Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

many virus issues


  • Please log in to reply

#1
stammberger73

stammberger73

    New Member

  • Member
  • Pip
  • 2 posts
I had a couple of FBI Moneypak viruses which I removed always with malwarebytes, trojan killer, super anti spyware but this time everything appears to be different first I had the moneypak virus which I couldn't even remove in SAFE MODE and now the aftermath is immense, windows wants me to provide the product key ID which I did but it comes up with a error message, the background is not visible anymore, the firewall is not on anymore and if I try to turn it on I get a error message that due to an unidentified problem windows firewall is not accessible anymore...here are two logs one from ADW cleaner
# AdwCleaner v2.306 - Logfile created 08/08/2013 at 20:02:24
# Updated 19/07/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Administrator - STAMMBERGER-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGH6P0MQ\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\ADMINI~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\stammberger\Desktop\HDVidCodec.lnk
Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\Program Files (x86)\comcasttb
Folder Found : C:\Program Files (x86)\Common Files\Wondershare
Folder Found : C:\Program Files (x86)\DefaultTab
Folder Found : C:\Program Files (x86)\Gophoto.it
Folder Found : C:\Program Files (x86)\HDvidCodec.com
Folder Found : C:\Program Files (x86)\Movie2KDownloader.com
Folder Found : C:\Program Files (x86)\SavingsApp
Folder Found : C:\Program Files (x86)\SearchCore for Browsers
Folder Found : C:\Program Files (x86)\vShare
Folder Found : C:\Program Files (x86)\Wondershare
Folder Found : C:\ProgramData\adawaretb
Folder Found : C:\ProgramData\APN
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\search protection
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Administrator\AppData\Local\getsav-in
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim
Folder Found : C:\Users\Administrator\AppData\Local\PackageAware
Folder Found : C:\Users\Administrator\AppData\LocalLow\adawaretb
Folder Found : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Found : C:\Users\Administrator\AppData\LocalLow\InternetHelper3.1
Folder Found : C:\Users\Administrator\AppData\LocalLow\internethelper3.1
Folder Found : C:\Users\Administrator\AppData\LocalLow\mapsgalaxy_39
Folder Found : C:\Users\Administrator\AppData\LocalLow\searchquband
Folder Found : C:\Users\Administrator\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\Administrator\AppData\Roaming\DefaultTab
Folder Found : C:\Users\Administrator\AppData\Roaming\DSite
Folder Found : C:\Users\Administrator\AppData\Roaming\OpenCandy
Folder Found : C:\Users\stammberger\AppData\Local\Ilivid Player
Folder Found : C:\Users\stammberger\AppData\Local\TempDir
Folder Found : C:\Users\stammberger\AppData\Local\Wondershare
Folder Found : C:\Users\stammberger\AppData\LocalLow\adawaretb
Folder Found : C:\Users\stammberger\AppData\LocalLow\Conduit
Folder Found : C:\Users\stammberger\AppData\LocalLow\PriceGong
Folder Found : C:\Users\stammberger\AppData\LocalLow\searchquband
Folder Found : C:\Users\stammberger\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\stammberger\AppData\LocalLow\vShare
Folder Found : C:\Users\stammberger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.com
Folder Found : C:\Users\stammberger\AppData\Roaming\Wondershare

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\CompeteInc
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\InternetHelper3.1
Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Key Found : HKCU\Software\AppDataLow\Software\SavingsApp
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKCU\Software\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\adawaretb
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\StartNow Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKCU\Software\pc optimizer pro
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\vShare
Key Found : HKCU\Software\Wajam
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\Software\Delta
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\InternetHelper3.1
Key Found : HKLM\Software\MapsGalaxy_39
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6CE83F03-4DFD-4070-A0A7-C46C82E20971}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\systweak
Key Found : HKLM\SOFTWARE\Wow6432Node\5f4d9d1e039ef42
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nemfjadlboooiffmcelkafilagddogim
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADBE63DF-891E-4085-8C32-4F58360CEE7F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C920D1CD-098E-44B1-ABFE-37580DFE9267}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{07CBF788-1359-421B-A4E3-5A8D041B90A3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\stammberger\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [22812 octets] - [08/08/2013 20:02:24]

########## EOF - C:\AdwCleaner[R1].txt - [22873 octets] ##########



and the other one from trojan killer (I cannot remove the threats since I had the FREE TRIAL version which expired 2months ago)

Trojan Killer (64-bit) v.2.1.7.8
Report file date: 8/8/2013 7:38:02 PM

Scanning for 881636 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows Vista ™ Home Premium (version 6.0)
Username: Administrator
Computer name: STAMMBERGER-PC

Starting the file scan:

Quick Scan started
Startup objects checked
BHO plugins checked
Services checked
Files checked
Scanning process...
----- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com ---- Registry
Adware.Win32.Mirar.pl.ss


----- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com ---- Registry
Adware.Win32.Mirar.pl.ss


----- HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} ---- Registry
Adware.Win32.pl.rc


----- HKCR\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} ---- Registry
Adware.Win32.pl.rc


----- HKLM\Software\conduit ---- Registry
Adware.Win32.pl.rc


----- HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} ---- Registry
Adware.Win32.pl.rc


----- HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} ---- Registry
Adware.Win32.pl.rc


----- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ---- Registry
Adware.Win32.pl.rc


----- HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} ---- Registry
Adware.Win32.WebCake.sm


----- HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} ---- Registry
Adware.Win32.WebCake.sm


Terminated by user

Scan result: 10 detected items
Scan completed in: Scan completed in 3 minute(s) 12 sec.
Files were scanned: 893

I'd appreciate any help!!

p.s. attached the OTL files
OTL.txt
OTL logfile created on: 8/8/2013 8:50:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 54.46% Memory free
7.73 Gb Paging File | 5.94 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.79 Gb Total Space | 33.32 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 139.80 Gb Total Space | 115.74 Gb Free Space | 82.79% Space Free | Partition Type: NTFS

Computer Name: STAMMBERGER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/08 20:50:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2013/07/15 15:30:44 | 005,582,776 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\Webcake Deals Removal Tool\WebcakeDealsRemovalTool.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/23 13:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/12/15 11:44:39 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2008/05/07 16:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (Crypkey License)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/10 20:11:00 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2013/08/08 09:19:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/15 11:44:32 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/04/13 14:47:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/08 19:13:03 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/08 19:13:03 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/08 19:13:03 | 000,189,936 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/08 17:12:09 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/07/16 09:25:25 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/18 15:09:52 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/05/09 01:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 01:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 01:59:07 | 000,059,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2013/05/09 01:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 01:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/24 17:43:56 | 000,457,304 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1404000.028\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 18:21:36 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2012/07/27 20:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/12/14 21:40:05 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/13 14:48:20 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\psdvdisk.sys -- (psdvdisk)
DRV:64bit: - [2009/04/13 14:48:18 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:64bit: - [2009/04/13 14:48:18 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ)
DRV:64bit: - [2008/04/21 17:49:00 | 000,054,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2008/03/17 10:12:26 | 000,028,664 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\ckldrv.sys -- (NetworkX)
DRV:64bit: - [2008/03/04 23:22:00 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/30 17:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2008/01/30 17:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/01/17 14:32:00 | 000,015,360 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Spyder2.sys -- (Spyder2)
DRV:64bit: - [2006/11/16 17:26:44 | 000,019,248 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\PdiPorts.sys -- (PdiPorts)
DRV - [2013/07/17 11:04:05 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130806.002\ex64.sys -- (NAVEX15)
DRV - [2013/07/17 11:04:05 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130806.002\eng64.sys -- (NAVENG)
DRV - [2013/06/19 14:46:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130804.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/06/19 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/05/31 17:15:28 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/12/14 21:40:04 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2008/04/25 13:23:40 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=114689588
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {D63A9A91-44CE-4024-8A7F-111238335EF2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{194de045-cc5e-4840-b031-1ca9db98919d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 1F E9 75 9A 94 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {D63A9A91-44CE-4024-8A7F-111238335EF2}
IE - HKCU\..\SearchScopes\{0B4AE8B4-96CC-4336-AFC9-C75AE3A35029}: "URL" = http://search.yahoo....}&fr=chr-ydwnld
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...13_wc1&tsp=4968
IE - HKCU\..\SearchScopes\{17C2D7C9-C6C4-41A0-A9CF-0EF8C7F22FA9}: "URL" = http://search.genieo...q={searchTerms}
IE - HKCU\..\SearchScopes\{37F0AA36-E203-47DA-9E2A-1FE0CB9DA9C7}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-18 15:10:02&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A53A4FB8-1B2F-48F9-820C-242628027F97}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\945CC1A2492B4948BEB61874D42B7BD2: "URL" = http://search.condui...8071948059&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/01 23:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/06/19 17:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/08/07 20:23:52 | 000,000,000 | ---D | M]

[2013/08/08 16:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.23_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2504_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.9.9_0\

O1 HOSTS File: ([2013/08/06 19:21:38 | 000,000,054 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim File not found
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Trojan Killer] C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe (GridinSoft LLC.)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [Del397412] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B4B5822-864C-449B-8364-535D89ED51C4}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/08 19:48:46 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/08/08 19:48:46 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/08/08 19:48:46 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/08/08 19:48:46 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/08/08 19:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcake Deals Removal Tool
[2013/08/08 19:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webcake Deals Removal Tool
[2013/08/08 19:13:00 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/08 19:13:00 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/08/08 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/08/08 19:12:59 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/08 19:12:59 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/08/08 19:12:59 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/08/08 19:12:59 | 000,059,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/08/08 19:12:35 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/08/08 17:55:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2013/08/08 17:55:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PackageAware
[2013/08/08 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\SpySweeper-Download
[2013/08/08 17:13:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\adawarebp
[2013/08/08 17:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2013/08/08 17:12:10 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/08/08 17:12:10 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/08/08 16:44:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\OpenCandy
[2013/08/08 16:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magical Jelly Bean
[2013/08/08 16:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
[2013/08/08 16:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/08 16:39:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DSite
[2013/08/08 16:39:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AbiWord
[2013/08/08 16:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/08/08 16:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/08/08 14:31:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/08 14:29:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/08 14:29:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/08 14:29:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/08 14:29:37 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/08 13:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2013/08/08 13:40:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/08 10:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/08/08 10:34:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Anti-Malware
[2013/08/08 09:14:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/08 09:14:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/08 09:14:15 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/08/08 09:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
[2013/08/08 01:40:15 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/08/07 21:07:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/08/07 20:56:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\LavasoftStatistics
[2013/08/07 20:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2013/08/07 20:19:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2013/08/07 18:57:17 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/08/07 17:06:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Geckofx
[2013/08/07 17:06:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2013/08/06 19:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2013/08/06 15:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/08/06 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DefaultTab
[2013/08/06 15:57:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CRE
[2013/08/06 14:29:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\01cZ4ngy9WV
[2013/07/31 22:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/06/18 17:12:34 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Administrator\AppData\Local\log4cxx.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/08 20:01:49 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2013/08/08 19:48:46 | 000,001,201 | ---- | M] () -- C:\Users\Administrator\Desktop\Webcake Deals Removal Tool.lnk
[2013/08/08 19:34:25 | 005,160,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/08 19:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\BootStat.dat
[2013/08/08 19:32:13 | 000,002,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 19:32:13 | 000,002,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 19:13:03 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/08/08 19:13:03 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/08/08 19:13:03 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/08 19:13:03 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/08 19:13:03 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/08 19:13:03 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/08 19:13:00 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/08 19:12:59 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/08/08 19:12:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/08/08 19:06:58 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2013/08/08 17:12:09 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/08/08 17:12:09 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/08/08 16:44:17 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2013/08/08 16:06:33 | 000,000,002 | ---- | M] () -- C:\END
[2013/08/08 16:03:50 | 000,000,228 | ---- | M] () -- C:\Windows\tasks\0.job
[2013/08/08 10:26:45 | 000,002,703 | ---- | M] () -- C:\Users\Public\Desktop\Comcast Desktop Doctor.lnk
[2013/08/08 09:10:51 | 000,000,896 | ---- | M] () -- C:\Users\Public\Desktop\tro.lnk
[2013/08/08 08:51:36 | 002,915,109 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013/08/08 01:32:07 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/06 19:21:38 | 000,343,440 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2013/08/06 19:21:38 | 000,000,054 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/06 18:15:28 | 000,000,258 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
[2013/08/06 16:12:35 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/06 15:29:28 | 000,267,776 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\C6QSmxe4HM
[2013/08/06 15:29:28 | 000,267,776 | ---- | M] () -- C:\Users\Administrator\AppData\Local\BsEs683C
[2013/08/06 14:29:26 | 000,267,776 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\ZY2X5hC7
[2013/08/06 14:29:26 | 000,267,776 | ---- | M] () -- C:\Users\Administrator\AppData\Local\r1Neo9PKq
[2013/08/01 08:23:58 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/07/31 22:26:49 | 000,002,119 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/31 09:41:22 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20130115.021
[2013/07/16 09:25:25 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/07/16 09:25:25 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/07/16 09:25:25 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/08 19:48:46 | 000,001,201 | ---- | C] () -- C:\Users\Administrator\Desktop\Webcake Deals Removal Tool.lnk
[2013/08/08 19:13:03 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/08/08 19:13:03 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/08/08 19:13:03 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/08 19:13:00 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/08/08 19:12:59 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/08/08 19:12:59 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/08/08 19:12:59 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/08/08 19:06:58 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2013/08/08 16:44:17 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2013/08/08 16:03:50 | 000,000,228 | ---- | C] () -- C:\Windows\tasks\0.job
[2013/08/08 16:01:12 | 000,000,002 | ---- | C] () -- C:\END
[2013/08/08 14:51:20 | 000,067,584 | --S- | C] () -- C:\Windows\BootStat.dat
[2013/08/08 14:29:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/08 14:29:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/08 14:29:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/08 14:29:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/08 14:29:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/08 13:40:14 | 000,002,032 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 13:40:14 | 000,002,032 | -H-- | C] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/08 13:40:01 | 005,160,200 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/08 09:10:51 | 000,000,896 | ---- | C] () -- C:\Users\Public\Desktop\tro.lnk
[2013/08/07 22:53:12 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2013/08/06 15:47:34 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/06 15:29:38 | 000,267,776 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\C6QSmxe4HM
[2013/08/06 15:29:38 | 000,267,776 | ---- | C] () -- C:\Users\Administrator\AppData\Local\BsEs683C
[2013/08/06 14:29:36 | 000,267,776 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\ZY2X5hC7
[2013/08/06 14:29:36 | 000,267,776 | ---- | C] () -- C:\Users\Administrator\AppData\Local\r1Neo9PKq
[2013/07/31 22:26:49 | 000,002,119 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/06/18 17:12:34 | 000,196,608 | ---- | C] () -- C:\Users\Administrator\AppData\Local\common_functions.dll
[2013/05/31 18:18:04 | 000,000,258 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2013/04/15 18:00:13 | 000,000,151 | ---- | C] () -- C:\ProgramData\fina1.reg
[2013/04/15 18:00:13 | 000,000,055 | ---- | C] () -- C:\ProgramData\fina1.bat
[2013/04/15 18:00:11 | 095,023,320 | ---- | C] () -- C:\ProgramData\fina1.pad
[2013/03/16 12:25:49 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/01 16:50:23 | 000,000,153 | ---- | C] () -- C:\ProgramData\6729316.reg
[2013/03/01 16:50:23 | 000,000,063 | ---- | C] () -- C:\ProgramData\6729316.bat
[2013/03/01 16:50:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\6729316.pad
[2013/02/25 12:58:39 | 000,000,153 | ---- | C] () -- C:\ProgramData\1365085.reg
[2013/02/25 12:58:39 | 000,000,063 | ---- | C] () -- C:\ProgramData\1365085.bat
[2013/02/25 12:58:36 | 095,023,320 | ---- | C] () -- C:\ProgramData\1365085.pad
[2013/02/07 14:18:59 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/02/07 14:18:31 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2012/11/23 05:54:40 | 000,114,688 | ---- | C] () -- C:\Users\Administrator\AppData\Local\ie_runner_app.exe
[2012/11/08 16:55:35 | 000,000,049 | ---- | C] () -- C:\Windows\restore.INI
[2012/11/07 19:50:16 | 000,000,068 | ---- | C] () -- C:\Windows\spn.INI
[2012/11/07 19:50:01 | 000,000,074 | ---- | C] () -- C:\Windows\Crypkey.ini
[2012/11/07 19:49:58 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2012/11/07 19:49:58 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/09/20 15:28:57 | 000,721,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/01 23:04:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2010/12/13 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer
[2013/03/16 13:20:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2013/08/06 15:58:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DefaultTab
[2013/08/08 16:39:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DSite
[2013/08/08 17:55:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010/12/13 20:00:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2013/08/08 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenCandy
[2013/08/08 19:23:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Systweak

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:E73B14E2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:9E00596C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:020106A2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:06178D1C
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DA9A88B3

< End of report >

Extras.Txt
OTL Extras logfile created on: 8/8/2013 8:50:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 54.46% Memory free
7.73 Gb Paging File | 5.94 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.79 Gb Total Space | 33.32 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 139.80 Gb Total Space | 115.74 Gb Free Space | 82.79% Space Free | Partition Type: NTFS

Computer Name: STAMMBERGER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = BA A4 73 89 A4 BE CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"GridinSoft Trojan Killer" = Trojan Killer
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Webcake Deals Removal Tool_is1" = Webcake Deals Removal Tool

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2012 2:39:35 PM | Computer Name = stammberger-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module MSHTML.dll, version 9.0.8112.16441, time stamp 0x4ee81830,
exception code 0xc00000fd, fault offset 0x0032facd, process id 0x14d8, application
start time 0x01ccfc2f62d00460.

Error - 3/9/2012 3:45:40 PM | Computer Name = stammberger-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module Flash11e.ocx, version 11.1.102.55, time stamp 0x4eaf89fc,
exception code 0xc0000005, fault offset 0x00117408, process id 0x147c, application
start time 0x01ccfe17e8786140.

Error - 3/14/2012 6:24:54 AM | Computer Name = stammberger-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/14/2012 2:16:36 PM | Computer Name = stammberger-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0a120f41, process id 0x130c, application start time
0x01cd01f9f105fb70.

Error - 3/15/2012 10:33:33 AM | Computer Name = stammberger-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/16/2012 8:27:26 PM | Computer Name = stammberger-PC | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 11.0.2.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 11b0 Start Time: 01cd03c927dca998 Termination Time: 1586

Error - 3/16/2012 11:38:08 PM | Computer Name = stammberger-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16c4 Start Time: 01cd030a3463dac0 Termination Time: 781

Error - 3/17/2012 2:06:11 AM | Computer Name = stammberger-PC | Source = Application Hang | ID = 1002
Description = The program Photoshop.exe version 11.0.2.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1870 Start Time: 01cd03f5fdbbe9d0 Termination Time: 1411

Error - 3/18/2012 3:07:00 AM | Computer Name = stammberger-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 16e8 Start Time: 01cd03ef38ef1c90 Termination Time: 184

Error - 3/18/2012 3:07:00 AM | Computer Name = stammberger-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1650 Start Time: 01cd03ef5eb25140 Termination Time: 310

[ System Events ]
Error - 8/8/2013 10:32:32 PM | Computer Name = stammberger-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 8/8/2013 10:32:34 PM | Computer Name = stammberger-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 8/8/2013 10:35:45 PM | Computer Name = stammberger-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/8/2013 10:35:57 PM | Computer Name = stammberger-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 8/8/2013 10:35:57 PM | Computer Name = stammberger-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/8/2013 10:36:04 PM | Computer Name = stammberger-PC | Source = DCOM | ID = 10005
Description =

Error - 8/8/2013 10:36:10 PM | Computer Name = stammberger-PC | Source = DCOM | ID = 10005
Description =

Error - 8/8/2013 10:36:11 PM | Computer Name = stammberger-PC | Source = DCOM | ID = 10005
Description =

Error - 8/8/2013 10:36:15 PM | Computer Name = stammberger-PC | Source = DCOM | ID = 10005
Description =

Error - 8/8/2013 10:36:15 PM | Computer Name = stammberger-PC | Source = DCOM | ID = 10005
Description =


< End of report >

Edited by stammberger73, 08 August 2013 - 11:12 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...yE&cr=114689588
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {D63A9A91-44CE-4024-8A7F-111238335EF2}
IE - HKLM\..\SearchScopes\{194de045-cc5e-4840-b031-1ca9db98919d}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminen...q={searchTerms}
IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {D63A9A91-44CE-4024-8A7F-111238335EF2}
IE - HKCU\..\SearchScopes\{0B4AE8B4-96CC-4336-AFC9-C75AE3A35029}: "URL" = http://search.yahoo....}&fr=chr-ydwnld
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...13_wc1&tsp=4968
IE - HKCU\..\SearchScopes\{17C2D7C9-C6C4-41A0-A9CF-0EF8C7F22FA9}: "URL" = http://search.genieo...q={searchTerms}
IE - HKCU\..\SearchScopes\{37F0AA36-E203-47DA-9E2A-1FE0CB9DA9C7}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-18 15:10:02&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\945CC1A2492B4948BEB61874D42B7BD2: "URL" = http://search.condui...8071948059&UM=2
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7000b6ca-4388-4d95-893d-6659c2d4d1ce} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{5911488E-9D1E-40ec-8CBB-06B231CC153F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3289663\plugins\TBVerifier.dll",RunConduitFloatingPlugin nemfjadlboooiffmcelkafilagddogim File not found
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f File not found
O4 - HKCU..\RunOnce: [Del397412] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

:files
C:\Windows\tasks\0.job
type C:\ProgramData\fina1.reg /c
type C:\ProgramData\fina1.bat /c
type C:\ProgramData\6729316.reg /c
type C:\ProgramData\6729316.bat /c
type C:\ProgramData\1365085.reg /c
type C:\ProgramData\1365085.bat /c
C:\Users\Administrator\AppData\Roaming\C6QSmxe4HM
C:\Users\Administrator\AppData\Local\BsEs683C
C:\Users\Administrator\AppData\Roaming\ZY2X5hC7
C:\Users\Administrator\AppData\Local\r1Neo9PKq
C:\ProgramData\fina1.reg
C:\ProgramData\fina1.bat
C:\ProgramData\fina1.pad
C:\ProgramData\6729316.reg
C:\ProgramData\6729316.bat
C:\ProgramData\6729316.pad
C:\ProgramData\1365085.reg
C:\ProgramData\1365085.bat
C:\ProgramData\1365085.pad


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\08082013-some number.log so look there if you don't see it.


Uninstall
Webcake Deals Removal Tool
Trojan Killer
SUPERAntiSpyware

Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool by right clicking and Run As Admin.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Run the Avg Remover by right clicking and Run As Admin.

Reboot.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


  • Run adwCleaner Pause your anti-virus and close all browsers
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
    Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(Does this complain that it could not fix all of your files?)

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
stammberger73

stammberger73

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
copy which text in which code box? I am totally new with this kind of computer stuff, sorry for the question.

ok, problem is solved...I keep working on it, thanks so far!:)


AFTER THE COMBO FIX STEP and the restart my computer became extremely slow, the desktop file folders dissappeared and I have no taskbar anymore, when I click on internet explorer it freezes-please help

here the 2 logs I was able to finish, further actions are not possible at this point since my internet explorer/browser freezes all the time.
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-08 23:22:15
-----------------------------
23:22:15.703 OS Version: Windows x64 6.0.6002 Service Pack 2
23:22:15.703 Number of processors: 2 586 0x6B02
23:22:15.703 ComputerName: STAMMBERGER-PC UserName: Administrator
23:22:16.624 Initialize success
23:22:18.293 AVAST engine defs: 13050900
23:22:47.278 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
23:22:47.293 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 6
23:22:47.387 Disk 0 MBR read successfully
23:22:47.403 Disk 0 MBR scan
23:22:47.808 Disk 0 unknown MBR code
23:22:47.839 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 18944 MB offset 2048
23:22:48.292 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143143 MB offset 38799360
23:22:48.354 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143156 MB offset 331956224
23:22:48.838 Disk 0 scanning C:\Windows\system32\drivers
23:23:03.003 Service scanning
23:23:17.043 Modules scanning
23:23:17.573 AVAST engine scan C:\Windows
23:23:21.754 AVAST engine scan C:\Windows\system32
23:25:36.538 AVAST engine scan C:\Windows\system32\drivers
23:25:44.977 AVAST engine scan C:\Users\Administrator
23:27:42.102 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
23:27:42.118 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


ComboFix 13-08-07.01 - Administrator 08/08/2013 23:45:42.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.3211 [GMT -7:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\@
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\GoogleUpdate.exe
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\L\6715e287
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\L\76603ac3
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\U\[email protected]
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\U\[email protected]
c:\program files (x86)\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\0103~1\7154~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\U\[email protected]
c:\program files (x86)\SavingsApp
c:\programdata\Microsoft\Windows\DRM\1748.tmp
c:\programdata\Microsoft\Windows\DRM\3B74.tmp
c:\programdata\Microsoft\Windows\DRM\56C6.tmp
c:\programdata\Microsoft\Windows\DRM\56D7.tmp
c:\programdata\Microsoft\Windows\DRM\68D.tmp
c:\users\Administrator\AppData\Local\common_functions.dll
c:\users\Administrator\AppData\Local\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\C3C1~1\01C8~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\@
c:\users\Administrator\AppData\Local\Google\Desktop\Install\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\C3C1~1\01C8~1\CFFE~1\{cdc16996-dcb4-e07e-f8fa-fcb1f16e5627}\GoogleUpdate.exe
c:\users\Administrator\AppData\Local\ie_runner_app.exe
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\stammberger\3861496.dll
c:\users\stammberger\acrobat.exe
c:\users\stammberger\acrobat520811.exe
c:\users\stammberger\acrobatreader.exe
c:\users\stammberger\acrobatreader724841.exe
c:\users\stammberger\alg.exe
c:\users\stammberger\alg57860.exe
c:\users\stammberger\chrome.exe
c:\users\stammberger\csrss844269.exe
c:\users\stammberger\csrss962945.exe
c:\users\stammberger\ctfmon828425.exe
c:\users\stammberger\firefox453919.exe
c:\users\stammberger\flashplayer.exe
c:\users\stammberger\flashplayer532509.exe
c:\users\stammberger\googleupdate.exe
c:\users\stammberger\googleupdate165925.exe
c:\users\stammberger\icq.exe
c:\users\stammberger\icq114687.exe
c:\users\stammberger\icq116828.exe
c:\users\stammberger\icq483980.exe
c:\users\stammberger\iexplore275689.exe
c:\users\stammberger\iexplore631697.exe
c:\users\stammberger\iexplore891686.exe
c:\users\stammberger\java.exe
c:\users\stammberger\java611146.exe
c:\users\stammberger\jqs.exe
c:\users\stammberger\jqs267165.exe
c:\users\stammberger\jqs913948.exe
c:\users\stammberger\jucheck.exe
c:\users\stammberger\msconfig.exe
c:\users\stammberger\mstsc.exe
c:\users\stammberger\notepad.exe
c:\users\stammberger\notepad46736.exe
c:\users\stammberger\opera.exe
c:\users\stammberger\opera629123.exe
c:\users\stammberger\rundll32378817.exe
c:\users\stammberger\rundll32794931.exe
c:\users\stammberger\skype.exe
c:\users\stammberger\skype567214.exe
c:\users\stammberger\skype928947.exe
c:\users\stammberger\spoolsv172083.exe
c:\users\stammberger\spoolsv399740.exe
c:\users\stammberger\spoolsv581402.exe
c:\users\stammberger\spoolsv883426.exe
c:\users\stammberger\spoolsv929800.exe
c:\users\stammberger\teamviewer.exe
c:\users\stammberger\teamviewer558076.exe
c:\users\stammberger\teamviewer697608.exe
c:\users\stammberger\teamviewer748331.exe
c:\users\stammberger\vlcplayer.exe
c:\users\stammberger\vlcplayer617298.exe
c:\users\stammberger\windowsupdate117285.exe
c:\users\stammberger\windowsupdate892960.exe
c:\users\stammberger\windowsupdate924361.exe
c:\users\stammberger\winlogon877899.exe
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-07-09 to 2013-08-09 )))))))))))))))))))))))))))))))
.
.
2013-08-09 06:53 . 2013-08-09 06:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-09 06:53 . 2013-08-09 06:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-09 06:53 . 2013-08-09 06:53 -------- d-----w- c:\users\stammberger\AppData\Local\temp
2013-08-09 06:32 . 2013-08-09 06:32 -------- d-s---w- c:\windows\SysWow64\Microsoft
2013-08-09 05:32 . 2013-08-09 05:32 -------- d-----w- C:\_OTL
2013-08-09 02:48 . 2013-08-09 05:41 -------- d-----w- c:\program files (x86)\Webcake Deals Removal Tool
2013-08-09 02:48 . 2012-12-10 18:04 81920 ----a-w- c:\windows\eSellerateControl350.dll
2013-08-09 02:48 . 2012-12-10 18:04 356352 ----a-w- c:\windows\eSellerateEngine.dll
2013-08-09 02:48 . 2009-07-24 01:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2013-08-09 02:48 . 2009-07-24 01:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2013-08-09 00:55 . 2013-08-09 00:55 -------- d-----w- c:\programdata\Webroot
2013-08-09 00:55 . 2013-08-09 00:55 -------- d-----w- c:\users\Administrator\AppData\Local\PackageAware
2013-08-09 00:13 . 2013-08-09 00:13 -------- d-----w- c:\users\Administrator\AppData\Local\adawarebp
2013-08-09 00:12 . 2013-08-09 00:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2013-08-09 00:12 . 2013-08-09 00:12 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-08-09 00:12 . 2013-08-09 00:12 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-08-08 23:44 . 2013-08-08 23:44 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2013-08-08 23:44 . 2013-08-08 23:44 -------- d-----w- c:\users\Administrator\AppData\Roaming\OpenCandy
2013-08-08 23:39 . 2013-08-08 23:40 -------- d-----w- c:\program files (x86)\AbiWord
2013-08-08 23:39 . 2013-08-08 23:39 -------- d-----w- c:\users\Administrator\AppData\Roaming\DSite
2013-08-08 23:39 . 2013-08-08 23:39 -------- d-----w- c:\programdata\Babylon
2013-08-08 23:07 . 2013-08-08 23:07 -------- d-----w- c:\programdata\PC Optimizer Pro
2013-08-08 21:13 . 2013-08-09 06:45 5484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2013-08-08 17:34 . 2013-08-08 21:57 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-08-08 04:07 . 2013-08-08 04:07 -------- d-----w- c:\programdata\Licenses
2013-08-08 04:07 . 2011-11-04 12:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-08-08 04:07 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2013-08-08 03:56 . 2013-08-08 03:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\LavasoftStatistics
2013-08-08 03:56 . 2013-08-08 03:56 -------- d-----w- c:\program files (x86)\Lavasoft
2013-08-08 03:19 . 2013-08-09 00:55 -------- d-----w- c:\users\Administrator\AppData\Roaming\GetRightToGo
2013-08-08 01:57 . 2013-08-08 01:57 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-08-08 00:06 . 2013-08-08 00:06 -------- d-----w- c:\users\Administrator\AppData\Local\Geckofx
2013-08-07 02:54 . 2013-08-09 05:41 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2013-08-06 22:58 . 2013-08-09 06:53 -------- d-----w- c:\users\Administrator\AppData\Roaming\DefaultTab
2013-08-06 22:57 . 2013-08-06 22:57 -------- d-----w- c:\users\Administrator\AppData\Local\CRE
2013-08-06 21:29 . 2013-08-07 00:17 -------- d-----w- c:\users\Administrator\AppData\Local\01cZ4ngy9WV
2013-08-06 21:23 . 2013-08-07 00:17 -------- d-----w- c:\users\stammberger\AppData\Local\unH11j1lz
2013-08-06 19:48 . 2013-08-06 20:14 -------- d-----w- c:\users\stammberger\AppData\Local\fUwzGtf7Wc
2013-07-16 06:48 . 2013-08-09 05:46 -------- d-----w- c:\windows\system32\drivers\N360x64\1404000.028
2013-07-11 10:01 . 2013-05-29 05:36 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-07-10 19:32 . 2013-06-01 04:19 619008 ----a-w- c:\windows\system32\qedit.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 10:25 . 2006-11-02 12:35 78185248 ----a-w- c:\windows\system32\mrt.exe
2013-06-18 22:09 . 2013-06-18 22:10 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-06-18 16:46 . 2013-06-18 16:46 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-18 16:46 . 2013-06-18 16:46 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-06-18 16:46 . 2013-06-18 16:46 73728 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-02-11 10:47 87464 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2013-02-11 87464]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-04-13 21:47 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trojan Killer"="c:\program files (x86)\GridinSoft Trojan Killer\trojankiller.exe" [2013-02-07 6841120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-07-15 554384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\Administrator\Downloads\OTL.exe" [2013-08-09 602112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ColorVisionStartup.lnk - c:\program files (x86)\ColorVision\ColorVisionStartup\ColorVisionStartup.exe /delay 30 /pause 5 [2009-3-12 385024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2013-03-16 21:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-04-13 21:48 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mStart Page = about:blank
mDefault_Page_URL = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-26538047.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
WebBrowser-{07CBF788-1359-421B-A4E3-5A8D041B90A3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\DataMngr_Toolbar]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{09A8565B-FF31-4194-9DEA-360A224F344A}"=hex:51,66,7a,6c,4c,1d,3b,1b,4b,4d,b8,
19,01,a5,fa,0e,89,e4,69,52,24,0a,78,54
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:62,77,d9,d3,90,94,ce,01
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,3f,ff,ff,7c,1c,a1,48,aa,cd,f9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,3f,ff,ff,7c,1c,a1,48,aa,cd,f9,\
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.8bi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Photoshop.PlugIn"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-529791285-566928806-3723318967-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
@Denied: (2) (Administrator)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item1]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-529791285-566928806-3723318967-1000)
"Flag"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item2]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-529791285-566928806-3723318967-1000)
"Flag"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\DataMngr\List\Item3]
@Denied: (2) (Administrator)
@Denied: (2) (S-1-5-21-529791285-566928806-3723318967-1000)
"Flag"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-08-09 00:01:45 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-09 07:01
.
Pre-Run: 38,400,425,984 bytes free
Post-Run: 38,582,300,672 bytes free
.
- - End Of File - - D10E01ACAFDFBD58B29701A01C32885E
EF932EAA6EF4C94E66A7F6CEEC7EB422

Edited by stammberger73, 09 August 2013 - 02:24 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP