Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop ups EVERYWHERE (from Flash update?) [Solved]

Started by Dolly99 , Jan 04 2014 04:37 PM

  • This topic is locked This topic is locked

#1
Dolly99
Posted 04 January 2014 - 04:37 PM

Dolly99

    Member

  • Member
  • PipPip
  • 48 posts
Hi Geeks

I have pop ups everywhere. I have a bar at the bottom, the side and boxes popping up randomly all over the screen. They are for all kinds of things and extremely hard to get rid of. Clicking the X just takes me to the sight and it seems as if they are trying to install things no matter what I click. It started to happen when I installed a flash update yesterday.

I am not at all computer literate so thanks in advance for all your help with this problem.

OTL logfile created on: 4/01/2014 1:19:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.12 Gb Available Physical Memory | 5.76% Memory free
3.85 Gb Paging File | 1.86 Gb Available in Paging File | 48.32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 18.77 Gb Free Space | 24.02% Space Free | Partition Type: NTFS
Drive D: | 698.64 Gb Total Space | 288.11 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
Drive E: | 387.63 Gb Total Space | 382.32 Gb Free Space | 98.63% Space Free | Partition Type: NTFS
Drive F: | 372.60 Gb Total Space | 119.26 Gb Free Space | 32.01% Space Free | Partition Type: NTFS

Computer Name: MASTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/04 13:18:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2014/01/04 13:09:28 | 000,732,160 | ---- | M] () -- c:\Support\couponsupport.exe
PRC - [2013/12/26 13:19:13 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/12/21 07:49:00 | 000,317,720 | ---- | M] () -- C:\Program Files\PricePeep\PricePeepUpdater.exe
PRC - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () -- C:\Program Files\GreyGray\updateGreyGray.exe
PRC - [2013/12/04 13:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/26 13:44:54 | 005,765,464 | ---- | M] (SafeApp Software, LLC) -- C:\Program Files\Registry Helper\RegistryHelper.exe
PRC - [2013/11/26 13:44:54 | 000,084,328 | ---- | M] (SafeApp Software, LLC) -- C:\Program Files\Registry Helper\RegistryHelperService.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 19:22:04 | 000,307,712 | ---- | M] (FileHippo.com) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
PRC - [2012/09/06 22:11:30 | 001,327,104 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2012/09/06 22:06:14 | 000,393,216 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/11/14 15:21:30 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/04/23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/03 13:32:16 | 000,131,072 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2006/12/23 18:05:20 | 000,143,360 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/12/23 18:04:42 | 000,905,216 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2006/11/10 16:19:32 | 001,051,648 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCD.exe
PRC - [2006/11/10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
PRC - [2006/03/21 06:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe
PRC - [2005/11/19 20:17:39 | 000,976,608 | ---- | M] (Karen Kenworthy) -- C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/04 13:09:28 | 000,732,160 | ---- | M] () -- c:\Support\couponsupport.exe
MOD - [2013/12/26 13:19:13 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/12/21 07:49:00 | 000,317,720 | ---- | M] () -- C:\Program Files\PricePeep\PricePeepUpdater.exe
MOD - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () -- C:\Program Files\GreyGray\updateGreyGray.exe
MOD - [2013/12/04 13:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/04 13:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/04 13:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 13:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/11 03:16:28 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/11 03:16:17 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/07 00:49:48 | 000,857,600 | ---- | M] () -- c:\Program Files\PSupport\psupport.dll
MOD - [2013/08/15 04:09:52 | 001,711,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a06f7104593927a9e9be4afd4199b404\Microsoft.VisualBasic.ni.dll
MOD - [2013/08/15 04:04:31 | 011,816,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\972dcf9830a64e9802aaca3a83cae24b\System.Web.ni.dll
MOD - [2013/08/15 04:04:17 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\f4ea3ea9bbe98bbc32c6def83bd2962d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 04:02:53 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/08/15 04:02:45 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/08/15 04:02:39 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15fd2d2f4e709154b44187a6915db244\System.ServiceProcess.ni.dll
MOD - [2013/08/15 04:02:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/07/11 15:18:33 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2009/11/14 15:21:30 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
MOD - [2009/07/16 15:36:20 | 000,138,000 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 15:36:16 | 000,035,088 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/07/16 15:36:16 | 000,028,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/07/16 15:35:30 | 000,027,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\SDL.dll
MOD - [2009/07/16 15:35:20 | 000,363,792 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/07/16 15:35:08 | 011,311,888 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/07/16 15:34:56 | 000,199,952 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/07/16 15:34:46 | 000,475,408 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/07/16 15:34:34 | 000,968,976 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/07/16 15:34:22 | 007,704,336 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/07/16 15:34:22 | 002,140,944 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/07/16 15:34:12 | 000,291,600 | ---- | M] () -- C:\Program Files\Logitech\Logitech Vid\phonon4.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008/04/14 11:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 11:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/03/21 06:43:16 | 000,331,776 | ---- | M] () -- C:\Program Files\AGEIA Technologies\TrayIcon.exe


========== Services (SafeList) ==========

SRV - [2013/12/12 02:00:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () [Auto | Running] -- C:\Program Files\GreyGray\updateGreyGray.exe -- (Update GreyGray)
SRV - [2013/11/26 13:44:54 | 000,084,328 | ---- | M] (SafeApp Software, LLC) [Auto | Running] -- C:\Program Files\Registry Helper\RegistryHelperService.exe -- (Registry Helper Service)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/11/14 15:21:30 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/04 15:33:11 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/07/03 13:32:16 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2006/11/10 16:18:42 | 000,859,136 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RTL8187.sys -- (RTLWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302V32.SYS -- (PID_PEPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/01/04 00:31:38 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D8515A-6501-4623-BE35-80236EEC49E6}\MpKsl93d859e2.sys -- (MpKsl93d859e2)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/14 15:21:30 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/20 15:22:53 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2007/08/20 15:21:54 | 000,046,208 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007/08/20 15:21:54 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2007/07/19 11:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/03 13:33:04 | 000,006,912 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2006/11/10 16:17:50 | 000,033,792 | ---- | M] (Nero AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDRm.sys -- (incdrm)
DRV - [2006/11/10 16:16:34 | 000,031,360 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2006/11/10 16:15:56 | 000,010,624 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2006/11/10 16:15:44 | 000,102,912 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/08/13 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {7DD682B4-E35D-4CF5-894F-19B51EC2C219}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{7DD682B4-E35D-4CF5-894F-19B51EC2C219}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7DD682B4-E35D-4CF5-894F-19B51EC2C219}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6AC78041-1CE8-4316-AEBF-43102125A52B}: "URL" = http://websearch.ask...32-70911F5B1AE3
IE - HKCU\..\SearchScopes\{7DD682B4-E35D-4CF5-894F-19B51EC2C219}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=2.0: C:\Program Files\Virtual Earth 3D\ [2007/11/16 14:06:11 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@ReferenceBoss_1p.com/Plugin: C:\Program Files\ReferenceBoss_1p\bar\1.bin\NP1pStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\1pffxtbr@ReferenceBoss_1p.com: C:\Program Files\ReferenceBoss_1p\bar\1.bin [2012/04/11 23:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AmiExt\flashEnhancer\ff [2014/01/04 13:11:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{ff893d95-065a-4906-8049-1650c9a8d1e8}: C:\Program Files\Re-markit\150.xpi [2014/01/04 13:08:21 | 000,013,390 | ---- | M] ()

[2010/06/16 14:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/26 12:37:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2014/01/04 13:11:00 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.150_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej\2.1_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdbbfhmeckchdbojfialeigldmoffndb\2.1\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.7_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mljagbdkgmljmcpjnfmlojlkfdmffgnh\2.1\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhogbcndagiknbfomjgdeghehkljalhi\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2011/07/20 11:50:58 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Re-markit) - {0e5c45b4-01f1-4819-b787-a8e762895782} - C:\Program Files\Re-markit\150.dll ()
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
O2 - BHO: (GreyGray) - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files\GreyGray\GreyGrayBHO.dll (GreyGray)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SaveClicker) - {B86C1ED6-6660-C7E9-0864-39A5C08BF570} - C:\Program Files\SaveClicker\mS2JqA.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ReferenceBoss) - {C4676D53-FCE5-4A19-BE4D-97E6EAF7E19A} - C:\Program Files\ReferenceBoss_1p\bar\1.bin\1pbar.dll File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Registry Helper] C:\Program Files\Registry Helper\RegistryHelper.Exe (SafeApp Software, LLC)
O4 - HKLM..\Run: [SystemTray] C:\WINDOWS\System32\systray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Administrator\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Karen's Replicator.lnk = C:\Program Files\Karen's Power Tools\Replicator\PTReplicator.exe (Karen Kenworthy)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk = C:\Program Files\PricePeep\PricePeepUpdater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: login.facebook.com ([]https in Trusted sites)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1187500547250 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1187501070656 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34AFC1BE-6F78-4975-82A6-5E9D158156B1}: DhcpNameServer = 192.168.0.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\psupport\psupport.dll) - c:\Program Files\PSupport\psupport.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - Unable to open key or key not present!
O32 - AutoRun File - [2007/08/11 18:03:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5a032526-8c63-11de-ab79-001bfc4f0426}\Shell\AutoRun\command - "" = H:\JDSecure\Windows\JDSecure31.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/04 13:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lightspark 0.5.3-git
[2014/01/04 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lightspark 0.5.3-git
[2014/01/04 13:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Registry Helper
[2014/01/04 13:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\AmiExt
[2014/01/04 13:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Helper
[2014/01/04 13:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Helper
[2014/01/04 13:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.android
[2014/01/04 13:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2014/01/04 13:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2014/01/04 13:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\genienext
[2014/01/04 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Mobogenie
[2014/01/04 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie
[2014/01/04 13:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Mobogenie
[2014/01/04 13:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/04 13:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2014/01/04 13:09:28 | 000,000,000 | ---D | C] -- C:\Support
[2014/01/04 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\PSupport
[2014/01/04 13:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1b7c4bdc24f077b6
[2014/01/04 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SaveClicker
[2014/01/04 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\AppData
[2014/01/04 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch
[2014/01/04 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\SaveClicker
[2014/01/04 13:08:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Comodo
[2014/01/04 13:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit
[2014/01/04 13:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\GreyGray
[2014/01/04 13:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2014/01/02 11:08:51 | 000,000,000 | -HSD | C] -- C:\found.000
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/04 13:26:00 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BDF8CCFA-F06A-4B28-8B28-69C81205DA36}.job
[2014/01/04 13:12:09 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.jbs
[2014/01/04 13:11:46 | 000,000,070 | ---- | M] () -- C:\extensions.ini
[2014/01/04 13:11:46 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/01/04 13:10:56 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Helper.lnk
[2014/01/04 13:09:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/01/04 13:09:49 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mobogenie.lnk
[2014/01/04 13:09:33 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
[2014/01/04 13:09:29 | 000,000,372 | -H-- | M] () -- C:\WINDOWS\tasks\couponsupport-S-649636217.job
[2014/01/04 13:08:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Re-markit Update.job
[2014/01/04 13:07:43 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/01/04 13:00:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/04 12:30:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/04 01:30:07 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/04 00:26:58 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/03 14:11:46 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2014/01/03 14:11:39 | 000,273,231 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2014/01/03 14:11:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/03 14:10:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/20 14:05:35 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/12 10:33:07 | 003,667,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/12 03:18:28 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/05 14:32:01 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Documents and Settings\Administrator\*.tmp files -> C:\Documents and Settings\Administrator\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/04 13:12:09 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.jbs
[2014/01/04 13:11:46 | 000,000,070 | ---- | C] () -- C:\extensions.ini
[2014/01/04 13:11:46 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2014/01/04 13:10:56 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Helper.lnk
[2014/01/04 13:09:49 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/01/04 13:09:49 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Mobogenie.lnk
[2014/01/04 13:09:33 | 000,000,753 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
[2014/01/04 13:09:28 | 000,000,372 | -H-- | C] () -- C:\WINDOWS\tasks\couponsupport-S-649636217.job
[2014/01/04 13:08:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\Re-markit Update.job
[2014/01/04 13:07:43 | 000,000,428 | ---- | C] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/10/20 22:30:56 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wmhqbh.sys
[2013/07/10 16:00:44 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2013/07/10 16:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/06/30 11:44:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/28 15:40:26 | 000,000,249 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/02/28 15:40:26 | 000,000,065 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/02/28 15:40:15 | 000,002,944 | ---- | C] () -- C:\WINDOWS\BRPARAM.INI
[2012/02/28 15:39:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/02/28 15:39:21 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/02/15 12:23:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/05 17:11:47 | 000,000,448 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\n9aSSiELykX6Rl
[2011/03/16 12:54:55 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe PNG Format CS5 Prefs
[2011/03/16 10:51:23 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Adobe GIF Format CS5 Prefs
[2008/12/09 16:04:00 | 000,038,479 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2007/09/09 03:46:53 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
[2007/09/08 21:30:20 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/21 20:09:04 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/19 22:12:40 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2007/08/19 16:07:48 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/08/19 15:48:06 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html

========== ZeroAccess Check ==========

[2007/08/19 16:05:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 23:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/04/07 17:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2012/11/19 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/06/28 16:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2013/07/09 17:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CheckPoint
[2013/12/22 12:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Clip Art Collection
[2013/07/10 16:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ControlCenter4
[2008/01/08 11:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Datalayer
[2007/08/19 18:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Fuji Xerox
[2007/09/09 12:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/05/01 09:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2014/01/04 13:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2009/01/26 16:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2009/03/23 12:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2014/01/02 17:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Adblock
[2014/01/04 13:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2010/06/15 10:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Teleca
[2008/08/11 10:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/08/22 17:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/11/18 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/01/04 13:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1b7c4bdc24f077b6
[2008/04/07 17:03:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/11/19 15:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2012/11/19 14:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2013/07/10 16:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2009/01/26 15:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2011/03/10 11:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2007/12/22 21:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Emotum
[2011/05/26 15:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/04/21 11:22:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2009/01/26 15:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/01/26 15:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/03/16 10:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2014/01/04 13:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry Helper
[2014/01/04 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SaveClicker
[2012/11/19 14:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/10 11:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2010/04/12 10:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/16 13:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 05 January 2014 - 06:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, we are looking at adware city here. So I may miss one or two on the first run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/12/07 12:22:06 | 000,066,328 | ---- | M] () [Auto | Running] -- C:\Program Files\GreyGray\updateGreyGray.exe -- (Update GreyGray)
SRV - [2013/11/26 13:44:54 | 000,084,328 | ---- | M] (SafeApp Software, LLC) [Auto | Running] -- C:\Program Files\Registry Helper\RegistryHelperService.exe -- (Registry Helper Service)
IE - HKCU\..\URLSearchHook: {3a7f3254-eafa-4dbc-b4f3-0d40916f3352} - No CLSID value found
IE - HKCU\..\SearchScopes\{6AC78041-1CE8-4316-AEBF-43102125A52B}: "URL" = http://websearch.ask...32-70911F5B1AE3
IE - HKCU\..\SearchScopes\{9d18b218-6967-44c7-961f-c8710bf24559}: "URL" = http://search.mywebs...r={searchTerms}
FF - HKLM\Software\MozillaPlugins\@ReferenceBoss_1p.com/Plugin: C:\Program Files\ReferenceBoss_1p\bar\1.bin\NP1pStub.dll File not found
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\1pffxtbr@ReferenceBoss_1p.com: C:\Program Files\ReferenceBoss_1p\bar\1.bin [2012/04/11 23:56:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AmiExt\flashEnhancer\ff [2014/01/04 13:11:00 | 000,000,000 | ---D | M]
[2014/01/04 13:11:00 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF
O2 - BHO: (Re-markit) - {0e5c45b4-01f1-4819-b787-a8e762895782} - C:\Program Files\Re-markit\150.dll ()
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files\AmiExt\flashEnhancer\ie\AmiBho.dll ()
O2 - BHO: (GreyGray) - {ae60e6ed-49dd-4099-8b5e-386a4908d5d5} - C:\Program Files\GreyGray\GreyGrayBHO.dll (GreyGray)
O2 - BHO: (SaveClicker) - {B86C1ED6-6660-C7E9-0864-39A5C08BF570} - C:\Program Files\SaveClicker\mS2JqA.dll ()
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ReferenceBoss) - {C4676D53-FCE5-4A19-BE4D-97E6EAF7E19A} - C:\Program Files\ReferenceBoss_1p\bar\1.bin\1pbar.dll File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKCU..\Run: [NextLive] C:\Documents and Settings\Administrator\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk = C:\Program Files\PricePeep\PricePeepUpdater.exe ()
O20 - AppInit_DLLs: (c:\progra~1\psupport\psupport.dll) - c:\Program Files\PSupport\psupport.dll ()
[2014/01/04 13:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lightspark 0.5.3-git
[2014/01/04 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lightspark 0.5.3-git
[2014/01/04 13:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Registry Helper
[2014/01/04 13:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\AmiExt
[2014/01/04 13:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Helper
[2014/01/04 13:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Helper
[2014/01/04 13:10:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
[2014/01/04 13:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\newnext.me
[2014/01/04 13:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\genienext
[2014/01/04 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Mobogenie
[2014/01/04 13:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mobogenie
[2014/01/04 13:09:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Mobogenie
[2014/01/04 13:09:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2014/01/04 13:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2014/01/04 13:09:28 | 000,000,000 | ---D | C] -- C:\Support
[2014/01/04 13:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\PSupport
[2014/01/04 13:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1b7c4bdc24f077b6
[2014/01/04 13:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SaveClicker
[2014/01/04 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\SaveClicker
[2014/01/04 13:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Re-markit
[2014/01/04 13:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\GreyGray
[2014/01/04 13:07:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2014/01/04 13:12:09 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\store-pp.jbs
[2014/01/04 13:11:46 | 000,000,070 | ---- | M] () -- C:\extensions.ini
[2014/01/04 13:11:46 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/01/04 13:10:56 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Helper.lnk
[2014/01/04 13:09:49 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2014/01/04 13:09:49 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mobogenie.lnk
[2014/01/04 13:09:33 | 000,000,753 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PricePeepUpdater.lnk
[2014/01/04 13:09:29 | 000,000,372 | -H-- | M] () -- C:\WINDOWS\tasks\couponsupport-S-649636217.job
[2014/01/04 13:08:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Re-markit Update.job
[2014/01/04 13:07:43 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2014/01/04 13:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SwvUpdater
[2011/03/10 11:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2014/01/04 13:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Registry Helper
[2014/01/04 13:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SaveClicker

:Files
c:\Support
C:\Program Files\Mobogenie
C:\Program Files\PricePeep
C:\Program Files\GreyGray
C:\Program Files\Registry Helper
c:\Program Files\PSupport
C:\Program Files\SaveClicker
C:\Program Files\Re-markit
C:\Program Files\ReferenceBoss_1p
C:\Documents and Settings\Administrator\Application Data\newnext.me

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#3
Dolly99
Posted 05 January 2014 - 11:52 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Essexboy

I copied and pasted then run fix. It says it is killing something then freezes. The only thing that seems to be active is the "registry helper" that has found 3761 problems and do I want to activate the fix. When I click no it stays frozen. I am unable to access OLT or chrome at all even though they are showing on my screen as active.

Thanks Dolly
  • 0

#4
Dolly99
Posted 06 January 2014 - 12:46 AM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Something has downloaded registry helper and mobogenie to my desktop. Not me, I just said yes to the flash update. I am replying to this post from my iPad as my desktop is frozen.
Thanks for your help
  • 0

#5
Essexboy
Posted 06 January 2014 - 07:53 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then the next task will be to run the fix from safe mode :

Reboot the computer and repeatedly press F8 as soon as the manufacturers screen appears
On the menu that appears select safe mode with networking
Once in safe mode then run the fixes as previously stated
  • 0

#6
Dolly99
Posted 06 January 2014 - 03:37 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
It won't allow me to start in this mode. It says it won't work then goes to the default. Now when I press F8 on the first screen it takes me to a reboot
Please select boot device
1st floppy drive
HDD:PM SAMSUNG HD501Lj
HDD:PS SAMSUNG HD401LJ
CDROM:SM ASUS DRW 1814BLT
HDD:SS ST3750640AS

In normal mode the only screen I can access is the registry helper. I can get OTL up and loaded along with google but as soon as RH is up nothing else will work.
  • 0

#7
Essexboy
Posted 06 January 2014 - 03:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets shift programmes

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please attach: All RKreport.txt text files located on your desktop.
  • 0

#8
Dolly99
Posted 06 January 2014 - 04:57 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OK mananged to run that one, thanks

Attached Files


  • 0

#9
Essexboy
Posted 07 January 2014 - 07:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now try OTL again, that should run now
  • 0

#10
Dolly99
Posted 07 January 2014 - 02:33 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL still won't run. The computer freezes and I am getting a microsoft security essentials box pop up from the lower right corner.
  • 0

Advertisements

#11
Essexboy
Posted 07 January 2014 - 03:34 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets get the big boy on it

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#12
Dolly99
Posted 07 January 2014 - 05:56 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
combo fix done I am still covered in pop ups and redirects. It seems to have killed Registry Helper. It is no longer showing in the bottom right corner however there is still a shortcut to it on my bottom bar. It is no longer showing on my screen automatically. I'm afraid to touch the icon on the bottom in case it relaunches. I am getting a flash player update request and a java update request.



ComboFix 14-01-04.03 - Administrator 08/01/2014 10:26:42.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2047.502 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\SwvUpdater
c:\documents and settings\Administrator\Application Data\SwvUpdater\status.cfg
c:\documents and settings\Administrator\Application Data\SwvUpdater\Updater.exe
c:\documents and settings\Administrator\Application Data\SwvUpdater\Updater.xml
c:\documents and settings\Administrator\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Administrator\Start Menu\Programs\System Check
c:\documents and settings\Administrator\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Registry Helper
c:\documents and settings\All Users\Start Menu\Programs\Registry Helper\Registry Helper.lnk
c:\documents and settings\All Users\Start Menu\Programs\Registry Helper\Visit our Website.lnk
c:\program files\AmiExt\flashEnhancer\ie\AmIBho.dll
c:\program files\PricePeep
c:\program files\PricePeep\installer.ico
c:\program files\PricePeep\prICepeep.dll
c:\program files\PricePeep\PricePeepUpdater.exe
c:\program files\PricePeep\uninstall.exe
c:\program files\PricePeep\unutil.exe
c:\program files\PSupport\psupport.dll
c:\program files\PSupport\uninstall.exe
c:\program files\Registry Helper
c:\program files\Registry Helper\Advisor Letters\00_Advisor Letters Index.htm
c:\program files\Registry Helper\Advisor Letters\images\computerupdater_box.jpg
c:\program files\Registry Helper\Advisor Letters\images\delete_invalid_entries_grey.jpg
c:\program files\Registry Helper\Advisor Letters\images\delete_junk_files_grey.jpg
c:\program files\Registry Helper\Advisor Letters\images\diskcleaner_box.jpg
c:\program files\Registry Helper\Advisor Letters\images\get_activation_key.gif
c:\program files\Registry Helper\Advisor Letters\images\get_discount.gif
c:\program files\Registry Helper\Advisor Letters\images\header.gif
c:\program files\Registry Helper\Advisor Letters\images\index_16.gif
c:\program files\Registry Helper\Advisor Letters\images\internet_speed_optimizer.jpg
c:\program files\Registry Helper\Advisor Letters\images\iPad_Video_Lessons.jpg
c:\program files\Registry Helper\Advisor Letters\images\livedrive.gif
c:\program files\Registry Helper\Advisor Letters\images\print_16.gif
c:\program files\Registry Helper\Advisor Letters\images\signature.jpg
c:\program files\Registry Helper\Advisor Letters\images\startup_manager.jpg
c:\program files\Registry Helper\Advisor Letters\images\update_computer_grey.jpg
c:\program files\Registry Helper\Advisor Letters\include\footer.js
c:\program files\Registry Helper\Advisor Letters\include\footer_short.js
c:\program files\Registry Helper\Advisor Letters\include\header.js
c:\program files\Registry Helper\Advisor Letters\include\jsfunctions.js
c:\program files\Registry Helper\Advisor Letters\Letter1.htm
c:\program files\Registry Helper\Advisor Letters\Letter10.htm
c:\program files\Registry Helper\Advisor Letters\Letter11.htm
c:\program files\Registry Helper\Advisor Letters\Letter12.htm
c:\program files\Registry Helper\Advisor Letters\Letter13.htm
c:\program files\Registry Helper\Advisor Letters\Letter14.htm
c:\program files\Registry Helper\Advisor Letters\Letter15.htm
c:\program files\Registry Helper\Advisor Letters\Letter16.htm
c:\program files\Registry Helper\Advisor Letters\Letter17.htm
c:\program files\Registry Helper\Advisor Letters\Letter18.htm
c:\program files\Registry Helper\Advisor Letters\Letter19.htm
c:\program files\Registry Helper\Advisor Letters\Letter2.htm
c:\program files\Registry Helper\Advisor Letters\Letter20.htm
c:\program files\Registry Helper\Advisor Letters\Letter21.htm
c:\program files\Registry Helper\Advisor Letters\Letter22.htm
c:\program files\Registry Helper\Advisor Letters\Letter3.htm
c:\program files\Registry Helper\Advisor Letters\Letter4.htm
c:\program files\Registry Helper\Advisor Letters\Letter5.htm
c:\program files\Registry Helper\Advisor Letters\Letter6.htm
c:\program files\Registry Helper\Advisor Letters\Letter7.htm
c:\program files\Registry Helper\Advisor Letters\Letter8.htm
c:\program files\Registry Helper\Advisor Letters\Letter9.htm
c:\program files\Registry Helper\AdvisorLetters.exe
c:\program files\Registry Helper\background.gif
c:\program files\Registry Helper\ErrorFound.wav
c:\program files\Registry Helper\Help\About.htm
c:\program files\Registry Helper\Help\Activate Now.htm
c:\program files\Registry Helper\Help\Help.htm
c:\program files\Registry Helper\Help\Help_header.htm
c:\program files\Registry Helper\Help\Help_index.htm
c:\program files\Registry Helper\Help\How To Order.htm
c:\program files\Registry Helper\Help\Ignore List.htm
c:\program files\Registry Helper\Help\images\about.jpg
c:\program files\Registry Helper\Help\images\activate.jpg
c:\program files\Registry Helper\Help\images\activate_now.jpg
c:\program files\Registry Helper\Help\images\activation_incorrect.jpg
c:\program files\Registry Helper\Help\images\activation_successful.jpg
c:\program files\Registry Helper\Help\images\background.gif
c:\program files\Registry Helper\Help\images\ignore_list.jpg
c:\program files\Registry Helper\Help\images\index_16.gif
c:\program files\Registry Helper\Help\images\internet_speed_optimizer.jpg
c:\program files\Registry Helper\Help\images\invalid_entries_detected.jpg
c:\program files\Registry Helper\Help\images\logo.gif
c:\program files\Registry Helper\Help\images\program_settings.jpg
c:\program files\Registry Helper\Help\images\restore.jpg
c:\program files\Registry Helper\Help\images\scan_now.jpg
c:\program files\Registry Helper\Help\images\scan_options.jpg
c:\program files\Registry Helper\Help\images\scanning.jpg
c:\program files\Registry Helper\Help\images\scheduler.jpg
c:\program files\Registry Helper\Help\images\splash_screen.jpg
c:\program files\Registry Helper\Help\images\startup_manager.jpg
c:\program files\Registry Helper\Help\images\updates.jpg
c:\program files\Registry Helper\Help\include\footer.js
c:\program files\Registry Helper\Help\include\jsfunctions.js
c:\program files\Registry Helper\Help\Internet Optimizer.htm
c:\program files\Registry Helper\Help\Invalid Entries Detected.htm
c:\program files\Registry Helper\Help\License Agreement.htm
c:\program files\Registry Helper\Help\Overview.htm
c:\program files\Registry Helper\Help\Program Settings.htm
c:\program files\Registry Helper\Help\Restore.htm
c:\program files\Registry Helper\Help\Retrieve Lost Activation Key.htm
c:\program files\Registry Helper\Help\Scan Now.htm
c:\program files\Registry Helper\Help\Scan Options.htm
c:\program files\Registry Helper\Help\Scanning.htm
c:\program files\Registry Helper\Help\Scheduler.htm
c:\program files\Registry Helper\Help\Splash Screen.htm
c:\program files\Registry Helper\Help\Startup Manager.htm
c:\program files\Registry Helper\Help\System Requirements.htm
c:\program files\Registry Helper\Help\Technical Support.htm
c:\program files\Registry Helper\Help\Uninstall.htm
c:\program files\Registry Helper\Help\Updates.htm
c:\program files\Registry Helper\logo.gif
c:\program files\Registry Helper\msxml6.msi
c:\program files\Registry Helper\Registry Helper Screen Saver Setup.exe
c:\program files\Registry Helper\Registry Helper.url
c:\program files\Registry Helper\RegistryHelper.exe
c:\program files\Registry Helper\RegistryHelperService.exe
c:\program files\Registry Helper\RegistryHelperSetupCB.exe
c:\program files\Registry Helper\RegistryHelperSetupTR.exe
c:\program files\Registry Helper\RegistryHelperUninstaller.exe
c:\program files\Registry Helper\Starter.exe
c:\program files\Registry Helper\uninst.exe
c:\program files\Registry Helper\vbrun60sp5.exe
c:\support\couponsupport.exe
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\PowerToyReadme.htm
D:\install.exe
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_INPUT_MANAGER
-------\Legacy_LOCAL_ACCOUNT_AUTHORITY_SERVICE
-------\Legacy_MOUSEDRIVER
-------\Legacy_PLUG_MANAGER
-------\Service_npf
-------\Legacy_Registry_Helper_Service
-------\Legacy_Registry_Helper_Service
-------\Service_Registry Helper Service
-------\Service_Registry Helper Service
.
.
((((((((((((((((((((((((( Files Created from 2013-12-07 to 2014-01-07 )))))))))))))))))))))))))))))))
.
.
2014-01-07 23:35 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
2014-01-07 23:35 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2014-01-07 20:25 . 2014-01-07 20:25 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D7A091B-0D5C-4C22-B864-ED8511FC4DB6}\MpKsl3df8b972.sys
2014-01-07 13:28 . 2014-01-07 13:28 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D7A091B-0D5C-4C22-B864-ED8511FC4DB6}\MpKsl9bb48f46.sys
2014-01-07 13:27 . 2014-01-07 13:27 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D7A091B-0D5C-4C22-B864-ED8511FC4DB6}\offreg.dll
2014-01-07 13:26 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D7A091B-0D5C-4C22-B864-ED8511FC4DB6}\mpengine.dll
2014-01-06 22:53 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-06 02:58 . 2014-01-06 02:58 -------- d-----w- C:\_OTL
2014-01-04 02:11 . 2014-01-04 02:11 -------- d-----w- c:\program files\Lightspark 0.5.3-git
2014-01-04 02:10 . 2014-01-07 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Registry Helper
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\program files\AmiExt
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\.android
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\cache
2014-01-04 02:10 . 2014-01-06 22:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\newnext.me
2014-01-04 02:10 . 2014-01-04 02:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\genienext
2014-01-04 02:10 . 2014-01-04 02:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mobogenie
2014-01-04 02:09 . 2014-01-04 02:25 -------- d-----w- c:\program files\Mobogenie
2014-01-04 02:09 . 2014-01-07 23:34 -------- d-----w- C:\Support
2014-01-04 02:09 . 2014-01-07 23:34 -------- d-----w- c:\program files\PSupport
2014-01-04 02:08 . 2014-01-04 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\1b7c4bdc24f077b6
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SaveClicker
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\AppData
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\program files\SaveClicker
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Torch
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Comodo
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\HelpAssistant
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\Guest
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\documents and settings\ASPNET
2014-01-04 02:08 . 2014-01-04 02:08 -------- d-----w- c:\program files\Re-markit
2014-01-04 02:07 . 2014-01-04 10:08 -------- d-----w- c:\program files\GreyGray
2014-01-02 00:08 . 2014-01-02 00:08 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-06 22:47 . 2014-01-06 22:47 82688 ----a-w- c:\windows\system32\drivers\WudfRd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 76544 ----a-w- c:\windows\system32\drivers\WudfPf.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4352 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 38528 ----a-w- c:\windows\system32\drivers\wpdusb.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 285952 ----a-w- c:\windows\system32\drivers\yk51x86.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS.bak
2014-01-06 22:47 . 2014-01-06 22:47 12032 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 81664 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 54016 ----a-w- c:\windows\system32\drivers\wmhqbh.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 503008 ----a-w- c:\windows\system32\drivers\wdf01000.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 35040 ----a-w- c:\windows\system32\drivers\wdfldr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 34560 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25471 ----a-w- c:\windows\system32\drivers\watv10nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 22271 ----a-w- c:\windows\system32\drivers\watv06nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14208 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11935 ----a-w- c:\windows\system32\drivers\wadv11nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11871 ----a-w- c:\windows\system32\drivers\wadv09nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11807 ----a-w- c:\windows\system32\drivers\wadv07nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11295 ----a-w- c:\windows\system32\drivers\wadv08nt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 59520 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 58112 ----a-w- c:\windows\system32\drivers\vdmindvd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5376 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30336 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 26368 ----a-w- c:\windows\system32\drivers\usbstor.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 26240 ----a-w- c:\windows\system32\drivers\usbser.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25728 ----a-w- c:\windows\system32\drivers\usbcamd2.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25600 ----a-w- c:\windows\system32\drivers\usbcamd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20992 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20608 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15872 ----a-w- c:\windows\system32\drivers\usbintel.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 144128 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 66048 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 51712 ----a-w- c:\windows\system32\drivers\tosdvd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 44672 ----a-w- c:\windows\system32\drivers\uagp35.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 44032 ----a-w- c:\windows\system32\drivers\usbaapl.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 40840 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 384768 ----a-w- c:\windows\system32\drivers\update.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 21376 ----a-w- c:\windows\system32\drivers\tsbvcap.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 19072 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14976 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 95424 ----a-w- c:\windows\system32\drivers\slnthal.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS.bak
2014-01-06 22:47 . 2014-01-06 22:47 73472 ----a-w- c:\windows\system32\drivers\sr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 6272 ----a-w- c:\windows\system32\drivers\splitter.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5888 ----a-w- c:\windows\system32\drivers\smbali.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 49408 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4352 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 40960 ----a-w- c:\windows\system32\drivers\sisagp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 404990 ----a-w- c:\windows\system32\drivers\slntamr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 357888 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 25344 ----a-w- c:\windows\system32\drivers\sonydcam.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 14592 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 13240 ----a-w- c:\windows\system32\drivers\slwdmsup.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 129535 ----a-w- c:\windows\system32\drivers\slnt7554.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11392 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 96384 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 79232 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 6784 ----a-w- c:\windows\system32\drivers\serscan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 64512 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 62336 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 5888 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 43904 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 392960 ----a-w- c:\windows\system32\drivers\senfilt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 30592 ----a-w- c:\windows\system32\drivers\rndismp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 166912 ----a-w- c:\windows\system32\drivers\s3gnbm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 15744 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11904 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 11008 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 59136 ----a-w- c:\windows\system32\drivers\rfcomm.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 57600 ----a-w- c:\windows\system32\drivers\redbook.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 51328 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 48384 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 34432 ----a-w- c:\windows\system32\drivers\rawwan.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys.bak
2014-01-06 22:47 . 2014-01-06 22:47 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0e5c45b4-01f1-4819-b787-a8e762895782}]
2014-01-04 02:08 147456 ----a-w- c:\program files\Re-markit\150.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ae60e6ed-49dd-4099-8b5e-386a4908d5d5}]
2013-12-07 01:22 249624 ----a-w- c:\program files\GreyGray\GreyGrayBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B86C1ED6-6660-C7E9-0864-39A5C08BF570}]
2013-01-04 02:08 427008 ----a-w- c:\program files\SaveClicker\mS2JqA.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-19 68856]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 81920]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-08-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-08-20 1953792]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-22 483328]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-08-20 868352]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"mobilegeni daemon"="c:\program files\Mobogenie\DaemonProcess.exe" [2013-12-26 761536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
Karen's Replicator.lnk - c:\program files\Karen's Power Tools\Replicator\PTReplicator.exe [2005-11-19 976608]
PricePeepUpdater.lnk - c:\qoobox\Quarantine\C\Program Files\PricePeep\PricePeepUpdater.exe.vir [2013-12-21 317720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-8-19 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [1782-1-19 10872]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n [2005-5-3 81920]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Brother\\Brmfl10g\\FAXRX.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [20/10/2013 10:16 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20/10/2013 10:16 PM 701512]
R2 Update GreyGray;Update GreyGray;c:\program files\GreyGray\updateGreyGray.exe [7/12/2013 12:22 PM 66328]
R2 Util GreyGray;Util GreyGray;c:\program files\GreyGray\bin\utilGreyGray.exe [4/01/2014 9:08 PM 66328]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [10/07/2013 4:00 PM 266240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20/10/2013 10:16 PM 22856]
S1 MpKsl5b19412e;MpKsl5b19412e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D7A091B-0D5C-4C22-B864-ED8511FC4DB6}\MpKsl5b19412e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D7A091B-0D5C-4C22-B864-ED8511FC4DB6}\MpKsl5b19412e.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 2:28 PM 160944]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys --> c:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [1/06/2011 9:52 AM 27064]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys --> c:\windows\system32\DRIVERS\RTL8187.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 03:30 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 15:00]
.
2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:45]
.
2014-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:45]
.
2014-01-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 04:01]
.
2014-01-07 c:\windows\Tasks\Re-markit Update.job
- c:\program files\Re-markit\ReMarkit_up.exe [2014-01-04 02:08]
.
2014-01-07 c:\windows\Tasks\User_Feed_Synchronization-{BDF8CCFA-F06A-4B28-8B28-69C81205DA36}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: login.facebook.com
TCP: DhcpNameServer = 192.168.0.13
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe
AddRemove-iMesh MediaBar - c:\program files\iMesh Applications\iMesh MediaBar\Uninstall.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-PricePeep - c:\program files\PricePeep\uninstall.exe
AddRemove-Registry Helper - c:\program files\Registry Helper\uninst.exe
AddRemove-S-649636217 - c:\support\couponsupport.exe
AddRemove-SP_4e97a14a - c:\program files\PSupport\uninstall.exe
AddRemove-{00180409-78E1-11D2-B60F-006097C998E7} - c:\program files\Microsoft Office\ART\uninstall.exe
AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\documents and settings\Administrator\Application Data\SwvUpdater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-08 10:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
mobilegeni daemon = c:\program files\Mobogenie\DaemonProcess.exe?????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1715567821-1220945662-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,61,00,ae,7d,a5,2a,4a,ae,92,a7,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,61,00,ae,7d,a5,2a,4a,ae,92,a7,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8f,10,3d,29,7e,02,02,40,ba,86,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2876)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\ControlCenter4\BrCtrlCntr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ControlCenter4\BrCcUxSys.exe
c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2014-01-08 10:48:51 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-07 23:48
.
Pre-Run: 20,583,559,168 bytes free
Post-Run: 21,697,912,832 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E7142048083DD4CAC259273863C9377B
8F558EB6672622401DA993E1E865C861
  • 0

#13
Essexboy
Posted 08 January 2014 - 07:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will now kill the rest in reverse order, and then use OTL to see what remains

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, there will be just one log.
  • Post all logs

  • 0

#14
Dolly99
Posted 08 January 2014 - 03:07 PM

Dolly99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I am trying to run as administrator however, the password I have been given is not working. The general consciences is that a virus reset it?? Is there a way to reset this password?
  • 0

#15
Essexboy
Posted 08 January 2014 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Without knowing the password then no I am afraid..

The programmes should automatically elevate themselves without requiring a password

Does this occur for OTL and AdwCleaner ?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP