished successfully
14:18:56.265 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Me\Desktop\MBR.dat"
14:18:56.390 The log file has been saved successfully to "C:\Documents and Settings\Me\Desktop\aswMBR.txt"




OTL log:

OTL logfile created on: 28/04/2013 14:20:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Me\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.73 Mb Total Physical Memory | 489.21 Mb Available Physical Memory | 51.03% Memory free
2.26 Gb Paging File | 1.95 Gb Available in Paging File | 86.53% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 91.68 Gb Free Space | 49.42% Space Free | Partition Type: NTFS

Computer Name: MATTHEW | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/28 11:48:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\My Documents\Downloads\OTL.exe
PRC - [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2008/04/14 01:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 01:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2003/08/03 00:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/03 00:20:57 | 000,126,976 | ---- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/13 18:55:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/09/27 17:22:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\MOZILL~1\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Me\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/04/28 13:37:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CE4CA9B-1008-4275-A5D8-C8A936002BB1}\MpKsl3e1603ab.sys -- (MpKsl3e1603ab)
DRV - [2010/09/22 17:31:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/05 10:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2009/05/05 10:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2008/12/21 22:49:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/11/24 12:29:00 | 000,647,333 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3114r.sys -- (SI3114r)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/01/08 21:42:44 | 000,022,144 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/08 21:40:24 | 000,167,168 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/08 21:39:34 | 000,617,600 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/08 21:38:26 | 001,068,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:1.19.1
FF - prefs.js..extensions.enabledAddons: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2012.1.11
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.10.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/27 17:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/16 12:55:31 | 000,000,000 | ---D | M]

[2008/08/31 13:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2013/04/27 20:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions
[2010/04/27 20:38:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/20 08:16:37 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2011/01/28 16:02:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/03/24 16:26:56 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2011/05/09 16:38:17 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/04/23 16:35:45 | 000,532,430 | ---- | M] () (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/03/06 18:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/27 17:22:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/12/13 10:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npagent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/20 11:05:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/09/05 14:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll
[2012/06/04 13:52:13 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/17 17:24:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/04 13:52:13 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/04 13:52:13 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/09/17 17:24:41 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/04 13:52:13 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2007/12/10 05:17:32 | 000,648,085 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 17101 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC3C928-AEDE-43BC-BBF5-4A8CDA7600AA}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9aef921-d739-11d9-9ac6-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/28 13:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/28 13:23:47 | 000,000,000 | ---D | C] -- C:\JRT
[2009/06/04 19:48:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Me\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/28 14:19:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1006UA.job
[2013/04/28 14:18:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\MBR.dat
[2013/04/28 14:06:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/28 14:02:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1009UA.job
[2013/04/28 13:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/28 13:29:49 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/28 13:23:56 | 000,443,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/28 13:23:56 | 000,072,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/28 13:19:45 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/28 13:19:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/28 13:19:28 | 1005,375,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/28 11:36:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/04/27 16:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1009Core.job
[2013/04/27 11:58:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/25 16:19:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1006Core.job
[2013/04/12 10:08:07 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/11 12:38:49 | 001,496,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 17:38:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/04/28 14:18:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\MBR.dat
[2012/02/16 07:59:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 22:11:23 | 000,039,140 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/04 19:48:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\vso_ts_preview.xml
[2009/06/04 19:48:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\inst.exe
[2009/06/04 19:48:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.cat
[2009/06/04 19:48:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.inf
[2008/12/21 22:51:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/05/14 16:46:24 | 000,009,108 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\wklnhst.dat
[2005/07/08 23:16:58 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/21 16:26:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/21 20:06:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/26 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/12 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/02/23 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/01/23 00:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/05/10 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/02/02 17:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/09/02 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/06/04 21:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/09/01 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/04 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/23 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\AnvSoft
[2012/03/24 00:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent
[2008/03/13 07:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent DNA
[2012/01/03 13:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/08/21 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\dBpoweramp
[2011/04/19 22:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2012/11/26 18:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\ElevatedDiagnostics
[2010/09/06 21:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\FreeAudioPack
[2010/02/23 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MP3Rocket
[2010/02/23 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NCH Swift Sound
[2010/05/16 17:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2008/09/17 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PPMate
[2011/05/10 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\QFX Software
[2011/03/07 09:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sports Interactive
[2012/10/11 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Spotify
[2009/08/11 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2006/05/14 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Template
[2013/04/21 15:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\uTorrent
[2007/12/29 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\VersionTracker Pro
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Virgin Broadband
[2012/07/14 13:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Vso

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6974837

< End of report >
  • 0

#6
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
You did a good job and that's looking much better.

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
    IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - No CLSID value found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 5904 bytes -> C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 4348 bytes -> C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6974837
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log and new OTL log.

Logs to include in the next post:

OTL fix log
New OTL log


Can you tell me if there are any remaining problems

Satchfan
  • 0

#7
mashu

mashu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Fix log:

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File %SystemRoot%\System32\appmgmts.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\WINDOWS\System32\OEMLOGO.BMP:$Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINDOWS\MESH_SKY.BMP:$Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:18B7103A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DD4DD9B9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6974837 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Me\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Me\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Gemma
->Temp folder emptied: 1787 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Me
->Temp folder emptied: 133071117 bytes
->Temporary Internet Files folder emptied: 86868967 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65677394 bytes
->Google Chrome cache emptied: 410630061 bytes
->Flash cache emptied: 523 bytes

User: NetworkService
->Temp folder emptied: 693340 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5042537 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 100462240 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 765.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04282013_175027

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




New log:

OTL logfile created on: 28/04/2013 18:05:21 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Me\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

958.73 Mb Total Physical Memory | 550.18 Mb Available Physical Memory | 57.39% Memory free
2.26 Gb Paging File | 1.97 Gb Available in Paging File | 87.31% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 185.52 Gb Total Space | 92.42 Gb Free Space | 49.82% Space Free | Partition Type: NTFS

Computer Name: MATTHEW | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/28 11:48:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\My Documents\Downloads\OTL.exe
PRC - [2013/04/09 09:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/27 12:11:46 | 000,284,304 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 12:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 09:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 09:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 09:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2003/08/03 00:24:01 | 000,192,512 | R--- | M] () -- C:\Program Files\SpywareGuard\dlprotect.dll
MOD - [2003/08/03 00:20:57 | 000,126,976 | ---- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Services (SafeList) ==========

SRV - [2013/04/13 18:55:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\MOZILL~1\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2CE4CA9B-1008-4275-A5D8-C8A936002BB1}\MpKsl3e1603ab.sys -- (MpKsl3e1603ab)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/09/22 17:31:34 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/05 10:59:02 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2009/05/05 10:58:30 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2008/12/21 22:49:15 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/08/30 18:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 18:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 18:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/02/24 14:20:22 | 002,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/11/24 12:29:00 | 000,647,333 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2004/02/09 15:27:04 | 000,097,857 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3114r.sys -- (SI3114r)
DRV - [2003/08/06 10:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2003/05/09 16:55:02 | 000,089,749 | ---- | M] (Silicon Image, Inc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2003/02/12 13:37:48 | 000,009,600 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003/01/08 21:42:44 | 000,022,144 | ---- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/01/08 21:40:24 | 000,167,168 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/01/08 21:39:34 | 000,617,600 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/01/08 21:38:26 | 001,068,032 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:1.19.1
FF - prefs.js..extensions.enabledAddons: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2012.1.11
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.19.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.1
FF - prefs.js..extensions.enabledItems: {F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}:2.2010.10.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..browser.startup.homepage:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@SuperAdBlocker.com/sabffx: C:\WINDOWS\system32\SuperAdBlocker.com\npsabffx.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Me\Local Settings\Application Data\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found


[2008/08/31 13:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2013/04/27 20:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions
[2010/04/27 20:38:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/20 08:16:37 | 000,000,000 | ---D | M] (DriverAgent Plugin for Firefox and Opera) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{F8CC37C3-CBEB-4A00-8CBF-26A88693F0C5}
[2011/01/28 16:02:52 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/03/24 16:26:56 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2011/05/09 16:38:17 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\[email protected]
[2013/04/23 16:35:45 | 000,532,430 | ---- | M] () (No name found) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\z4kydkrs.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2007/12/13 10:55:00 | 000,437,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npagent.dll
[2008/09/04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/05/20 11:05:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/09/05 14:56:00 | 000,352,256 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsabffx.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Driver Agent Plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npagent.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: SuperAdBlocker FireFox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Me\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2007/12/10 05:17:32 | 000,648,085 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
O1 - Hosts: 127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
O1 - Hosts: 127.0.0.1 abc-search.info
O1 - Hosts: 127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
O1 - Hosts: 127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
O1 - Hosts: 127.0.0.1 phpadsnew.abac.com
O1 - Hosts: 127.0.0.1 a.abnad.net
O1 - Hosts: 127.0.0.1 b.abnad.net
O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
O1 - Hosts: 127.0.0.1 d.abnad.net
O1 - Hosts: 127.0.0.1 e.abnad.net
O1 - Hosts: 127.0.0.1 t.abnad.net
O1 - Hosts: 127.0.0.1 banners.absolpublisher.com
O1 - Hosts: 127.0.0.1 tracking.absolstats.com
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com
O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
O1 - Hosts: 17101 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CC3C928-AEDE-43BC-BBF5-4A8CDA7600AA}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/21 15:58:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b9aef921-d739-11d9-9ac6-806d6172696f}\Shell\PlayWithPowerDVD\Command - "" = "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l"
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/28 17:50:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/28 13:25:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/04/28 13:23:47 | 000,000,000 | ---D | C] -- C:\JRT
[2009/06/04 19:48:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Me\Application Data\pcouffin.sys
[42 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/28 18:06:02 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/28 18:04:00 | 000,443,208 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/28 18:04:00 | 000,072,282 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/28 18:02:25 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/28 18:02:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1009UA.job
[2013/04/28 18:01:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/28 17:51:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/28 17:51:50 | 1005,375,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/28 17:42:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/28 14:19:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1006UA.job
[2013/04/28 14:18:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\MBR.dat
[2013/04/28 11:36:28 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/04/27 16:02:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1009Core.job
[2013/04/27 11:58:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/25 16:19:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1836164432-2750336667-2572315352-1006Core.job
[2013/04/12 10:08:07 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/04/11 12:38:49 | 001,496,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 17:38:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2013/04/28 14:18:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\MBR.dat
[2012/02/16 07:59:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/04 22:11:23 | 000,039,140 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/04 19:48:55 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\vso_ts_preview.xml
[2009/06/04 19:48:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\inst.exe
[2009/06/04 19:48:34 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.cat
[2009/06/04 19:48:34 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\pcouffin.inf
[2008/12/21 22:51:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/05/14 16:46:24 | 000,009,108 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\wklnhst.dat
[2005/07/08 23:16:58 | 000,110,592 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/21 16:26:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/21 20:06:26 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/29 17:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/26 23:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/12 17:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/02/23 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/01/23 00:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2011/05/10 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2011/02/02 17:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/09/02 18:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/06/04 21:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/09/01 22:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/12/04 22:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/23 20:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\AnvSoft
[2012/03/24 00:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent
[2008/03/13 07:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\BitTorrent DNA
[2012/01/03 13:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/08/21 10:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\dBpoweramp
[2011/04/19 22:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2012/11/26 18:48:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\ElevatedDiagnostics
[2010/09/06 21:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\FreeAudioPack
[2010/02/23 21:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MP3Rocket
[2010/02/23 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NCH Swift Sound
[2010/05/16 17:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2008/09/17 20:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PPMate
[2011/05/10 09:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\QFX Software
[2011/03/07 09:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sports Interactive
[2012/10/11 20:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Spotify
[2009/08/11 13:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2006/05/14 16:46:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Template
[2013/04/21 15:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\uTorrent
[2007/12/29 18:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\VersionTracker Pro
[2007/12/29 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Virgin Broadband
[2012/07/14 13:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Vso

========== Purity Check ==========



< End of report >
  • 0

#8
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts

Can you tell me if there are any remaining problems


  • 0

#9
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Your last log looked clean. If these checks are OK we can tidy up.

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scanner” tab, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button.
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o double click on the Eset installer icon on your desktop.

  • check Yes, I accept the Terms of Use
  • click the Start button.
  • accept any security warnings from your browser.
  • check Scan archives and and Remove found threats.
  • click Advanced settings and select the following:


    o Scan potentially unwanted applications
    o Scan for potentially unsafe applications
    o Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Note - if ESET doesn't find any threats, no report will be created.
  • push the back button.
  • push Finish
If a log has been produced post it in your next reply.

Logs to include with the next post:

checkup.txt
Mbam.txt


Can you tell me if there are any outstanding problems.

Satchfan
  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hi

It has been several days since I asked you to run an some final scans.

Please let me know the results and we can then tidy up

Thanks

Satchfan
  • 0

#11
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP