When I click on the link in #28 I am not able to go to that link my chrome fails? So I downloaded from bleeping and that one worked. Nothing found.
CryptoLocker - Paid - Unencrypt - Blue Screen [Solved]
#31
Posted 10 April 2014 - 09:05 AM
#32
Posted 10 April 2014 - 09:10 AM
- Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
- Click Quick Scan to start OTL.
- When OTL finishes scanning, a logs, OTL.txt will open.
- Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
#33
Posted 10 April 2014 - 09:41 AM
OTL logfile created on: 4/10/2014 8:28:00 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Subash.AEROPRODUCTS\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 69.86% Memory free
4.84 Gb Paging File | 4.04 Gb Available in Paging File | 83.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 114.13 Gb Free Space | 76.62% Space Free | Partition Type: NTFS
Drive G: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Drive L: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Drive M: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Drive N: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Drive O: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Drive P: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Drive Q: | 201.22 Gb Total Space | 109.11 Gb Free Space | 54.22% Space Free | Partition Type: NTFS
Computer Name: NSUBASH | User Name: subash | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/04/10 08:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash.AEROPRODUCTS\Desktop\OTL.exe
PRC - [2014/04/04 14:26:55 | 000,106,248 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro\hmpsched.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/22 07:19:36 | 000,203,088 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2014/01/22 07:19:16 | 000,375,120 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/07 06:15:50 | 000,030,744 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
PRC - [2012/12/05 08:04:58 | 000,415,328 | ---- | M] (United Parcel Service, Inc.) -- C:\UPS\WSTD\WSTDMessaging.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\ShowMyPCService\tvnserver.exe
PRC - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
PRC - [2008/12/04 10:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 10:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/25 06:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\Ofps.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/12 17:42:25 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/02/12 17:42:23 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2014/02/12 17:39:48 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\78e7a4c3acd1a345c4ef1f73ff48a1dd\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 17:39:48 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7e310942e6e9a5d623e003130ec3d9bd\System.Transactions.ni.dll
MOD - [2014/02/12 17:39:46 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\af8afdcab485e00a04b18ed487981f3d\System.Data.ni.dll
MOD - [2014/02/12 17:39:10 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/12 17:39:00 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/12 17:38:28 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 17:38:22 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 17:38:12 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 17:37:59 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2013/07/11 06:10:25 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_798818c4\mscorlib.dll
MOD - [2013/07/11 06:10:21 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_76dda81e\system.drawing.dll
MOD - [2013/07/11 06:09:53 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_88ae709a\system.xml.dll
MOD - [2013/07/10 16:48:51 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_3fa5b65c\system.windows.forms.dll
MOD - [2013/07/10 16:48:43 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4d77c31c\system.dll
MOD - [2013/07/10 16:48:35 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013/07/10 16:48:34 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2013/07/10 16:48:34 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013/07/10 16:48:33 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2013/03/07 06:15:50 | 000,030,744 | ---- | M] () -- C:\UPS\WSTD\UPSNA1Msgr.exe
MOD - [2013/03/07 04:27:16 | 000,045,056 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\UPS.Components.NA1MessengerServer.dll
MOD - [2013/03/07 04:12:46 | 000,057,344 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\UPS.Components.PolicyHolder.dll
MOD - [2013/03/07 04:12:46 | 000,024,576 | ---- | M] () -- C:\UPS\WSTD\POLICYMGR\Microsoft.ApplicationBlocks.Data.dll
MOD - [2013/03/07 03:44:20 | 000,018,432 | ---- | M] () -- C:\UPS\WSTD\UPSResourceManager.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/25 14:35:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2008/04/25 14:35:57 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/04/25 14:35:57 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007/07/23 12:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\Ofps.exe
========== Services (SafeList) ==========
SRV - [2014/04/04 14:26:55 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/12 08:54:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 14:20:49 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2014/01/22 07:19:36 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/22 07:19:16 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2008/12/04 10:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)
SRV - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014/04/10 07:08:38 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/01/22 07:19:17 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/12/01 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/30 06:29:45 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/05/03 18:57:54 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 16:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 15:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/21 14:09:12 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 14:09:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/23 12:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {362C21EA-D2BD-4E9D-8F67-1363FBF2DD30}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{101E360D-BF91-478E-BA3F-B309733DC5D2}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{362C21EA-D2BD-4E9D-8F67-1363FBF2DD30}: "URL" = http://www.google.co...1I7AURU_enUS502
IE - HKCU\..\SearchScopes\{479B73E4-D027-4011-B490-1AB4353F65F7}: "URL" = http://websearch.ask...9C-3363EFFBBCC0
IE - HKCU\..\SearchScopes\{F869E347-D22B-4B62-BC8D-FC8BC4879719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2014/04/10 06:20:21 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/28 17:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/07 08:10:13 | 000,000,000 | ---D | M]
[2013/04/18 16:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/04/09 12:29:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKLM..\RunServicesOnce: [FAXPrint] C:\WINDOWS\System32\awadpr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: disa.mil ([myinvoice.csd] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248132281578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.micr...loadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.75.164.89 66.75.164.90 10.10.1.1 10.10.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aeroproductsco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C44912-03C0-4394-8874-C95241E87D13}: DhcpNameServer = 66.75.164.89 66.75.164.90 10.10.1.1 10.10.1.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C44912-03C0-4394-8874-C95241E87D13}: NameServer = 10.10.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 14:29:34 | 000,000,000 | ---- | M] () - C:\autoexec.old -- [ NTFS ]
O33 - MountPoints2\{ba778a24-14be-11df-a21b-0024e81948c8}\Shell\explore\Command - "" = boot.exe
O33 - MountPoints2\{ba778a24-14be-11df-a21b-0024e81948c8}\Shell\open\Command - "" = boot.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/10 08:27:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Subash.AEROPRODUCTS\Desktop\OTL.exe
[2014/04/10 06:34:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/04/09 12:24:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014/04/09 12:12:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/04/09 12:11:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2014/04/08 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Download Manager
[2014/04/08 18:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2014/04/08 18:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2014/04/08 18:01:25 | 000,000,000 | ---D | C] -- C:\ImageStorage
[2014/04/08 08:15:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/04/08 08:15:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/04/08 08:15:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/04/08 08:15:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/04/08 08:15:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/04/08 08:15:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/04/07 08:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/07 08:18:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/07 08:10:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/04/04 14:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/04 13:37:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/04 13:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/04/04 13:37:08 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 13:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/04 13:36:51 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/04 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/04 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/04 13:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
========== Files - Modified Within 30 Days ==========
[2014/04/10 08:32:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/10 08:27:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash.AEROPRODUCTS\Desktop\OTL.exe
[2014/04/10 08:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/10 07:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/10 07:43:01 | 000,527,285 | ---- | M] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\My Documents\COC.exe
[2014/04/10 07:08:38 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/10 06:20:15 | 000,000,253 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2014/04/10 06:19:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/10 06:18:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/10 06:18:44 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/09 16:31:30 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/04/09 16:25:24 | 000,527,415 | ---- | M] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\My Documents\C of C Master.exe
[2014/04/09 14:15:18 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/04/09 12:45:54 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2014/04/09 12:29:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/04/09 12:12:19 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/04/09 12:08:19 | 000,001,248 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014/04/08 18:04:11 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2014/04/08 08:37:37 | 000,536,060 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/08 08:37:37 | 000,112,536 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/08 07:12:28 | 000,080,367 | ---- | M] () -- C:\WINDOWS\System32\drivers\afd.zip
[2014/04/08 07:11:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/06 10:19:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/03/14 16:37:20 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2014/04/09 16:31:29 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2014/04/09 12:22:58 | 000,004,068 | ---- | C] () -- C:\WINDOWS\SIV450c.isu
[2014/04/09 12:12:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/04/08 18:04:11 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2014/04/08 08:33:16 | 3220,160,512 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/08 08:27:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/04/08 08:15:59 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/04/08 08:15:59 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/04/08 08:15:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/04/08 08:15:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/04/08 08:15:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/04/08 07:12:28 | 000,080,367 | ---- | C] () -- C:\WINDOWS\System32\drivers\afd.zip
[2014/04/06 10:19:02 | 000,001,014 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2014/04/02 11:15:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/21 12:26:24 | 000,002,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2013/12/16 12:53:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\inspectr.ini
[2013/05/09 16:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2013/05/09 16:04:14 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2012/12/06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2012/12/06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2012/04/10 12:14:19 | 000,000,140 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/04/10 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/04/10 12:14:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/04/10 12:14:04 | 000,031,261 | ---- | C] () -- C:\WINDOWS\HL-5340D.INI
[2012/04/10 12:13:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/04/10 12:13:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/04/10 12:13:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2012/04/10 12:13:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/02/08 15:10:05 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\FASTWiz.html
[2009/07/28 14:05:21 | 000,001,822 | ---- | C] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\Application Data\wklnhst.dat
[2009/07/21 15:09:29 | 000,000,450 | RHS- | C] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\ntuser.pol
[2009/07/21 14:34:55 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\fusioncache.dat
[2009/07/21 14:28:37 | 000,001,248 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
========== ZeroAccess Check ==========
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 21:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/04/04 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/10 06:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014/02/05 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/01/20 07:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2009/06/26 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/07/28 14:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash.AEROPRODUCTS\Application Data\Template
[2009/06/26 11:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash.AEROPRODUCTS\Application Data\Windows Desktop Search
[2009/07/21 16:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash.AEROPRODUCTS\Application Data\Windows Search
========== Purity Check ==========
< End of report >
#34
Posted 10 April 2014 - 10:49 AM
looks much better now.
Step 1: OTL Fix
- Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
- Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
:Commands [CREATERESTOREPOINT] :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKCU\..\SearchScopes\{101E360D-BF91-478E-BA3F-B309733DC5D2}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7 IE - HKCU\..\SearchScopes\{479B73E4-D027-4011-B490-1AB4353F65F7}: "URL" = http://websearch.ask...9C-3363EFFBBCC0 IE - HKCU\..\SearchScopes\{F869E347-D22B-4B62-BC8D-FC8BC4879719}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: disa.mil ([myinvoice.csd] https in Trusted sites) O33 - MountPoints2\{ba778a24-14be-11df-a21b-0024e81948c8}\Shell\explore\Command - "" = boot.exe O33 - MountPoints2\{ba778a24-14be-11df-a21b-0024e81948c8}\Shell\open\Command - "" = boot.exe [2014/04/10 07:43:01 | 000,527,285 | ---- | M] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\My Documents\COC.exe [2014/04/09 16:25:24 | 000,527,415 | ---- | M] () -- C:\Documents and Settings\Subash.AEROPRODUCTS\My Documents\C of C Master.exe [2014/04/09 12:22:58 | 000,004,068 | ---- | C] () -- C:\WINDOWS\SIV450c.isu :Commands [EMPTYTEMP]
- Click the Run Fix button.
- After your computer has rebooted, run OTL and click Quick Scan.
- Copy and paste the contents of the log that it produces into your next post.
How is your PC running?
#35
Posted 10 April 2014 - 12:12 PM
It seems good.
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{101E360D-BF91-478E-BA3F-B309733DC5D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{101E360D-BF91-478E-BA3F-B309733DC5D2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{479B73E4-D027-4011-B490-1AB4353F65F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{479B73E4-D027-4011-B490-1AB4353F65F7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F869E347-D22B-4B62-BC8D-FC8BC4879719}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F869E347-D22B-4B62-BC8D-FC8BC4879719}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\disa.mil\myinvoice.csd\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba778a24-14be-11df-a21b-0024e81948c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba778a24-14be-11df-a21b-0024e81948c8}\ not found.
File boot.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba778a24-14be-11df-a21b-0024e81948c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba778a24-14be-11df-a21b-0024e81948c8}\ not found.
File boot.exe not found.
C:\Documents and Settings\Subash.AEROPRODUCTS\My Documents\COC.exe moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\My Documents\C of C Master.exe moved successfully.
C:\WINDOWS\SIV450c.isu moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: administrator.AEROPRODUCTS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LOREEN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Subash
->Temp folder emptied: 216596 bytes
->Temporary Internet Files folder emptied: 12998639 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5891891 bytes
->Google Chrome cache emptied: 11125158 bytes
->Flash cache emptied: 3315 bytes
User: Subash.AEROPRODUCTS
->Temp folder emptied: 1001953 bytes
->Temporary Internet Files folder emptied: 19625123 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1038 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7012 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 30851 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9691769 bytes
Total Files Cleaned = 58.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04102014_110420
Files\Folders moved on Reboot...
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\JavaDeployReg.log moved successfully.
File\Folder C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\~DF864D.tmp not found!
File\Folder C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\~DF865A.tmp not found!
File\Folder C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\~DF86F6.tmp not found!
File\Folder C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\~DF8703.tmp not found!
File\Folder C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\~DF8734.tmp not found!
File\Folder C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temp\~DF8741.tmp not found!
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\Y10XFFQE\fastbutton[1].htm moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\QQETTP3E\8n77RrR4jg0[3].htm moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\QQETTP3E\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\QQETTP3E\like[1].htm moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\QQETTP3E\nQhiC-wSiJx0pvEuJl8d8A[1].eot moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\QQETTP3E\postmessageRelay[2].htm moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\22LLYBF5\8n77RrR4jg0[1].htm moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\Content.IE5\22LLYBF5\page-3[1].htm moved successfully.
C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
#36
Posted 10 April 2014 - 12:23 PM
please read my instructions carefully. It said you should do a Quickscan.
- Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
- Click Quick Scan to start OTL.
- When OTL finishes scanning, a logs, OTL.txt will open.
- Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
#37
Posted 11 April 2014 - 06:31 PM
It seem to be running alittle slow but other than that no issues seen.
#38
Posted 12 April 2014 - 04:07 AM
in my opinion your PC is clean. There are so many reasons why your PC is a little bit slow - it could be some Software problems, hardware problems etc.
We need to remove the tools we've used during cleaning your machine
- Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
- Ensure Remove disinfection tools is ticked
Also tick:- Create registry backup
- Purge system restore
- Click Run
Exercise common sense
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.
Keep up on Windows updates
Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.
Slow computer?
If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.
Keep Safe!
#39
Posted 14 April 2014 - 06:54 AM
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users