Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE 8 adware, hijacked links, limited page functionality [Solved]


  • This topic is locked This topic is locked

#1
msujedi

msujedi

    Member

  • Member
  • PipPip
  • 61 posts
Origin:We've had an array of pop-up and adware issues for nearly a month. I believe the problems began with a download utility named "ipumper". I was debating modern math standards vs math standards around 1900, and had searched for an 8th grade math exam from 1900. I thought I found a site with such a document to download. After clicking to download it, "ipumper" installed, but computer began acting funny & no math test downloaded. I attempted to uninstall ipumper, and believed I was successful. Yet, I've had increasing issues with adware over the past month.

Current Security:We've used Norton Internet Security for years, and also run periodic scans with free versions of Malwarebytes and Superantispyware. Despite increasing pop-up blocking level and removing adware/spyware that the above programs find, the problems are getting worse.

Problem Description:Specifically, pages frequently load that are supposed to have clickable links. However, instead of having my regular finger pointing icon, the mouse pointer is just an arrow. If I click anywhere on the page a pop-up advertisement comes up. Sometimes refreshing the page gives me normal funcionality on the page, but sometimes not. Blue text intended by sites to take me to a specific sub-page brings up pop-up ads instead. This is making web navigation increasingly difficult, time-consuming, and in some cases impossible to complete certain tasks.

I have tried pasting the web addresses of the pop-ups in the blocked pages list in IE 8 options, but that has not helped at all.

OTL log below:
OTL logfile created on: 6/14/2013 10:12:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jed\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.15% Memory free
5.09 Gb Paging File | 3.72 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 64.80 Gb Free Space | 34.78% Space Free | Partition Type: NTFS
Drive H: | 33.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 698.64 Gb Total Space | 582.61 Gb Free Space | 83.39% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 243.68 Gb Free Space | 26.16% Space Free | Partition Type: NTFS

Computer Name: HOME-STUDY | User Name: Jed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 10:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jed\Desktop\OTL.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/15 18:17:29 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/26 09:30:00 | 000,687,104 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/11/16 11:51:54 | 000,361,472 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
PRC - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 22:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 22:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2011/02/11 19:28:52 | 001,522,080 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2011/02/02 10:46:40 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/02/17 19:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/02/09 16:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
PRC - [2009/06/26 18:21:00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2008/09/25 15:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2008/09/25 15:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
PRC - [2008/09/25 15:52:04 | 000,085,360 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\NswUiTray.exe
PRC - [2008/08/13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\GUI.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/04 05:32:22 | 000,016,288 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2native.dll
MOD - [2013/04/04 05:32:16 | 000,196,512 | ---- | M] () -- C:\Program Files\Java\jre7\bin\jp2iexp.dll
MOD - [2013/03/20 06:13:18 | 000,830,312 | ---- | M] () -- C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms\temp.dat
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/26 09:30:00 | 000,687,104 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/24 22:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 21:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 14:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 14:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 14:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 14:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 13:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/17 19:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
MOD - [2010/02/17 19:25:12 | 000,132,096 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll
MOD - [2010/02/09 16:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
MOD - [2009/09/17 11:40:32 | 000,262,144 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\MFCCPU.dll
MOD - [2009/09/04 13:15:10 | 002,232,391 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\Normal.dll
MOD - [2009/09/04 11:45:28 | 000,331,843 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\work.dll
MOD - [2009/08/28 12:28:34 | 000,135,168 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\OCK.dll
MOD - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
MOD - [2009/06/16 17:06:12 | 000,192,512 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\GVTunner.dll
MOD - [2009/04/16 15:31:28 | 000,106,496 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\HM.dll
MOD - [2009/03/13 12:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\ycc.dll
MOD - [2009/03/13 12:30:44 | 000,109,096 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\ycc.dll
MOD - [2009/02/23 01:21:28 | 004,296,704 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\AODAPI.dll
MOD - [2008/09/01 15:26:32 | 000,102,400 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\SF.dll
MOD - [2008/05/07 16:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\CIAMIB.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/03/25 18:21:56 | 000,219,656 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\GUI.exe
MOD - [2004/02/26 02:18:04 | 000,565,248 | R--- | M] () -- C:\WINDOWS\system32\hpotscl.dll
MOD - [2003/02/14 15:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files\Gigabyte\ET6\Sound.dll
MOD - [2001/10/28 18:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android -- (BstHdAndroidSvc)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/06/11 14:21:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/04/04 05:32:53 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/11/26 09:30:00 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/11 14:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/11/16 11:51:54 | 000,361,472 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2011/02/24 22:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/05/04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/02/17 19:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 16:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2009/08/24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2008/09/25 15:53:32 | 000,181,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2008/09/25 15:53:16 | 000,095,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2008/08/01 11:31:11 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2008/08/01 11:31:01 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2004/02/26 02:18:00 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rqovvls.sys -- (icpewgy)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\22383090.sys -- (97483336)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\62981139.sys -- (81281435)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\59955306.sys -- (73930823)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\28866472.sys -- (71044900)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\42027524.sys -- (69414001)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\09056217.sys -- (57106531)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\61220993.sys -- (39780917)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\53035207.sys -- (30676609)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\27221207.sys -- (25389074)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\40526349.sys -- (19561505)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\50627547.sys -- (15130377)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\91350917.sys -- (13774688)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\58086342.sys -- (13259072)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\61117109.sys -- (11579134)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\56387748.sys -- (05876603)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\22430066.sys -- (01252258)
DRV - [2013/06/13 16:32:40 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2013/06/13 16:32:26 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2013/06/10 17:20:53 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/22 16:20:21 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130614.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/05/22 16:20:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130614.001\NAVENG.SYS -- (NAVENG)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/05/03 15:34:04 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130613.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/04/24 20:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\ccsetx86.sys -- (ccSet_NIS)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/04 21:39:19 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2013/03/04 21:21:35 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/11/19 19:57:46 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\33338982.sys -- (79694497)
DRV - [2012/11/19 19:49:16 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\27966473.sys -- (40273033)
DRV - [2012/11/19 19:39:30 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\97114780.sys -- (91902631)
DRV - [2012/11/18 20:33:37 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\43464843.sys -- (21133191)
DRV - [2012/11/17 01:07:08 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2012/10/08 08:35:27 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/10/08 08:35:27 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/23 16:23:24 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/02/15 14:17:12 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2009/08/18 05:32:00 | 005,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/08/13 04:10:36 | 000,096,368 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2009/06/29 07:59:14 | 000,142,592 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/06/26 18:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/22 17:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009/02/23 01:16:22 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Gigabyte\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2008/09/25 15:53:36 | 000,095,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2008/09/25 15:53:14 | 000,087,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2008/08/05 08:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/21 02:47:30 | 000,273,152 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/01/04 03:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/08/18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/06/02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/05/19 17:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2005/02/10 12:55:08 | 000,062,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
DRV - [2004/09/01 15:50:02 | 000,188,416 | ---- | M] (Pinnacle Systems GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2004/07/05 02:21:00 | 000,008,832 | ---- | M] (Walter Oney Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\filter.sys -- (filter)
DRV - [2003/11/28 19:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2001/10/04 12:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKCU\..\URLSearchHook: {a55bb532-2438-4ece-820e-3e2c86861893} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {E519AA1F-E8A8-47ED-92E3-BCFB65055819}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}
IE - HKCU\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://www.ask.com/w...&apn_ptnrs=^A4L &apn_uid=0775026614344595&p2=^A4L ^YYYYYY^YY^US&q={searchTerms}
IE - HKCU\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Documents and Settings\Jed\My Documents\My Music\iTunes\iTunes Music\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2013/06/13 07:05:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Jed\Application Data\iPumper\extension_firefox.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ [2013/05/04 15:19:51 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - Extension: No name found = C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: No name found = C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/18 20:58:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Updater For Comcast Toolbar 3.5) - {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files\comcasttb\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms\temp.dat ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O2 - BHO: (no name) - {a55bb532-2438-4ece-820e-3e2c86861893} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Fast Free Converter 4.1) - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {a55bb532-2438-4ece-820e-3e2c86861893} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\Gigabyte\ET6\ETcall.exe ()
O4 - HKLM..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe (Neodio Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NswUiTray] C:\Program Files\Norton SystemWorks\NswUiTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector10\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: k12.mi.us ([myrcs.rochester] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Key error. (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1352346730421 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {86151F1E-864B-4419-BAB5-318476BD831B} https://myrcs.roches...itesControl.cab (TrustedSitesControl Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50505416-8C0B-4C07-9FE1-0BE54A3A4224}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: J:\MAZATLAN_PUEBLO_BONITO.BMP
O24 - Desktop BackupWallPaper: J:\MAZATLAN_PUEBLO_BONITO.BMP
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/12 22:26:21 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 10:12:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jed\Desktop\OTL.exe
[2013/06/10 00:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\photodeluxe be 1.1
[2013/06/09 23:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\NPE
[2013/06/09 22:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/06/07 23:08:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\AppData
[2013/06/07 23:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Helper
[2013/06/07 23:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Free Converter
[2013/06/07 23:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms
[2013/06/07 23:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\Games_Bar_A
[2013/06/07 23:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Games_Bar_A
[2013/06/07 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\Conduit
[2013/06/07 23:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Application Data\iPumper
[2013/05/17 01:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/05/17 01:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2013/06/14 10:17:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/14 10:12:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jed\Desktop\OTL.exe
[2013/06/14 10:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/06/14 09:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/06/13 23:57:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/13 22:17:00 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/13 18:00:00 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/06/13 16:40:27 | 000,121,856 | ---- | M] () -- C:\Documents and Settings\Jed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/13 16:32:40 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2013/06/13 16:32:39 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2013/06/13 16:32:22 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2013/06/13 16:31:17 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/06/13 07:04:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/13 01:41:37 | 000,666,859 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\Cat.DB
[2013/06/13 01:21:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/11 07:28:20 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2013/06/11 07:27:00 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/06/10 18:03:59 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2013/06/10 17:20:53 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/06/10 17:20:53 | 000,007,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/06/10 17:20:53 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/06/10 00:58:49 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2013/06/09 22:33:31 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/06/09 02:13:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/07 23:08:27 | 000,000,002 | ---- | M] () -- C:\END
[2013/06/07 21:56:57 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2013/06/04 02:34:29 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\isolate.ini
[2013/06/02 09:22:38 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/23 22:09:47 | 000,008,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\symds.cat
[2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1404000.028\symefa.sys
[2013/05/23 01:25:28 | 000,007,583 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\symefa.cat
[2013/05/23 01:25:28 | 000,003,434 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\symefa.inf
[2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1404000.028\symds.sys
[2013/05/21 01:02:00 | 000,002,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\symds.inf
[2013/05/21 00:40:20 | 000,008,059 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\srtsp.cat
[2013/05/17 01:09:45 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1404000.028\srtsp.sys
[2013/05/16 01:02:14 | 000,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1404000.028\srtsp.inf
[2013/05/15 17:26:48 | 000,421,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 11:36:06 | 000,506,758 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 11:36:06 | 000,089,778 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/06/09 22:33:31 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpywareBlaster.lnk
[2013/06/07 23:06:01 | 000,000,002 | ---- | C] () -- C:\END
[2013/05/17 01:09:45 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/04/05 22:39:50 | 000,128,000 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2012/05/14 01:43:29 | 000,607,794 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1993962763-1292428093-839522115-1004-0.dat
[2012/05/14 01:43:28 | 000,172,882 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 11:29:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/08 01:10:45 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2009/12/30 17:00:22 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jed\Local Settings\Application Data\fusioncache.dat
[2009/12/30 13:49:09 | 000,121,856 | ---- | C] () -- C:\Documents and Settings\Jed\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/12/12 18:19:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/10/29 01:38:22 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/17 01:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2011/11/12 21:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/12 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2012/11/30 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2012/11/13 00:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacks
[2013/05/03 07:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BlueStacksSetup
[2010/11/09 15:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Caspedia
[2011/04/10 23:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2010/09/01 23:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/08/28 13:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2013/06/09 22:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2011/12/17 17:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/04/10 23:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/12/23 11:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/17 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/12/26 04:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2012/06/09 22:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2011/12/09 01:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/06/14 00:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/10 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/13 01:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/16 13:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\Amazon
[2011/12/17 14:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\Ask.com
[2011/02/08 18:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\AskToolbar
[2011/12/07 03:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\CallingID
[2011/12/06 20:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\comcasttb
[2011/02/14 23:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\ElevatedDiagnostics
[2011/12/17 14:51:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\Free PDF Tablet
[2013/04/22 20:38:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\GARMIN
[2013/06/07 23:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\iPumper
[2011/12/17 14:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\searchresultstb
[2012/08/25 16:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\Sony Online Entertainment
[2010/02/28 18:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\Tific
[2011/08/15 17:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\Unity
[2011/12/03 14:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jed\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jed\Desktop\SysRestorePoint.exe:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by msujedi, 14 June 2013 - 10:07 AM.

  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I will post some instructions as soon as I have had time to examine your log. Have you used any tools yet in an effort to fix this?
  • 0

#3
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Prior to coming here, I scanned (Quick & Full) my PC using Norton as well as SUPERAntispyware. A few adware/tracking cookies were detected and removed, but the same problems persisted. Upon visiting Geekstogo, I used the self-help section and did the following ...

1. Ran ERUNT

2. Downloaded OTM, pasted the specified script, then clicked "Move it!"

3. After reboot, I downloaded and ran GooredFix.

4. I then tried to run TDSSKiller. However, it caused a BSOD whenever I tried to open it. I tried several times...with Norton et al turned off...renaming TDSSKiller something different before running it...and trying to run it through Malwarebytes' chameleon folder. BSOD at 80% opened each time.

Edited by msujedi, 19 June 2013 - 10:09 PM.

  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi msujedi,

Let's get started.

Step 1: Uninstall programs. Please uninstall the following programs, if present, from the Add/Remove Programs menu in the Control Panel.
  • Games_Bar_A
  • Fast Free Converter
  • DownloadTerms

Step 2: Run OTL fix.
Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    MOD - [2013/03/20 06:13:18 | 000,830,312 | ---- | M] () -- C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms\temp.dat
    MOD - [2012/11/26 09:30:00 | 000,687,104 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
    
    SRV - [2012/11/26 09:30:00 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\rqovvls.sys -- (icpewgy)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\22383090.sys -- (97483336)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\62981139.sys -- (81281435)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\59955306.sys -- (73930823)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\28866472.sys -- (71044900)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\42027524.sys -- (69414001)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\09056217.sys -- (57106531)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\61220993.sys -- (39780917)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\53035207.sys -- (30676609)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\27221207.sys -- (25389074)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\40526349.sys -- (19561505)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\50627547.sys -- (15130377)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\91350917.sys -- (13774688)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\58086342.sys -- (13259072)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\61117109.sys -- (11579134)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\56387748.sys -- (05876603)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\22430066.sys -- (01252258)
    DRV - [2012/11/19 19:57:46 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\33338982.sys -- (79694497)
    DRV - [2012/11/19 19:49:16 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\27966473.sys -- (40273033)
    DRV - [2012/11/19 19:39:30 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\97114780.sys -- (91902631)
    DRV - [2012/11/18 20:33:37 | 000,177,496 | ---- | M] (Kaspersky Lab, GERT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\43464843.sys -- (21133191)
    
    IE - HKCU\..\URLSearchHook: {a55bb532-2438-4ece-820e-3e2c86861893} - No CLSID value found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Jed\Application Data\iPumper\extension_firefox.xpi
    
    O2 - BHO: (DownloadTerms) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms\temp.dat ()
    O2 - BHO: (no name) - {a55bb532-2438-4ece-820e-3e2c86861893} - No CLSID value found.
    O2 - BHO: (Fast Free Converter 4.1) - {B422F1BC-9ADB-48A7-8B13-00C176039DC5} - C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
    
    O3 - HKLM\..\Toolbar: (no name) - {a55bb532-2438-4ece-820e-3e2c86861893} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    
    [2013/06/07 23:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Free Converter
    [2013/06/07 23:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms
    [2013/06/07 23:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\Games_Bar_A
    [2013/06/07 23:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Games_Bar_A
    [2013/06/07 23:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Local Settings\Application Data\Conduit
    [2013/06/07 23:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jed\Application Data\iPumper
    
    @Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 3: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • aswMBR log
  • How is your computer running now?

  • 0

#5
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I uninstalled "Downloadterms" and "Fastfreeconverter". But, "Games_Bar_A" was somehow protecting itself. When I select it, then click on 'change/remove', the outline of a window flashes for a split second, then vanishes. I was not able to remove it.

Giving IE a brief test-run, it appears clear of adware and pages seem to be functioning normally.

Below are the requested logs.

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named FastFreeConverterUpdt was found to stop!
Service\Driver key FastFreeConverterUpdt not found.
File C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe not found.
Service icpewgy stopped successfully!
Service icpewgy deleted successfully!
File System32\drivers\rqovvls.sys not found.
Service 97483336 stopped successfully!
Service 97483336 deleted successfully!
File system32\drivers\22383090.sys not found.
Service 81281435 stopped successfully!
Service 81281435 deleted successfully!
File system32\drivers\62981139.sys not found.
Service 73930823 stopped successfully!
Service 73930823 deleted successfully!
File system32\drivers\59955306.sys not found.
Service 71044900 stopped successfully!
Service 71044900 deleted successfully!
File system32\drivers\28866472.sys not found.
Service 69414001 stopped successfully!
Service 69414001 deleted successfully!
File system32\drivers\42027524.sys not found.
Service 57106531 stopped successfully!
Service 57106531 deleted successfully!
File system32\drivers\09056217.sys not found.
Service 39780917 stopped successfully!
Service 39780917 deleted successfully!
File system32\drivers\61220993.sys not found.
Service 30676609 stopped successfully!
Service 30676609 deleted successfully!
File system32\drivers\53035207.sys not found.
Service 25389074 stopped successfully!
Service 25389074 deleted successfully!
File system32\drivers\27221207.sys not found.
Service 19561505 stopped successfully!
Service 19561505 deleted successfully!
File system32\drivers\40526349.sys not found.
Service 15130377 stopped successfully!
Service 15130377 deleted successfully!
File system32\drivers\50627547.sys not found.
Service 13774688 stopped successfully!
Service 13774688 deleted successfully!
File system32\drivers\91350917.sys not found.
Service 13259072 stopped successfully!
Service 13259072 deleted successfully!
File system32\drivers\58086342.sys not found.
Service 11579134 stopped successfully!
Service 11579134 deleted successfully!
File system32\drivers\61117109.sys not found.
Service 05876603 stopped successfully!
Service 05876603 deleted successfully!
File system32\drivers\56387748.sys not found.
Service 01252258 stopped successfully!
Service 01252258 deleted successfully!
File system32\drivers\22430066.sys not found.
Service 79694497 stopped successfully!
Service 79694497 deleted successfully!
C:\WINDOWS\system32\drivers\33338982.sys moved successfully.
Service 40273033 stopped successfully!
Service 40273033 deleted successfully!
C:\WINDOWS\system32\drivers\27966473.sys moved successfully.
Service 91902631 stopped successfully!
Service 91902631 deleted successfully!
C:\WINDOWS\system32\drivers\97114780.sys moved successfully.
Service 21133191 stopped successfully!
Service 21133191 deleted successfully!
C:\WINDOWS\system32\drivers\43464843.sys moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a55bb532-2438-4ece-820e-3e2c86861893} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55bb532-2438-4ece-820e-3e2c86861893}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Documents and Settings\Jed\Application Data\iPumper\extension_firefox.xpi not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
File C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms\temp.dat not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55bb532-2438-4ece-820e-3e2c86861893}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55bb532-2438-4ece-820e-3e2c86861893}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B422F1BC-9ADB-48A7-8B13-00C176039DC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B422F1BC-9ADB-48A7-8B13-00C176039DC5}\ not found.
File C:\Program Files\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a55bb532-2438-4ece-820e-3e2c86861893} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55bb532-2438-4ece-820e-3e2c86861893}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Folder C:\Program Files\Fast Free Converter\ not found.
C:\Documents and Settings\Jed\Local Settings\Application Data\DownloadTerms folder moved successfully.
C:\Documents and Settings\Jed\Local Settings\Application Data\Games_Bar_A\Logs folder moved successfully.
C:\Documents and Settings\Jed\Local Settings\Application Data\Games_Bar_A folder moved successfully.
C:\Program Files\Games_Bar_A folder moved successfully.
C:\Documents and Settings\Jed\Local Settings\Application Data\Conduit\CT3275393 folder moved successfully.
C:\Documents and Settings\Jed\Local Settings\Application Data\Conduit folder moved successfully.
Folder C:\Documents and Settings\Jed\Application Data\iPumper\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FBBD09 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 06202013_112231



# AdwCleaner v2.303 - Logfile created 06/20/2013 at 11:27:51
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jed - HOME-STUDY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jed\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Documents and Settings\Jed\Application Data\Ask.com
Folder Deleted : C:\Documents and Settings\Jed\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Jed\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\Jed\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Wendy.HOME-STUDY\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Wendy\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Games_Bar_A
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B59BE4AB-56D5-4A60-9FDA-9D02FA4A459B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D922B81-34C7-4AAB-9C5D-433E79FC9445}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A55BB532-2438-4ECE-820E-3E2C86861893}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B59BE4AB-56D5-4A60-9FDA-9D02FA4A459B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\TrustLoke
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Games_Bar_A
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{638F9FD5-397F-4D76-B61B-B25C028D0864}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E617D289-E077-45A7-9FF2-7823EAEAB85A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B59BE4AB-56D5-4A60-9FDA-9D02FA4A459B}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Games_Bar_A Toolbar
Key Deleted : HKLM\Software\TrustLoke
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Jed\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8797 octets] - [20/06/2013 11:27:13]
AdwCleaner[S1].txt - [331 octets] - [20/06/2013 11:26:54]
AdwCleaner[S2].txt - [8444 octets] - [20/06/2013 11:27:51]

########## EOF - C:\AdwCleaner[S2].txt - [8504 octets] ##########



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-20 11:37:34
-----------------------------
11:37:34.968 OS Version: Windows 5.1.2600 Service Pack 3
11:37:34.968 Number of processors: 4 586 0x502
11:37:34.968 ComputerName: HOME-STUDY UserName: Jed
11:37:38.078 Initialize success
11:39:26.671 AVAST engine defs: 13062001
11:39:30.140 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:39:30.140 Disk 0 Vendor: Size: 0MB BusType: 0
11:39:30.140 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
11:39:30.140 Disk 1 Vendor: Size: 0MB BusType: 0
11:39:30.140 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-19
11:39:30.156 Disk 2 Vendor: Size: 0MB BusType: 0
11:39:30.156 Disk 3 \Device\Harddisk3\DR14 -> \Device\000000a4
11:39:30.156 Disk 3 Vendor: Size: 0MB BusType: 0
11:39:30.156 Disk 4 \Device\Harddisk4\DR15 -> \Device\000000a5
11:39:30.156 Disk 4 Vendor: Size: 0MB BusType: 0
11:39:30.156 Disk 5 \Device\Harddisk5\DR16 -> \Device\000000a6
11:39:30.156 Disk 5 Vendor: Size: 0MB BusType: 0
11:39:30.171 Disk 6 \Device\Harddisk6\DR17 -> \Device\000000a7
11:39:30.671 Disk 6 Vendor: Size: 0MB BusType: 0
11:39:30.812 Disk 0 MBR read successfully
11:39:30.812 Disk 0 MBR scan
11:39:30.828 Disk 0 Windows XP default MBR code
11:39:30.828 Disk 0 MBR hidden
11:39:30.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 190771 MB offset 63
11:39:30.875 Disk 0 scanning C:\WINDOWS\system32\drivers
11:39:43.140 Service scanning
11:40:07.062 Modules scanning
11:40:18.781 Disk 0 trace - called modules:
11:40:18.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:40:18.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b0a6ab8]
11:40:18.796 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8b15d168]
11:40:18.796 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8b10cd98]
11:40:19.546 AVAST engine scan C:\WINDOWS
11:40:37.203 AVAST engine scan C:\WINDOWS\system32
11:43:57.578 AVAST engine scan C:\WINDOWS\system32\drivers
11:44:19.406 AVAST engine scan C:\Documents and Settings\Jed
11:46:15.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jed\Desktop\MBR.dat"
11:46:15.921 The log file has been saved successfully to "C:\Documents and Settings\Jed\Desktop\aswMBR.txt"
11:53:13.921 AVAST engine scan C:\Documents and Settings\All Users
11:56:04.812 Scan finished successfully
11:56:12.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jed\Desktop\MBR.dat"
11:56:12.484 The log file has been saved successfully to "C:\Documents and Settings\Jed\Desktop\aswMBR.txt"
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

When I select it, then click on 'change/remove', the outline of a window flashes for a split second, then vanishes. I was not able to remove it.




I think we got it. If it is still listed, see if you can remove it now.


You're logs are looking clean. Let's sweep for remnants.

Step 1:
Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

  • Open MBAM and make sure the definitions are updated.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#7
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
"Games_Bar_A" did not show up in Add/Remove programs list, so we must've gotten rid of it. There seem to be no outstanding problems. Email, checking weather forecast, etc ... running smoothly.

I disabled Norton, but was not able to run ESET. After accepting terms of use, a warning message appeared (not the 'active x' one) saying that a problem with the web page caused it to close & reopen. I tried a few more times with the same result. I had computer issues about a year ago & came here (GTG) for help. I think I ran ESET online scanner then. And, Eset's website indicates the tool can be used once.

Other requested logs:

Results of screen317's Security Check version 0.99.67
Windows XP Service Pack 3 x86
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Internet Security
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 30
Java 7 Update 25
Java SE Development Kit 7 Update 9
Adobe Reader 10.1.7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````




Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.20.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jed :: HOME-STUDY [limited]

6/20/2013 1:20:39 PM
mbam-log-2013-06-20 (13-20-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297031
Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's try a different scan.

Please run a free on line scan with BitDefender Online Scanner

  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

  • 0

#9
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Hmmm. I'm getting the same error message as when I tried ESET. Is there a setting within IE that I need to switch to allow these scans to run?
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let' try a reset of IE and see if that helps. Please run the Microsoft fixit here. Then try ESET again and see if it works. If not, we'll try something else.
  • 0

Advertisements


#11
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I reset IE, disabled Norton, then tried running both ESET and BitDefender. Each produced the same problem of an error causing the page to close and reopen.
  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's run some repairs and see if that helps.


Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#13
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
After running the Windows Repair as you indicated, ESET and BitDefender still didn't run ... error message 'problem with page caused it to close and reopen'.

IE is working great ... no problems.

However, after running Windows Repair my slave HDD (J:drive) disappeared from My Computer. This actually happened a couple of times while cleaning the system using the diy guides on GTG. Previously, running OTM followed by GooredFix brought it back. I ran them in sequence again, but no J:drive.

I created a system restore point within Windows Repair. Should I go back to that restore point?

Edited by msujedi, 21 June 2013 - 02:50 PM.

  • 0

#14
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Let's try a couple things before using the restore point. Have you rebooted the computer? Can you go to Disk Management, as described here, and see if your drive shows up. If it does, is there a letter assigned to it? (Make sure you don't make any changes or format disks using Disk Management.)

For the ESET scan, if you used it before, it may be installed here:

C:\ >> Program Files >> ESET >> ESET Online Scanner >> double-click on OnlineScannerApp


If so, try to run it from there.
  • 0

#15
msujedi

msujedi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
After a reboot, J:drive is back. All good there.

No ESET folder on C:drive though.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP