Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTL log- much malware but need help [Closed]

Started by jawanza , Jun 13 2013 01:02 PM

  • This topic is locked This topic is locked

#1
jawanza
Posted 13 June 2013 - 01:02 PM

jawanza

    New Member

  • Member
  • Pip
  • 2 posts
Hi geeks to go. I am helping out my sister who's computer is swimming with what seems to be malware and possibly viruses (the younger kids do not really think about what they click on)

I am unsure what exactly is going on but have run OTL and I have attached the log, if someone could give us advice of what to do next it would be fab

p.s this is too cute and had to tell you all this that when I explained about geeks to go and how they helped people she genuinely said "that's so sweet, its like christian aid for computers"

OTL logfile created on: 13/06/2013 19:37:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\admin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 66.17% Memory free
3.84 Gb Paging File | 3.28 Gb Available in Paging File | 85.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 35.12 Gb Free Space | 47.12% Space Free | Partition Type: NTFS
Drive D: | 589.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: XPPRO-OEM | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/13 19:36:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\My Documents\Downloads\OTL.exe
PRC - [2013/05/31 22:08:37 | 002,839,592 | ---- | M] (Iminent) -- C:\Program Files\Common Files\Umbrella\umbrella.exe
PRC - [2013/05/29 06:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/05/16 03:09:57 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/04/11 15:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/02/11 08:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2012/06/05 11:01:10 | 000,217,200 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe
PRC - [2012/05/10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2011/07/03 15:47:25 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\SAService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe
PRC - [2007/08/24 22:57:48 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
PRC - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/29 06:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013/05/29 06:27:37 | 013,136,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013/05/29 06:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013/05/29 06:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013/05/16 03:09:57 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
MOD - [2013/02/11 08:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
MOD - [2012/11/15 04:11:59 | 004,537,856 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libGLESv2.dll
MOD - [2012/11/15 04:11:59 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.3.0\libEGL.dll
MOD - [2012/06/05 11:01:22 | 000,669,808 | ---- | M] () -- C:\Program Files\Fighters\FULL-DISKfighter\MyDefragDll.dll
MOD - [2011/07/03 15:47:25 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\SAService.exe
MOD - [2011/07/03 15:47:25 | 000,116,000 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\CntScan.dll
MOD - [2011/07/03 15:47:25 | 000,111,904 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\APengine.dll
MOD - [2011/07/03 15:47:25 | 000,070,432 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\McFrmWk.dll
MOD - [2011/07/03 15:47:25 | 000,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\saHook.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/08/24 22:57:48 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
MOD - [2007/08/24 22:57:10 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\SiteAdv.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\admin\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/06/13 11:42:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/31 22:08:37 | 002,839,592 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/05/23 18:38:12 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/16 03:09:57 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\admin\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/04/11 15:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/03/22 15:09:37 | 002,787,280 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/03/17 23:40:34 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Stopped] -- C:\Program Files\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/11 08:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/02/05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/11 07:52:12 | 000,256,472 | ---- | M] (Inuvo Inc.) [Auto | Stopped] -- C:\Documents and Settings\admin\Application Data\alotservice\alotservice.exe -- (AlotService)
SRV - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/05 11:01:10 | 000,217,200 | ---- | M] (SPAMfighter ApS) [On_Demand | Running] -- C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)
SRV - [2012/05/10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/07/03 15:47:25 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6172\SAService.exe -- (SiteAdvisor Service)
SRV - [2010/08/05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2008/01/25 01:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008/01/09 15:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007/12/11 12:33:42 | 000,358,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007/11/26 10:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007/07/18 15:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1869E22D-517D-4267-99F9-1D31DA95CB20}\MpKslc8e3edd9.sys -- (MpKslc8e3edd9)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tyfwca.sys -- (blpgrx)
DRV - [2012/12/19 01:14:20 | 000,062,208 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\120622.sys -- (120622)
DRV - [2012/08/02 15:57:26 | 000,058,696 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys -- (X4HSEx_Pr143)
DRV - [2011/02/15 21:55:06 | 000,106,240 | ---- | M] (HSPAHandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwhsnmea.sys -- (zgwhsnmea)
DRV - [2011/02/15 21:55:06 | 000,106,240 | ---- | M] (HSPAHandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwhsmdm.sys -- (zgwhsmdm)
DRV - [2011/02/15 21:55:06 | 000,106,240 | ---- | M] (HSPAHandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwhsdiag.sys -- (zgwhsdiag)
DRV - [2011/02/15 21:55:06 | 000,009,216 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2008/04/14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2007/07/13 06:20:24 | 000,113,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2005/03/17 16:30:10 | 000,132,608 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 11:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 11:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1818877193&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {7F63C3E4-D433-4380-A9E4-31FC9E00502F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7F63C3E4-D433-4380-A9E4-31FC9E00502F}: "URL" = http://start.mysearc...=1818877193&ir=
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...06F00142260B59F
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sky.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...91-007D598D7584
IE - HKCU\..\URLSearchHook: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {3de04067-bc68-4514-9947-c1834fc15cad} - C:\Program Files\Softonic-EngUK\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {7F63C3E4-D433-4380-A9E4-31FC9E00502F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...06F00142260B59F
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADSA_enGB399
IE - HKCU\..\SearchScopes\{7F63C3E4-D433-4380-A9E4-31FC9E00502F}: "URL" = http://search.condui...0371725472&UM=2
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://start.funmood...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.3.2000.1(B)
IE - HKCU\..\SearchScopes\{B1FAC482-A3E4-49E4-8B22-B22360CD91A4}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=254&lng=en
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\admin\Local Settings\Application Data\RobloxVersions\version-ffdcbe616f2f4697\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4wffxtbr@Retrogamer_4w.com: C:\Program Files\Retrogamer_4w\bar\1.bin [2012/12/24 19:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]:
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6172\FF\ [2011/08/18 11:37:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\ExFriendAlert\Firefox\ [2013/02/07 10:43:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HappyLyrics\FF\ [2013/05/14 10:24:00 | 000,000,000 | ---D | M]

[2012/05/12 21:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: StartWeb (Enabled)
CHR - default_search_provider: search_url = http://start.iminent...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Mindspark Toolbar Plugin (Enabled) = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjbmniocfapfhcelcljpofcchebglfkm\4.94.1.35379_0\plugins/paChromePlugIn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Documents and Settings\admin\Local Settings\Application Data\RobloxVersions\version-ffdcbe616f2f4697\\NPRobloxProxy.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\admin\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: No name found = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Babylon Toolbar = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: Babylon Toolbar = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Babylon Toolbar = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_1\
CHR - Extension: Happy Lyrics = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj\1.111_0\
CHR - Extension: Happy Lyrics = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj\1.114_0\
CHR - Extension: Delta Toolbar = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_0\
CHR - Extension: Delta Toolbar = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4_1\
CHR - Extension: MixiDJ V30 = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.15.2.24\
CHR - Extension: MixiDJ V30 = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen\10.15.2.24_0\
CHR - Extension: No name found = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpinjohdoeecbkhkcbeinoncieipmmol\1.23.4_0\crossrider
CHR - Extension: No name found = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpinjohdoeecbkhkcbeinoncieipmmol\1.23.4_0\
CHR - Extension: FilmFanatic = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjbmniocfapfhcelcljpofcchebglfkm\4.75.1.28669_0\
CHR - Extension: FilmFanatic = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hjbmniocfapfhcelcljpofcchebglfkm\4.94.1.35379_0\
CHR - Extension: Iminent = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.19.4.1_0\
CHR - Extension: Iminent = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.19.4.1_1\
CHR - Extension: ExFriendAlert = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.77_0\
CHR - Extension: ExFriendAlert = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.77_1\
CHR - Extension: Wajam = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Wajam = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_1\
CHR - Extension: DefaultTab = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
CHR - Extension: DefaultTab = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_1\
CHR - Extension: RebateInformer = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal\1.0.0.12_0\
CHR - Extension: RebateInformer = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\odbbfaealmlpnodchplhdomkgpdkeeal\1.0.0.12_1\
CHR - Extension: MySearchDial = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\8.0.1_0\
CHR - Extension: No name found = C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2004/08/04 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Supreme Savings Plugin) - {11111111-1111-1111-1111-110311291112} - C:\Program Files\Supreme Savings Plugin\Supreme Savings Plugin-bho.dll (Innovative Apps)
O2 - BHO: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (Softonic-EngUK Toolbar) - {3de04067-bc68-4514-9947-c1834fc15cad} - C:\Program Files\Softonic-EngUK\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (ExFriendAlert) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\ExFriendAlert\IE\common.dll (ExFriendAlert)
O2 - BHO: (DealPly Shopping) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (Happy Lyrics) - {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - C:\Program Files\HappyLyrics\hppylrc.dll (Happy Productions)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\admin\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Inuvo, Inc)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Begin-download FLV B2 Toolbar) - {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Inuvo, Inc)
O3 - HKLM\..\Toolbar: (Begin-download FLV B2 Toolbar) - {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MixiDJ V30 Toolbar) - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Retrogamer) - {3392CFEC-56F8-41EE-BDB4-4E301EFD2C93} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-EngUK Toolbar) - {3DE04067-BC68-4514-9947-C1834FC15CAD} - C:\Program Files\Softonic-EngUK\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Begin-download FLV B2 Toolbar) - {BD8006AA-6E85-4B36-BB42-7F97053D5B70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [24x7HELP] C:\Program Files\24x7Help\App24x7Help.exe (Crawler, LLC)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey File not found
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKCU..\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe (Omega Partners Ltd)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe (SPAMfighter ApS)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\admin\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun File not found
O4 - HKCU..\Run: [Updater32912.exe] C:\Documents and Settings\admin\Local Settings\Application Data\Updater32912\Updater32912.exe (Innovative Apps)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKCU..\Run: [Yontoo Desktop] C:\Documents and Settings\admin\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKLM..\RunOnce: [FilmFanatic Chrome Extension-bar-CrxRegPatcher] C:\Program Files\FilmFanatic Chrome Extension\bar\CrxRegPatcher.exe (Mindspark Interactive Network)
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\admin\Start Menu\Programs\Startup\Skype.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.retro...2012122211&cv=3 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\nwprovau.dll File not found
O15 - HKCU\..Trusted Domains: google.co.uk ([www] http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1356136044906 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{998D41CE-C323-46D6-AF86-D268A04301BB}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\rebinfo {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (xxC:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE~1\261249~1.132\{C16C1~1\BROWSE~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/01 13:59:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/10/10 16:34:20 | 000,000,055 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{c67d62ce-3144-11e1-be75-00142260b59f}\Shell - "" = AutoRun
O33 - MountPoints2\{c67d62ce-3144-11e1-be75-00142260b59f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c67d62ce-3144-11e1-be75-00142260b59f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/13 19:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\CyberLink PowerDVD
[2013/06/13 16:49:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013/05/29 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\mysearchdial
[2013/05/27 01:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2013/05/27 01:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013/05/24 15:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/24 15:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VAFPlayer
[2013/05/24 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/05/24 15:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\player
[2013/05/24 15:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Updater32912
[2013/05/24 15:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Optimizer Pro
[2013/05/24 15:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro
[2013/05/24 15:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/05/24 15:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Supreme Savings Plugin
[2013/05/20 00:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Iminent
[2013/05/16 15:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iminent
[2013/05/16 03:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/05/16 03:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Free Ride Games
[2013/05/16 03:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\MixiDJ_V30
[2013/05/16 03:15:33 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/05/16 03:15:33 | 000,000,000 | ---D | C] -- C:\Program Files\MixiDJ_V30
[2013/05/16 03:15:01 | 001,132,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2013/05/16 03:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2013/05/16 03:14:18 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\WINDOWS\ExentInfo.exe
[2013/05/16 03:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free Ride Games
[2013/05/16 03:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\CRE
[2013/05/16 03:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Fighters
[2013/05/16 03:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fighters
[2013/05/16 03:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2013/05/16 03:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Fighters
[2013/05/16 03:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2013/05/16 03:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Iminent
[2013/05/16 03:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013/05/16 03:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013/05/16 03:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/05/16 03:09:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/05/16 03:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\DefaultTab
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/13 19:42:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/13 19:42:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{953EC0B5-36D4-44EF-B7C5-2C90E665DD84}.job
[2013/06/13 19:42:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\BrowserProtect.job
[2013/06/13 19:27:38 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_admin_PCHealthBoost_LG.job
[2013/06/13 19:25:55 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Happy Lyrics Update.job
[2013/06/13 19:23:58 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 19:23:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/13 19:22:44 | 000,006,290 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2013/06/13 19:22:18 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2013/06/13 18:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/13 17:47:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/06/13 17:12:10 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2013/06/13 16:57:40 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\skype.ini
[2013/06/13 16:55:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/13 16:54:09 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7BE475E-C29A-4C3E-B613-0798241594B4}.job
[2013/06/13 11:42:19 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/13 11:42:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/06/13 09:50:01 | 000,000,000 | ---- | M] () -- C:\END
[2013/06/13 09:49:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\TempWmicBatchFile.bat
[2013/06/13 09:48:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/31 16:21:43 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/05/31 16:14:43 | 000,000,557 | ---- | M] () -- C:\WINDOWS\System32\MyDefrag.debuglog
[2013/05/31 01:35:01 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/05/31 01:33:03 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/05/31 01:33:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
[2013/05/27 01:33:33 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MySearchDial.url
[2013/05/27 01:33:33 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Games.url
[2013/05/26 04:01:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_admin_PCHealthBoost_UP.job
[2013/05/26 04:01:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_admin_PCHealthBoost_RN.job
[2013/05/26 04:01:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_admin_PCHealthBoost_RM.job
[2013/05/26 03:00:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\PCHB_admin_PCHealthBoost_RS.job
[2013/05/24 15:11:58 | 000,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VAFPlayer.lnk
[2013/05/24 15:10:16 | 000,502,770 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/24 15:10:16 | 000,088,294 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/24 15:04:08 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Optimizer Pro.lnk
[2013/05/18 07:54:18 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for admin.job
[2013/05/16 15:05:08 | 000,000,596 | ---- | M] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/05/16 03:18:30 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Play 7 Wonders II.lnk
[2013/05/16 03:15:58 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
[2013/05/16 03:15:53 | 000,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2013/05/16 03:12:43 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FULL-DISKfighter.lnk
[2013/05/16 03:09:59 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\admin\ntuser.pol
[2013/05/15 14:33:22 | 000,001,831 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/31 16:21:43 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013/05/27 01:34:57 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2013/05/27 01:33:43 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/05/27 01:33:37 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
[2013/05/27 01:33:33 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MySearchDial.url
[2013/05/27 01:33:33 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Games.url
[2013/05/27 00:59:43 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\BrowserProtect.job
[2013/05/26 00:14:02 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\skype.ini
[2013/05/24 15:11:58 | 000,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VAFPlayer.lnk
[2013/05/24 15:04:08 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Optimizer Pro.lnk
[2013/05/20 00:53:43 | 000,000,557 | ---- | C] () -- C:\WINDOWS\System32\MyDefrag.debuglog
[2013/05/16 15:04:53 | 000,000,596 | ---- | C] () -- C:\WINDOWS\System32\InstallUtil.InstallLog
[2013/05/16 03:16:27 | 000,001,885 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\Play 7 Wonders II.lnk
[2013/05/16 03:15:58 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Free Games.lnk
[2013/05/16 03:15:53 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2013/05/16 03:12:43 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FULL-DISKfighter.lnk
[2013/05/16 03:09:59 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\admin\ntuser.pol
[2013/03/29 20:28:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\65um8Mf62.dat
[2013/03/29 20:28:34 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe_
[2013/03/29 20:28:34 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe
[2013/03/29 20:28:34 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe_.b
[2013/03/29 20:28:34 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe.b
[2012/12/19 01:14:20 | 000,062,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\120622.sys
[2012/12/19 01:13:30 | 000,013,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/09/15 22:05:24 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cywo.sys
[2012/09/02 16:26:18 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\binkw32.dll
[2012/08/26 16:46:47 | 000,001,695 | ---- | C] () -- C:\WINDOWS\disney.ini
[2012/06/28 12:25:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/06/28 12:25:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/06/28 12:25:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012/05/20 13:03:59 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\admin\Application Data\mbam.context.scan
[2012/05/04 18:49:04 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\store-pp.jbs
[2012/02/15 10:51:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/30 22:19:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/16 17:04:19 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/11 11:25:26 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2010/12/09 16:15:09 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{adefcb06-83b6-c13c-87c4-df52fbafc536}\@
[2012/07/07 10:13:44 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{adefcb06-83b6-c13c-87c4-df52fbafc536}\L
[2012/08/03 15:35:17 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{adefcb06-83b6-c13c-87c4-df52fbafc536}\U
[2012/07/07 19:48:56 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{adefcb06-83b6-c13c-87c4-df52fbafc536}\L\00000004.@
[2012/07/07 21:52:54 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\@
[2010/12/09 16:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\admin\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\L
[2010/12/09 16:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\admin\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\U
[2010/12/09 16:15:09 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\kids\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\@
[2010/12/09 16:15:09 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\kids\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\L
[2012/08/04 16:29:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\kids\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\U
[2012/08/04 15:42:47 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\kids\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}\U\00000001.@
[2013/05/05 23:05:56 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$adefcb0683b6c13c87c4df52fbafc536\@
[2013/05/06 08:59:02 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$adefcb0683b6c13c87c4df52fbafc536\L
[2013/05/12 20:15:56 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$adefcb0683b6c13c87c4df52fbafc536\U
[2013/05/12 20:15:41 | 000,000,804 | ---- | M] () -- C:\RECYCLER\S-1-5-18\$adefcb0683b6c13c87c4df52fbafc536\L\00000004.@
[2011/08/11 11:22:47 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = shell32.dll -- [2012/06/08 15:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 05:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >

Attached Files

  • Attached File  OTL.Txt   119.69KB   76 downloads

  • 0

Advertisements

#2
Essexboy
Posted 13 June 2013 - 03:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi this is badly infected, in addition to the adware/toolbars etc.. There is also a zero access infection

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Documents and Settings\admin\Application Data\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/05/31 22:08:37 | 002,839,592 | ---- | M] (Iminent) [Auto | Running] -- C:\Program Files\Common Files\Umbrella\umbrella.exe -- (SProtection)
SRV - [2013/05/16 03:09:57 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Documents and Settings\admin\Application Data\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/04/11 15:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/03/22 15:09:37 | 002,787,280 | ---- | M] () [Disabled | Stopped] -- C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/03/17 23:40:34 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Stopped] -- C:\Program Files\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2013/02/11 08:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/01/11 07:52:12 | 000,256,472 | ---- | M] (Inuvo Inc.) [Auto | Stopped] -- C:\Documents and Settings\admin\Application Data\alotservice\alotservice.exe -- (AlotService)
SRV - [2012/06/14 16:20:22 | 000,109,064 | ---- | M] (Wajam) [Auto | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2012/06/05 11:01:10 | 000,217,200 | ---- | M] (SPAMfighter ApS) [On_Demand | Running] -- C:\Program Files\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe -- (Common Toolkit Tools)
SRV - [2012/05/10 13:11:24 | 001,267,264 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tyfwca.sys -- (blpgrx)
DRV - [2012/12/19 01:14:20 | 000,062,208 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\120622.sys -- (120622)
DRV - [2012/08/02 15:57:26 | 000,058,696 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.sys -- (X4HSEx_Pr143)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1818877193&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {7F63C3E4-D433-4380-A9E4-31FC9E00502F}
IE - HKLM\..\SearchScopes\{7F63C3E4-D433-4380-A9E4-31FC9E00502F}: "URL" = http://start.mysearc...=1818877193&ir=
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www1.delta-se...06F00142260B59F
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...91-007D598D7584
IE - HKCU\..\URLSearchHook: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {3de04067-bc68-4514-9947-c1834fc15cad} - C:\Program Files\Softonic-EngUK\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {7F63C3E4-D433-4380-A9E4-31FC9E00502F}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...06F00142260B59F
IE - HKCU\..\SearchScopes\{7F63C3E4-D433-4380-A9E4-31FC9E00502F}: "URL" = http://search.condui...0371725472&UM=2
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://start.funmood...q={searchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.3.2000.1(B)
IE - HKCU\..\SearchScopes\{B1FAC482-A3E4-49E4-8B22-B22360CD91A4}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://start.iminent...q={searchTerms}
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=254&lng=en
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: 
O2 - BHO: (Supreme Savings Plugin) - {11111111-1111-1111-1111-110311291112} - C:\Program Files\Supreme Savings Plugin\Supreme Savings Plugin-bho.dll (Innovative Apps)
O2 - BHO: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Softonic-EngUK Toolbar) - {3de04067-bc68-4514-9947-c1834fc15cad} - C:\Program Files\Softonic-EngUK\prxtbSof0.dll (Conduit Ltd.)
O2 - BHO: (ExFriendAlert) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files\ExFriendAlert\IE\common.dll (ExFriendAlert)
O2 - BHO: (DealPly Shopping) - {4B6ACEA2-308A-4876-AD36-57CEC5B4FCC7} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
O2 - BHO: (Happy Lyrics) - {59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - C:\Program Files\HappyLyrics\hppylrc.dll (Happy Productions)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\admin\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Inuvo, Inc)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Begin-download FLV B2 Toolbar) - {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll File not found
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\Program Files\RebateInformer\RebateI.dll (Inbox.com, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Inuvo, Inc)
O3 - HKLM\..\Toolbar: (Begin-download FLV B2 Toolbar) - {bd8006aa-6e85-4b36-bb42-7f97053d5b70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MixiDJ V30 Toolbar) - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} - C:\Program Files\MixiDJ_V30\prxtbMix0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Retrogamer) - {3392CFEC-56F8-41EE-BDB4-4E301EFD2C93} - C:\Program Files\Retrogamer_4w\bar\1.bin\4wbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-EngUK Toolbar) - {3DE04067-BC68-4514-9947-C1834FC15CAD} - C:\Program Files\Softonic-EngUK\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Begin-download FLV B2 Toolbar) - {BD8006AA-6E85-4B36-BB42-7F97053D5B70} - C:\Program Files\Begin-download_FLV_B2\prxtbBeg2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [24x7HELP] C:\Program Files\24x7Help\App24x7Help.exe (Crawler, LLC)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe (Omega Partners Ltd)
O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKCU..\Run: [FDPRO-516] C:\Program Files\Fighters\FighterLauncher.exe (SPAMfighter ApS)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [RebateInformer] C:\Program Files\RebateInformer\RebateInf.exe (Inbox.com, Inc.)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\admin\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun File not found
O4 - HKCU..\Run: [Updater32912.exe] C:\Documents and Settings\admin\Local Settings\Application Data\Updater32912\Updater32912.exe (Innovative Apps)
O4 - HKCU..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKCU..\Run: [Yontoo Desktop] C:\Documents and Settings\admin\Application Data\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKLM..\RunOnce: [FilmFanatic Chrome Extension-bar-CrxRegPatcher] C:\Program Files\FilmFanatic Chrome Extension\bar\CrxRegPatcher.exe (Mindspark Interactive Network)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Value error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - Reg Error: Value error. File not found
O20 - AppInit_DLLs: (xxC:\DOCUME~1\ALLUSE~1\APPLIC~1\BROWSE~1\261249~1.132\{C16C1~1\BROWSE~1.DLL) - File not found
[2013/05/29 23:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\mysearchdial
[2013/05/27 01:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2013/05/27 01:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013/05/24 15:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/24 15:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VAFPlayer
[2013/05/24 15:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2013/05/24 15:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\player
[2013/05/24 15:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\Updater32912
[2013/05/24 15:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Optimizer Pro
[2013/05/24 15:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro
[2013/05/24 15:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\Optimizer Pro
[2013/05/24 15:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Supreme Savings Plugin
[2013/05/20 00:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Iminent
[2013/05/16 15:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Iminent
[2013/05/16 03:16:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Free Ride Games
[2013/05/16 03:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\MixiDJ_V30
[2013/05/16 03:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2013/05/16 03:14:18 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\WINDOWS\ExentInfo.exe
[2013/05/16 03:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Free Ride Games
[2013/05/16 03:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Local Settings\Application Data\CRE
[2013/05/16 03:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Fighters
[2013/05/16 03:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fighters
[2013/05/16 03:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\Fighters
[2013/05/16 03:12:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\Fighters
[2013/05/16 03:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fighters
[2013/05/16 03:11:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Iminent
[2013/05/16 03:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013/05/16 03:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013/05/16 03:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/05/16 03:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\DefaultTab
[2013/06/13 19:42:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\BrowserProtect.job
[2013/06/13 19:25:55 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Happy Lyrics Update.job
[2013/05/31 01:33:03 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
[2013/05/27 01:33:33 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MySearchDial.url
[2013/05/27 01:33:33 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Games.url
[2013/05/24 15:04:08 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\Optimizer Pro.lnk
[2013/03/29 20:28:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\65um8Mf62.dat
[2013/03/29 20:28:34 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe_
[2013/03/29 20:28:34 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe
[2013/03/29 20:28:34 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe_.b
[2013/03/29 20:28:34 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\58E3GKR8.exe.b
[2012/12/19 01:13:30 | 000,013,018 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl

:Files
 C:\Program Files\Common Files\Umbrella
C:\Documents and Settings\admin\Application Data\DefaultTab
C:\Program Files\SearchProtect
C:\Program Files\DefaultTab
C:\Program Files\Fighters
C:\WINDOWS\tasks\At*.job
C:\WINDOWS\Installer\{adefcb06-83b6-c13c-87c4-df52fbafc536}
 C:\Documents and Settings\admin\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}
C:\Documents and Settings\kids\Local Settings\Application Data\{adefcb06-83b6-c13c-87c4-df52fbafc536}
C:\RECYCLER\S-1-5-18

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#3
jawanza
Posted 14 June 2013 - 01:40 AM

jawanza

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi; after putting in the script you wrote (thanks for the fast response by the way)OTL has been running for about 10 hours. It seems like a long time; should I just leave it to it or has something gone wrong?
  • 0

#4
Essexboy
Posted 14 June 2013 - 02:28 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK jump direct to the combofix scan please as it is a bit deeper than I thought
  • 0

#5
Essexboy
Posted 19 June 2013 - 07:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP