Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CryptoLocker - Paid - Unencrypt - Blue Screen [Solved]


  • This topic is locked This topic is locked

#1
bhzendner

bhzendner

    Member

  • Member
  • PipPipPip
  • 226 posts

One of my clients got Crytolocker, they paid the randsum and with 2 hours it started to decrypt stopping on some it could not decrypt. They tryed to remove it now they get only a blue screen on booting.

 

I have it on my bench and I can boot into Safemode with networking, have run Malwarebytes, Superantispware, Hitman Pro, each removed a few and now scan clean.

 

In normal mode it still gets a blue screen of death.

 

Please help. 


  • 0

Advertisements


#2
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

Forgot to post this...

 

OTL logfile created on: 4/6/2014 12:23:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Subash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.37% Memory free
4.84 Gb Paging File | 4.62 Gb Available in Paging File | 95.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 118.04 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
Drive G: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive L: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive M: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive N: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive O: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive P: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive Q: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
 
Computer Name: NSUBASH | User Name: Subash | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\ShowMyPCService\tvnserver.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2007/07/23 12:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/04 14:26:55 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/12 08:54:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 14:20:49 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2014/01/22 07:19:36 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/22 07:19:16 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2008/12/04 10:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)
SRV - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/06 11:57:24 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/01/22 07:19:17 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/12/01 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/30 06:29:45 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/05/03 18:57:54 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 16:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 15:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/21 14:09:12 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 14:09:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/23 12:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = {45E8943A-03DC-4A91-A9A3-2457C4B0740A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {45E8943A-03DC-4A91-A9A3-2457C4B0740A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...1I7AURU_enUS502
IE - HKCU\..\SearchScopes\{981B708A-8F40-4E50-8A29-3A821EECF4D8}: "URL" = http://websearch.ask...9C-3363EFFBBCC0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/28 17:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/28 17:08:26 | 000,000,000 | ---D | M]
 
[2012/02/14 15:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Extensions
[2013/06/04 12:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions
[2012/11/19 17:10:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/04/18 16:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/08/02 18:48:41 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2013/08/02 18:48:47 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\RunServicesOnce: [FAXPrint] C:\WINDOWS\System32\awadpr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O15 - HKCU\..Trusted Domains: disa.mil ([myinvoice.csd] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248132281578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.192.11 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aeroproductsco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C44912-03C0-4394-8874-C95241E87D13}: DhcpNameServer = 192.168.192.11 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Subash/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 14:29:34 | 000,000,000 | ---- | M] () - C:\autoexec.old -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/06 12:23:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 09:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Subash\Recent
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/04/04 14:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/04 13:37:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/04 13:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/04/04 13:37:08 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 13:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/04 13:36:51 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/04 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/04 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/04 13:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Start Menu\Programs\CleanUp!
[2014/04/04 13:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2014/04/02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\1ZB12EF56IJZF567
[2014/04/02 15:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Application Data\Systweak
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 12:19:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/06 12:18:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/06 12:15:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/06 12:15:48 | 172,077,056 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/04/06 11:58:00 | 000,000,253 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2014/04/06 11:57:40 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2014/04/06 11:57:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/06 11:57:24 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/06 11:54:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/06 10:19:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2014/04/06 09:48:50 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 17:54:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 14:26:55 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:41:13 | 000,536,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/04 13:41:13 | 000,112,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/04 13:37:14 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:01 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/04 09:54:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 13:39:57 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/01 11:20:59 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/27 07:11:45 | 000,527,672 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\COC.exe
[2014/03/26 09:11:51 | 000,527,280 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\C of C Master.exe
[2014/03/25 07:15:19 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\scandoc on Aero.lnk
[2014/03/24 15:33:13 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Bidops.mdb
[2014/03/20 16:29:32 | 000,503,890 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\Cover, Protective.exe
[2014/03/17 07:08:51 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/14 16:37:20 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/06 10:19:02 | 000,001,014 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 14:27:00 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/04 14:26:55 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:37:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:56 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/02 13:39:57 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/02 11:15:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/01 11:20:59 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/26 15:58:05 | 000,500,548 | ---- | C] () -- C:\Documents and Settings\Subash\My Documents\Payroll Change Form.exe
[2014/01/21 12:26:24 | 000,002,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2013/12/16 12:53:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\inspectr.ini
[2013/12/16 12:09:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Subash\PUTTY.RND
[2013/10/09 11:28:58 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2013/05/09 16:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2013/05/09 16:04:14 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2013/03/27 07:20:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Subash\Application Data\wklnhst.dat
[2012/12/06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2012/12/06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2012/04/10 12:14:19 | 000,000,140 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/04/10 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/04/10 12:14:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/04/10 12:14:04 | 000,031,261 | ---- | C] () -- C:\WINDOWS\HL-5340D.INI
[2012/04/10 12:14:01 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2012/04/10 12:13:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/04/10 12:13:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/04/10 12:13:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2012/04/10 12:13:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/02/08 15:12:18 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\FASTWiz.html
[2009/07/21 14:28:37 | 000,001,248 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/07/20 16:20:13 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Subash\NTUSER.bak
[2009/07/20 16:20:13 | 000,037,939 | -H-- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\xurye.asv
[2009/07/20 16:20:13 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2013/05/13 13:47:15 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\@
[2013/05/13 13:47:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\L
[2013/05/13 13:47:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\U
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 21:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/09/21 10:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2014/04/04 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/06 11:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014/02/05 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/01/20 07:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2014/04/06 09:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/06/26 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/02/05 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/19 16:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Centra
[2012/11/19 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Saba
[2014/04/04 13:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Systweak
[2014/02/05 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TeamViewer
[2013/03/27 07:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Template
[2014/03/03 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TightVNC
[2012/02/27 08:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\webex
[2009/07/20 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#3
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hello and Welcome on board bhzendner :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Senior Team of the forum' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. 

 


have run Malwarebytes, Superantispware, Hitman Pro, each removed a few and now scan clean.

What did it found? :)

There should be an Extras.txt located under C:\Documents and Settings\Subash\Desktop - if yes post the content of that file, if not, do this:
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Click the none Button
  • Change the following options:
    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, Extras.txt will open
  • Copy (Ctrl+C) and Paste (Ctrl+V) the content of Extras.txt into your next post please.

  • 0

#4
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
OTL Extras logfile created on: 4/6/2014 12:23:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Subash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.37% Memory free
4.84 Gb Paging File | 4.62 Gb Available in Paging File | 95.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 118.04 Gb Free Space | 79.26% Space Free | Partition Type: NTFS
Drive G: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive L: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive M: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive N: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive O: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive P: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
Drive Q: | 183.62 Gb Total Space | 83.62 Gb Free Space | 45.54% Space Free | Partition Type: NTFS
 
Computer Name: NSUBASH | User Name: Subash | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA (3610)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B506387-D1FF-4757-AF2C-C98F7BB83392}" = Brother HL-5340D
"{1FAF0F08-7120-4192-BF6A-B1EC7E26A935}" = UPSVCMM
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{2BFDA78F-39F7-4537-9995-71424CFA88BB}" = LogMeIn
"{2D410D4A-5478-4810-8AFC-AA67B5B660A8}" = ADP PCPayroll Migration Utilities
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FF43F5D-5729-4E02-A548-310E30A5F29B}" = Microsoft CAPICOM 2.1.0.2 SDK
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390160B4-D276-4A04-8002-8D3101A0D367}" = UPSICC
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AE3EAC8-FAD9-4ECC-A339-BBAD8C72DE71}" = UPSDB
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5540F934-06D9-4DCE-B7D4-93DBA58D0338}" = WorldShip
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56B59C2A-EFB8-44AC-88F5-3280171E4522}" = PolicyManager
"{5CF5C6EF-09AB-4B4C-9816-44F4EDCC406B}" = MSMail2003
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.9
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68AF09E3-1167-4771-903C-CCCDCF7E171C}" = NRF
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ECB87DE-FF47-4A8F-97FD-1024F7885BB3}" = FOSS
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5BD501-AD5D-4A75-9321-076509B438FC}" = WebHelp
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95749C5B-BC37-41E3-8D39-EEF4C21A2825}" = CCC
"{95BFC573-7D09-46C9-B458-A75BA947FFCB}" = UPSVC2008MM
"{976475B8-63E9-4559-BE2C-D26086BE4C40}" = LogMeIn
"{98C4DE92-27C8-482C-8431-514828756E80}" = Reconciler
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5763105-D1D5-4862-A3FE-EC058F9AA73E}" = ICCHelp
"{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}" = Crystal Reports XI Release 2 .NET 2005 Server
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC728F95-2D3F-4D05-9E1E-F2A3CEBF3FE8}" = FormsComponent
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23415D8-FE94-4F52-B5C4-0FFA2202C6D9}" = UPSVCMM
"{C30E30A6-0AB5-470A-AB67-D322938F5429}" = SupportUtility
"{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}" = ReportServer
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9D43B38-34AD-4EC2-B696-46F42D49D174}" = MSIChecker
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}" = UnifiedPrinting
"{D44E7219-947E-4F1B-830E-66EF11ACC543}" = NA1Messenger
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DB2C58E0-6284-4B48-97F2-22A980B6360B}" = System
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (UPSWSDBSERVER)
"{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}" = UPSlinkHTTP
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E85B767C-AD1B-41FA-8CEF-C927ABB1D275}" = AlignmentUtility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FAAF59A3-4B9A-4B8F-A43F-821E8DA8DA95}" = WSShared
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"CentraClient" = Centra Client
"CleanUp!" = CleanUp!
"Computer Automated Transportation Tool (CATT) MSL/IRRD_is1" = Computer Automated Transportation Tool (CATT) MSL/IRRD 1.2
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"HitmanPro37" = HitmanPro 3.7
"ie8" = Windows Internet Explorer 8
"Kyocera Product Library" = Kyocera Product Library
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSAWFax" = Microsoft Fax
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OmniForm 4.0" = OmniForm 4.0
"Oracle JInitiator 1.1.8.3" = Oracle JInitiator 1.1.8.3
"PROHYBRIDR" = 2007 Microsoft Office system
"ScMgr30Uninstall" = Caere Scan Manager 4.01
"Solomon IV 4.50 Client 4.50" = Solomon IV 4.50 Client
"TeamViewer 9" = TeamViewer 9
"UPS WorldShip" = UPS WorldShip
"WebUpdate" = WebUpdate
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fc3ac04dc8eedef7" = Web Launcher
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/5/2014 9:08:33 AM | Computer Name = NSUBASH | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
 is unavailable. ). Group Policy processing aborted. 
 
Error - 4/5/2014 10:57:34 AM | Computer Name = NSUBASH | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
 is unavailable. ). Group Policy processing aborted. 
 
Error - 4/5/2014 12:49:48 PM | Computer Name = NSUBASH | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
 is unavailable. ). Group Policy processing aborted. 
 
Error - 4/5/2014 2:46:04 PM | Computer Name = NSUBASH | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
 is unavailable. ). Group Policy processing aborted. 
 
Error - 4/5/2014 4:46:38 PM | Computer Name = NSUBASH | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
 is unavailable. ). Group Policy processing aborted. 
 
Error - 4/5/2014 6:45:14 PM | Computer Name = NSUBASH | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The RPC server
 is unavailable. ). Group Policy processing aborted. 
 
Error - 4/6/2014 2:43:08 PM | Computer Name = NSUBASH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 4/6/2014 2:43:12 PM | Computer Name = NSUBASH | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
Error - 4/6/2014 2:56:59 PM | Computer Name = NSUBASH | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
 network. (The specified domain either does not exist or could not be contacted.
 ). Group Policy processing aborted. 
 
Error - 4/6/2014 2:56:59 PM | Computer Name = NSUBASH | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
 the active directory (0x8007054b).  The specified domain either does not exist 
or could not be contacted.    Enrollment will not be performed.
 
[ ODiag Events ]
Error - 9/6/2011 10:52:57 AM | Computer Name = NSUBASH | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
 
Error - 1/5/2012 11:15:02 AM | Computer Name = NSUBASH | Source = Microsoft Office 12 Diagnostics | ID = 320
Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A
 
[ OSession Events ]
Error - 4/13/2010 4:32:57 PM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 4/13/2010 4:34:18 PM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 81
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11/10/2010 12:05:35 PM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 647
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 8/2/2011 7:33:36 PM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 7062
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 9/6/2011 10:52:56 AM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 579
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 1/5/2012 11:14:58 AM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 193
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 1/5/2012 11:23:11 AM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 475
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 2/9/2012 7:39:38 PM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 573
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 3/5/2014 8:22:50 PM | Computer Name = NSUBASH | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 4/6/2014 2:44:15 PM | Computer Name = NSUBASH | Source = Service Control Manager | ID = 7024
Description = The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific
 error 0 (0x0).
 
Error - 4/6/2014 2:56:59 PM | Computer Name = NSUBASH | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AEROPRODUCTS due to the
 following:   %%1311.    Make sure that the computer is connected to the network and try
again.
 If the problem persists, please contact your domain administrator.
 
Error - 4/6/2014 2:57:05 PM | Computer Name = NSUBASH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 4/6/2014 2:57:05 PM | Computer Name = NSUBASH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 15 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 4/6/2014 2:57:39 PM | Computer Name = NSUBASH | Source = Print | ID = 33
Description = The PrintQueue Container could not be found because the DNS Domain
 name could not be retrieved.  Error: 54b
 
Error - 4/6/2014 2:57:51 PM | Computer Name = NSUBASH | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf8acc05, parameter3
 b93d8c28, parameter4 00000000.
 
Error - 4/6/2014 3:17:41 PM | Computer Name = NSUBASH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   eeCtrl  Fips  intelppm  SASDIFSV  SASKUTIL
 
Error - 4/6/2014 3:17:41 PM | Computer Name = NSUBASH | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error: 
  %%1060
 
Error - 4/6/2014 3:18:24 PM | Computer Name = NSUBASH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 4/6/2014 3:24:29 PM | Computer Name = NSUBASH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
 
< End of report >

  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hey,
now we are going to kill the nasty things on your system. :)

Step 1: Backdoor Warning

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please proceed with the following steps.

Step 2: Uninstalls

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):
  • Coupon Printer for Windows
Step 3: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKCU\..\SearchScopes\{981B708A-8F40-4E50-8A29-3A821EECF4D8}: "URL" = http://websearch.ask...9C-3363EFFBBCC0
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - user.js - File not found
    [2013/08/02 18:48:41 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2013/08/02 18:48:47 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
    O15 - HKCU\..Trusted Domains: disa.mil ([myinvoice.csd] https in Trusted sites)
    O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} Reg Error: Value error. (Reg Error: Value error.)
    O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
    [2014/04/02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\1ZB12EF56IJZF567
    [2014/04/02 15:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Application Data\Systweak
    [2014/04/01 11:20:59 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
    [2014/03/27 07:11:45 | 000,527,672 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\COC.exe
    [2014/03/26 09:11:51 | 000,527,280 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\C of C Master.exe
    [2014/03/20 16:29:32 | 000,503,890 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\Cover, Protective.exe
    [2009/07/20 16:20:13 | 000,037,939 | -H-- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\xurye.asv
    
    
    :Files
    C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.
Step 4: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\


Step 5: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 6: OTL Scan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 7: Question

How is the PC running? Can you boot now into normal mode?
  • 1

#6
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
# AdwCleaner v3.023 - Report created 07/04/2014 at 08:18:31
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Subash - NSUBASH
# Running from : C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Documents and Settings\administrator.AEROPRODUCTS\Application Data\DriverCure
Folder Found C:\Documents and Settings\administrator.AEROPRODUCTS\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\administrator.AEROPRODUCTS\Application Data\Systweak
Folder Found C:\Documents and Settings\administrator.AEROPRODUCTS\Start Menu\Programs\ParetoLogic
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\Subash\Application Data\Systweak
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\systweak
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v16.0.2 (en-US)
 
[ File : C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\prefs.js ]
 
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\administrator.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4030 octets] - [07/04/2014 08:18:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4090 octets] ##########
 

# AdwCleaner v3.023 - Report created 07/04/2014 at 08:19:49
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Subash - NSUBASH
# Running from : C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Subash\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\administrator.AEROPRODUCTS\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\administrator.AEROPRODUCTS\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\administrator.AEROPRODUCTS\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\administrator.AEROPRODUCTS\Start Menu\Programs\ParetoLogic
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v16.0.2 (en-US)
 
[ File : C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\administrator.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4170 octets] - [07/04/2014 08:18:31]
AdwCleaner[S0].txt - [4169 octets] - [07/04/2014 08:19:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4229 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Subash on Mon 04/07/2014 at  8:21:35.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{981B708A-8F40-4E50-8A29-3A821EECF4D8}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/07/2014 at  8:24:12.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

OTL logfile created on: 4/7/2014 8:25:39 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Subash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 90.55% Memory free
4.84 Gb Paging File | 4.76 Gb Available in Paging File | 98.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 117.94 Gb Free Space | 79.19% Space Free | Partition Type: NTFS
Drive E: | 7.26 Gb Total Space | 1.76 Gb Free Space | 24.24% Space Free | Partition Type: FAT32
 
Computer Name: NSUBASH | User Name: Subash | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\ShowMyPCService\tvnserver.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/07/23 12:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/04 14:26:55 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/12 08:54:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 14:20:49 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2014/01/22 07:19:36 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/22 07:19:16 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2008/12/04 10:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)
SRV - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/07 08:04:35 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/01/22 07:19:17 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/12/01 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/30 06:29:45 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/05/03 18:57:54 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 16:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 15:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/21 14:09:12 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 14:09:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/23 12:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...1I7AURU_enUS502
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/28 17:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/07 08:10:13 | 000,000,000 | ---D | M]
 
[2012/02/14 15:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Extensions
[2013/06/04 12:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions
[2012/11/19 17:10:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/04/18 16:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2008/04/14 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S0].txt ()
O4 - HKLM..\RunServicesOnce: [FAXPrint] C:\WINDOWS\System32\awadpr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKCU\..Trusted Domains: adp.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([cashproonline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bankofamerica.com ([cashproonlineca] * in Trusted sites)
O15 - HKCU\..Trusted Domains: disa.mil ([myinvoice.csd] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248132281578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {a2001dd0-c7bd-11d4-a3e1-00c04fa32518} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aeroproductsco.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No CLSID value found.
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Subash/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 14:29:34 | 000,000,000 | ---- | M] () - C:\autoexec.old -- [ NTFS ]
O32 - AutoRun File - [2013/01/30 04:38:06 | 000,000,075 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/07 08:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/07 08:18:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/07 08:18:14 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Subash\Desktop\JRT.exe
[2014/04/07 08:10:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/06 12:23:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 09:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Subash\Recent
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/04/04 14:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/04 13:37:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/04 13:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/04/04 13:37:08 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 13:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/04 13:36:51 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/04 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/04 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/04 13:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Start Menu\Programs\CleanUp!
[2014/04/04 13:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2014/04/02 15:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\1ZB12EF56IJZF567
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/07 08:21:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/07 08:20:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/07 08:17:30 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Subash\Desktop\JRT.exe
[2014/04/07 08:16:46 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
[2014/04/07 08:04:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 08:04:35 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/07 07:54:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/06 16:56:06 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/06 13:58:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 12:15:48 | 172,077,056 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/04/06 11:58:00 | 000,000,253 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2014/04/06 11:57:40 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2014/04/06 10:19:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 17:54:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 14:26:55 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:41:13 | 000,536,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/04 13:41:13 | 000,112,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/04 13:37:14 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:01 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/04 09:54:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 13:39:57 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/01 11:20:59 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/27 07:11:45 | 000,527,672 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\COC.exe
[2014/03/26 09:11:51 | 000,527,280 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\C of C Master.exe
[2014/03/25 07:15:19 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\scandoc on Aero.lnk
[2014/03/24 15:33:13 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Bidops.mdb
[2014/03/20 16:29:32 | 000,503,890 | ---- | M] () -- C:\Documents and Settings\Subash\My Documents\Cover, Protective.exe
[2014/03/17 07:08:51 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/14 16:37:20 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/07 08:18:14 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
[2014/04/06 10:19:02 | 000,001,014 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 14:27:00 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/04 14:26:55 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:37:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:56 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/02 13:39:57 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/02 11:15:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/01 11:20:59 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/26 15:58:05 | 000,500,548 | ---- | C] () -- C:\Documents and Settings\Subash\My Documents\Payroll Change Form.exe
[2014/01/21 12:26:24 | 000,002,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2013/12/16 12:53:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\inspectr.ini
[2013/12/16 12:09:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Subash\PUTTY.RND
[2013/10/09 11:28:58 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2013/05/09 16:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2013/05/09 16:04:14 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2013/03/27 07:20:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Subash\Application Data\wklnhst.dat
[2012/12/06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2012/12/06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2012/04/10 12:14:19 | 000,000,140 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/04/10 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/04/10 12:14:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/04/10 12:14:04 | 000,031,261 | ---- | C] () -- C:\WINDOWS\HL-5340D.INI
[2012/04/10 12:14:01 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2012/04/10 12:13:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/04/10 12:13:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/04/10 12:13:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2012/04/10 12:13:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/02/08 15:12:18 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\FASTWiz.html
[2009/07/21 14:28:37 | 000,001,248 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/07/20 16:20:13 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Subash\NTUSER.bak
[2009/07/20 16:20:13 | 000,037,939 | -H-- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\xurye.asv
[2009/07/20 16:20:13 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2013/05/13 13:47:15 | 000,002,048 | -HS- | M] () -- C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\@
[2013/05/13 13:47:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\L
[2013/05/13 13:47:15 | 000,000,000 | -HSD | M] -- C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\U
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 21:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/04 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/07 07:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014/02/05 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/01/20 07:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2009/06/26 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/02/05 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/19 16:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Centra
[2012/11/19 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Saba
[2014/02/05 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TeamViewer
[2013/03/27 07:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Template
[2014/03/03 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TightVNC
[2012/02/27 08:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\webex
[2009/07/20 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
< End of report >
 
Testing normal boot now.
 

  • 0

#7
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

It still acts the same when I boot normally, I get a startup screen of the tulips but big black lines thru it, then looks normal then BSOD.

 

Why me???


  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
OK, please follow my instructions carefully. It seems that you didn't done the OTL Fix - please try that again. Read my instructions carefully. :)
  • 0

#9
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

First time I tryed to do it with out attaching to the internet, I guess that did not work, This time I attached to the interenet.
 
 
 
# AdwCleaner v3.023 - Report created 07/04/2014 at 09:02:37
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Subash - NSUBASH
# Running from : C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v16.0.2 (en-US)
 
[ File : C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\administrator.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4170 octets] - [07/04/2014 08:18:31]
AdwCleaner[R1].txt - [1505 octets] - [07/04/2014 09:01:52]
AdwCleaner[S0].txt - [4309 octets] - [07/04/2014 08:19:49]
AdwCleaner[S1].txt - [1426 octets] - [07/04/2014 09:02:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1486 octets] ##########
 
 
# AdwCleaner v3.023 - Report created 07/04/2014 at 09:01:52
# Updated 01/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Subash - NSUBASH
# Running from : C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v16.0.2 (en-US)
 
[ File : C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\prefs.js ]
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Subash.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\administrator.AEROPRODUCTS\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4170 octets] - [07/04/2014 08:18:31]
AdwCleaner[R1].txt - [1305 octets] - [07/04/2014 09:01:52]
AdwCleaner[S0].txt - [4309 octets] - [07/04/2014 08:19:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1425 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Subash on Mon 04/07/2014 at  9:04:27.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/07/2014 at  9:07:55.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{981B708A-8F40-4E50-8A29-3A821EECF4D8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{981B708A-8F40-4E50-8A29-3A821EECF4D8}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
File C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adp.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bankofamerica.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bankofamerica.com\cashproonline\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bankofamerica.com\cashproonlineca\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\disa.mil\myinvoice.csd\ deleted successfully.
Starting removal of ActiveX control {9b935470-ad4a-11d5-b63e-00c04faedb18}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9b935470-ad4a-11d5-b63e-00c04faedb18}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9b935470-ad4a-11d5-b63e-00c04faedb18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b935470-ad4a-11d5-b63e-00c04faedb18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9b935470-ad4a-11d5-b63e-00c04faedb18}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9b935470-ad4a-11d5-b63e-00c04faedb18}\ not found.
Starting removal of ActiveX control {a2001dd0-c7bd-11d4-a3e1-00c04fa32518}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{a2001dd0-c7bd-11d4-a3e1-00c04fa32518}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{a2001dd0-c7bd-11d4-a3e1-00c04fa32518}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2001dd0-c7bd-11d4-a3e1-00c04fa32518}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a2001dd0-c7bd-11d4-a3e1-00c04fa32518}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2001dd0-c7bd-11d4-a3e1-00c04fa32518}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ deleted successfully.
C:\WINDOWS\1ZB12EF56IJZF567 folder moved successfully.
Folder C:\Documents and Settings\Subash\Application Data\Systweak\ not found.
File move failed. C:\WINDOWS\system32\drivers\48e909b1a349b297.sys scheduled to be moved on reboot.
C:\Documents and Settings\Subash\My Documents\COC.exe moved successfully.
C:\Documents and Settings\Subash\My Documents\C of C Master.exe moved successfully.
C:\Documents and Settings\Subash\My Documents\Cover, Protective.exe moved successfully.
C:\Documents and Settings\Subash\Local Settings\Application Data\xurye.asv moved successfully.
========== FILES ==========
C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\U folder moved successfully.
C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f\L folder moved successfully.
C:\RECYCLER\S-1-5-18\$2d0b9934ee9604d8c900f0ce1921dd3f folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6116226 bytes
->Flash cache emptied: 492 bytes
 
User: administrator.AEROPRODUCTS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Java cache emptied: 26014087 bytes
->Google Chrome cache emptied: 6925015 bytes
->Flash cache emptied: 1131 bytes
 
User: All Users
 
User: anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 268 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 469 bytes
->Flash cache emptied: 321 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34041 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 321 bytes
 
User: LOREEN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 201 bytes
->Flash cache emptied: 321 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33773 bytes
 
User: Subash
->Temp folder emptied: 3164552 bytes
->Temporary Internet Files folder emptied: 483503 bytes
->Java cache emptied: 17224638 bytes
->FireFox cache emptied: 37393263 bytes
->Google Chrome cache emptied: 12664781 bytes
->Flash cache emptied: 36519 bytes
 
User: Subash.AEROPRODUCTS
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 22013 bytes
->Java cache emptied: 3791861 bytes
->Google Chrome cache emptied: 10181704 bytes
->Flash cache emptied: 37500 bytes
 
%systemdrive% .tmp files removed: 4998219 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121700 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 488596115 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 589.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04072014_085945
 
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\48e909b1a349b297.sys scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
New Scan....
 

OTL logfile created on: 4/7/2014 9:11:24 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Subash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 87.50% Memory free
4.84 Gb Paging File | 4.66 Gb Available in Paging File | 96.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 118.51 Gb Free Space | 79.57% Space Free | Partition Type: NTFS
 
Computer Name: NSUBASH | User Name: Subash | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\ShowMyPCService\tvnserver.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2007/07/23 12:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/04 14:26:55 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/12 08:54:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 14:20:49 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2014/01/22 07:19:36 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/22 07:19:16 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2008/12/04 10:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)
SRV - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/07 08:04:35 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/01/22 07:19:17 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/12/01 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/05/30 06:29:45 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/05/03 18:57:54 | 000,130,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 16:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 15:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/21 14:09:12 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 14:09:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/07/23 12:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...1I7AURU_enUS502
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/28 17:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/07 08:10:13 | 000,000,000 | ---D | M]
 
[2012/02/14 15:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Extensions
[2013/06/04 12:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions
[2012/11/19 17:10:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/04/18 16:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/07 08:59:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner\AdwCleaner[S1].txt ()
O4 - HKLM..\RunServicesOnce: [FAXPrint] C:\WINDOWS\System32\awadpr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248132281578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.192.11 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aeroproductsco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C44912-03C0-4394-8874-C95241E87D13}: DhcpNameServer = 192.168.192.11 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Subash/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 14:29:34 | 000,000,000 | ---- | M] () - C:\autoexec.old -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/07 08:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/07 08:18:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/07 08:18:14 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Subash\Desktop\JRT.exe
[2014/04/07 08:10:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/06 12:23:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 09:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Subash\Recent
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/04/04 14:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/04 13:37:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/04 13:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/04/04 13:37:08 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 13:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/04 13:36:51 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/04 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/04 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/04 13:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Start Menu\Programs\CleanUp!
[2014/04/04 13:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/07 09:07:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/07 09:04:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/07 09:03:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/07 08:59:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/04/07 08:54:55 | 169,263,104 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/04/07 08:34:43 | 000,000,253 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2014/04/07 08:34:33 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2014/04/07 08:34:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 08:17:30 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Subash\Desktop\JRT.exe
[2014/04/07 08:16:46 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
[2014/04/07 08:04:35 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/07 07:54:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/06 16:56:06 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 10:19:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 17:54:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 14:26:55 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:41:13 | 000,536,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/04 13:41:13 | 000,112,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/04 13:37:14 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:01 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/04 09:54:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 13:39:57 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/01 11:20:59 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/25 07:15:19 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\scandoc on Aero.lnk
[2014/03/24 15:33:13 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Bidops.mdb
[2014/03/17 07:08:51 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/14 16:37:20 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/07 08:18:14 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
[2014/04/06 10:19:02 | 000,001,014 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 14:27:00 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/04 14:26:55 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:37:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:56 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/02 13:39:57 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/02 11:15:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/01 11:20:59 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/26 15:58:05 | 000,500,548 | ---- | C] () -- C:\Documents and Settings\Subash\My Documents\Payroll Change Form.exe
[2014/01/21 12:26:24 | 000,002,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2013/12/16 12:53:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\inspectr.ini
[2013/12/16 12:09:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Subash\PUTTY.RND
[2013/10/09 11:28:58 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2013/05/09 16:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2013/05/09 16:04:14 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2013/03/27 07:20:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Subash\Application Data\wklnhst.dat
[2012/12/06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2012/12/06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2012/04/10 12:14:19 | 000,000,140 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/04/10 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/04/10 12:14:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/04/10 12:14:04 | 000,031,261 | ---- | C] () -- C:\WINDOWS\HL-5340D.INI
[2012/04/10 12:14:01 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2012/04/10 12:13:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/04/10 12:13:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/04/10 12:13:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2012/04/10 12:13:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/02/08 15:12:18 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\FASTWiz.html
[2009/07/21 14:28:37 | 000,001,248 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/07/20 16:20:13 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Subash\NTUSER.bak
[2009/07/20 16:20:13 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 21:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/04 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/07 07:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014/02/05 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/01/20 07:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2009/06/26 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/02/05 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/19 16:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Centra
[2012/11/19 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Saba
[2014/02/05 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TeamViewer
[2013/03/27 07:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Template
[2014/03/03 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TightVNC
[2012/02/27 08:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\webex
[2009/07/20 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

#10
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

BSOD 

Again.


  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

One of my clients got Crytolocker, they paid the randsum and with 2 hours it started to decrypt stopping on some it could not decrypt. They tryed to remove it now they get only a blue screen on booting.

Can you explain what you mean with clients exactly? Is this PC for your work etc.? I need to know this that I'm able to help you.
  • 0

#12
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts

A friend of mine.


  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Hi :)

Step 1: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    [2014/04/01 11:20:59 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.
Step 2: ASWMBR

Please download aswMBR from one of the links below and save it to your Desktop.



Download Mirror #1

  • Right-click on aswMBR.exe and select Run as Administrator.
  • Click Yes when asked to download the Avast! definitions.
  • Click Scan to initiate the scan.
  • When the scan finishes, click Save Log and save this to your Desktop.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FSS icon and select Run as Administrator)
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#14
bhzendner

bhzendner

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 226 posts
All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 10
========== OTL ==========
File move failed. C:\WINDOWS\system32\drivers\48e909b1a349b297.sys scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: administrator.AEROPRODUCTS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: anne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LOREEN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Subash
->Temp folder emptied: 2854000 bytes
->Temporary Internet Files folder emptied: 41717 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7357058 bytes
->Flash cache emptied: 0 bytes
 
User: Subash.AEROPRODUCTS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39780 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 10.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04072014_105724
 
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\48e909b1a349b297.sys scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 

Farbar Service Scanner Version: 25-02-2014
Ran by Subash (administrator) on 07-04-2014 at 12:09:36
Running from "C:\Documents and Settings\Subash\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Network
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of sharedaccess. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of sharedaccess. The value does not exist.
Unable to retrieve ServiceDll of sharedaccess. The value does not exist.
Checking LEGACY_sharedaccess: ATTENTION!=====> Unable to open LEGACY_sharedaccess\0000 registry key. The key does not exist.
 
 
Firewall Disabled Policy: 
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".
 
BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".
 
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys
[2008-04-25 09:16] - [2011-08-17 06:49] - 0138496 ____A () D41D8CD98F00B204E9800998ECF8427E
 
ATTENTION!=====> C:\WINDOWS\system32\Drivers\afd.sys IS INFECTED.
 
C:\WINDOWS\system32\Drivers\netbt.sys
[2008-04-25 09:16] - [2008-04-14 05:00] - 0162816 ____A () D41D8CD98F00B204E9800998ECF8427E
 
ATTENTION!=====> C:\WINDOWS\system32\Drivers\netbt.sys IS INFECTED.
 
C:\WINDOWS\system32\Drivers\tcpip.sys
[2008-04-25 09:16] - [2008-06-20 04:51] - 0361600 ____A () D41D8CD98F00B204E9800998ECF8427E
 
ATTENTION!=====> C:\WINDOWS\system32\Drivers\tcpip.sys IS INFECTED.
 
C:\WINDOWS\system32\Drivers\ipsec.sys
[2008-04-25 09:16] - [2008-04-14 05:00] - 0075264 ____A () D41D8CD98F00B204E9800998ECF8427E
 
ATTENTION!=====> C:\WINDOWS\system32\Drivers\ipsec.sys IS INFECTED.
 
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys
[2008-04-25 14:27] - [2008-04-14 05:00] - 0073472 ____A () D41D8CD98F00B204E9800998ECF8427E
 
ATTENTION!=====> C:\WINDOWS\system32\Drivers\sr.sys IS INFECTED.
 
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 
0x09000000040000000100000002000000030000000500000006000000070000000800000009000000
IpSec Tag value is correct.
 
**** End of log ****
 

OTL logfile created on: 4/7/2014 12:10:13 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Subash\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 81.92% Memory free
4.84 Gb Paging File | 4.35 Gb Available in Paging File | 89.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.94 Gb Total Space | 118.26 Gb Free Space | 79.40% Space Free | Partition Type: NTFS
 
Computer Name: NSUBASH | User Name: Subash | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/07 11:01:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Subash\Desktop\aswMBR.exe
PRC - [2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
PRC - [2014/03/14 17:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\ShowMyPCService\tvnserver.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/14 17:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 17:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 17:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 17:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2007/07/23 12:04:46 | 000,068,080 | ---- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/04 14:26:55 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/12 08:54:05 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/29 14:20:49 | 000,013,720 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe -- (GoToAssist)
SRV - [2014/01/22 07:19:36 | 000,203,088 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2014/01/22 07:19:16 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/12/18 22:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/12/17 03:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/10/10 15:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/10/24 10:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/07/08 06:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\ShowMyPCService\tvnserver.exe -- (tvnserver)
SRV - [2009/07/13 13:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/12/18 11:47:08 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe -- (MSSQL$UPSWSDBSERVER)
SRV - [2008/12/04 10:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2005/05/03 22:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlagent.EXE -- (SQLAgent$UPSWSDBSERVER)
SRV - [1999/03/17 10:37:28 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Ofps.exe -- (OmniForm Printer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Diag69xp.sys -- (Diag69xp)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Subash\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2014/04/07 09:19:05 | 000,030,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV - [2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2014/01/22 07:19:17 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/12/01 02:00:00 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/27 13:21:06 | 000,040,960 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2013/08/08 17:55:07 | 000,032,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2013/07/02 18:59:02 | 000,014,976 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbscan.sys -- (usbscan)
DRV - [2013/05/30 06:29:45 | 000,013,624 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/07/04 07:05:18 | 000,139,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/08/17 06:49:54 | 000,138,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\afd.sys -- (AFD)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/15 06:29:31 | 000,456,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\mrxsmb.sys -- (MRxSmb)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/08 07:02:00 | 000,010,496 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2011/04/21 06:37:43 | 000,105,472 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mup.sys -- (Mup)
DRV - [2011/02/17 06:18:03 | 000,357,888 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srv.sys -- (Srv)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/10/20 09:20:16 | 000,265,728 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\http.sys -- (HTTP)
DRV - [2009/06/24 04:18:41 | 000,092,928 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2009/05/03 18:57:54 | 000,130,688 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/18 04:02:23 | 000,030,336 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci)
DRV - [2008/08/18 16:03:28 | 000,079,960 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2008/08/18 15:20:06 | 004,752,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008/07/21 14:09:12 | 000,084,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 14:09:02 | 003,007,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/06/20 04:51:12 | 000,361,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip.sys -- (Tcpip)
DRV - [2008/04/14 10:43:22 | 000,040,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\termdd.sys -- (TermDD)
DRV - [2008/04/14 05:47:20 | 000,083,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmaud.sys -- (wdmaud)
DRV - [2008/04/14 05:45:56 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sysaudio.sys -- (sysaudio)
DRV - [2008/04/14 05:15:38 | 000,059,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbhub.sys -- (usbhub)
DRV - [2008/04/14 05:15:36 | 000,020,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/04/14 05:15:14 | 000,002,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/04/14 05:15:10 | 000,172,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kmixer.sys -- (kmixer)
DRV - [2008/04/14 05:15:10 | 000,056,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swmidi.sys -- (swmidi)
DRV - [2008/04/14 05:15:08 | 000,006,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\splitter.sys -- (splitter)
DRV - [2008/04/14 05:15:02 | 000,052,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DMusic.sys -- (DMusic)
DRV - [2008/04/14 05:11:24 | 000,018,560 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/04/14 05:11:24 | 000,008,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\i2omgmt.sys -- (i2omgmt)
DRV - [2008/04/14 05:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008/04/14 05:10:30 | 000,005,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\intelide.sys -- (IntelIde)
DRV - [2008/04/14 05:09:54 | 000,007,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSKSSRV.sys -- (MSKSSRV)
DRV - [2008/04/14 05:09:54 | 000,004,352 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swenum.sys -- (swenum)
DRV - [2008/04/14 05:09:52 | 000,005,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys -- (MSPCLOCK)
DRV - [2008/04/14 05:09:52 | 000,004,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSPQM.sys -- (MSPQM)
DRV - [2008/04/14 05:09:48 | 000,024,576 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdclass.sys -- (Kbdclass)
DRV - [2008/04/14 05:09:48 | 000,023,040 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mouclass.sys -- (Mouclass)
DRV - [2008/04/14 05:06:48 | 000,015,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/04/14 05:06:46 | 000,068,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pci.sys -- (PCI)
DRV - [2008/04/14 05:06:42 | 000,042,240 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/04/14 05:06:42 | 000,037,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/04/14 05:06:40 | 000,044,928 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AGPCPQ.SYS -- (agpCPQ)
DRV - [2008/04/14 05:06:40 | 000,042,752 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ALIM1541.SYS -- (alim1541)
DRV - [2008/04/14 05:06:40 | 000,042,368 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AGP440.SYS -- (agp440)
DRV - [2008/04/14 05:02:52 | 000,196,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/04/14 05:00:00 | 000,799,744 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008/04/14 05:00:00 | 000,574,976 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2008/04/14 05:00:00 | 000,384,768 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\update.sys -- (Update)
DRV - [2008/04/14 05:00:00 | 000,187,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\acpi.sys -- (ACPI)
DRV - [2008/04/14 05:00:00 | 000,182,656 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\ndis.sys -- (NDIS)
DRV - [2008/04/14 05:00:00 | 000,180,608 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2008/04/14 05:00:00 | 000,175,744 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\rdbss.sys -- (Rdbss)
DRV - [2008/04/14 05:00:00 | 000,162,816 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2008/04/14 05:00:00 | 000,153,344 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)
DRV - [2008/04/14 05:00:00 | 000,152,832 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipnat.sys -- (IpNat)
DRV - [2008/04/14 05:00:00 | 000,143,744 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008/04/14 05:00:00 | 000,129,792 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2008/04/14 05:00:00 | 000,120,192 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008/04/14 05:00:00 | 000,091,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2008/04/14 05:00:00 | 000,080,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\parport.sys -- (Parport)
DRV - [2008/04/14 05:00:00 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008/04/14 05:00:00 | 000,073,472 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sr.sys -- (sr)
DRV - [2008/04/14 05:00:00 | 000,069,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psched.sys -- (PSched)
DRV - [2008/04/14 05:00:00 | 000,066,048 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2008/04/14 05:00:00 | 000,064,512 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\serial.sys -- (Serial)
DRV - [2008/04/14 05:00:00 | 000,063,744 | ---- | M] () [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\cdfs.sys -- (Cdfs)
DRV - [2008/04/14 05:00:00 | 000,062,976 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2008/04/14 05:00:00 | 000,059,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atmarpc.sys -- (Atmarpc)
DRV - [2008/04/14 05:00:00 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\volsnap.sys -- (VolSnap)
DRV - [2008/04/14 05:00:00 | 000,051,328 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/04/14 05:00:00 | 000,048,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/04/14 05:00:00 | 000,044,544 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fips.sys -- (Fips)
DRV - [2008/04/14 05:00:00 | 000,042,368 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/04/14 05:00:00 | 000,042,112 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\imapi.sys -- (Imapi)
DRV - [2008/04/14 05:00:00 | 000,041,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2008/04/14 05:00:00 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - [2008/04/14 05:00:00 | 000,036,352 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 05:00:00 | 000,036,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/14 05:00:00 | 000,035,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msgpc.sys -- (Gpc)
DRV - [2008/04/14 05:00:00 | 000,034,688 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/04/14 05:00:00 | 000,034,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/04/14 05:00:00 | 000,032,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/04/14 05:00:00 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys -- (NwlnkFwd)
DRV - [2008/04/14 05:00:00 | 000,030,848 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\npfs.sys -- (Npfs)
DRV - [2008/04/14 05:00:00 | 000,030,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\modem.sys -- (Modem)
DRV - [2008/04/14 05:00:00 | 000,027,392 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\fdc.sys -- (Fdc)
DRV - [2008/04/14 05:00:00 | 000,021,896 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/04/14 05:00:00 | 000,020,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vga.sys -- (VgaSave)
DRV - [2008/04/14 05:00:00 | 000,020,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipinip.sys -- (IpInIp)
DRV - [2008/04/14 05:00:00 | 000,020,480 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\flpydisk.sys -- (Flpydisk)
DRV - [2008/04/14 05:00:00 | 000,019,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\partmgr.sys -- (PartMgr)
DRV - [2008/04/14 05:00:00 | 000,019,072 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/04/14 05:00:00 | 000,018,688 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdaudio.sys -- (Cdaudio)
DRV - [2008/04/14 05:00:00 | 000,016,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\raspti.sys -- (Raspti)
DRV - [2008/04/14 05:00:00 | 000,015,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (Serenum)
DRV - [2008/04/14 05:00:00 | 000,014,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/04/14 05:00:00 | 000,014,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2008/04/14 05:00:00 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/04/14 05:00:00 | 000,012,416 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkflt.sys -- (NwlnkFlt)
DRV - [2008/04/14 05:00:00 | 000,012,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/04/14 05:00:00 | 000,012,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/04/14 05:00:00 | 000,011,648 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2008/04/14 05:00:00 | 000,011,392 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\sfloppy.sys -- (Sfloppy)
DRV - [2008/04/14 05:00:00 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/04/14 05:00:00 | 000,010,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidusb.sys -- (hidusb)
DRV - [2008/04/14 05:00:00 | 000,008,832 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/04/14 05:00:00 | 000,007,936 | ---- | M] () [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/04/14 05:00:00 | 000,006,784 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)
DRV - [2008/04/14 05:00:00 | 000,005,888 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)
DRV - [2008/04/14 05:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rdpcdd.sys -- (RDPCDD)
DRV - [2008/04/14 05:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\mnmdd.sys -- (mnmdd)
DRV - [2008/04/14 05:00:00 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep)
DRV - [2008/04/14 05:00:00 | 000,002,944 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\null.sys -- (Null)
DRV - [2008/04/14 03:09:24 | 000,142,592 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aec.sys -- (aec)
DRV - [2008/04/14 00:17:38 | 000,025,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/04/14 00:15:40 | 000,026,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2008/04/13 17:10:28 | 000,057,600 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2007/07/23 12:05:20 | 000,009,104 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 12:04:58 | 000,037,360 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 12:04:56 | 000,098,448 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 12:04:56 | 000,093,552 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 12:04:54 | 000,027,216 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 12:04:52 | 000,032,848 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 12:04:52 | 000,016,304 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 12:04:50 | 000,108,752 | ---- | M] () [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 11:49:44 | 000,030,064 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 11:49:44 | 000,014,576 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/09/28 19:00:34 | 000,082,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd)
DRV - [2006/09/28 18:55:50 | 000,077,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2001/08/17 19:07:44 | 000,025,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\hpn.sys -- (hpn)
DRV - [2001/08/17 19:07:44 | 000,020,192 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dpti2o.sys -- (dpti2o)
DRV - [2001/08/17 19:07:42 | 000,005,504 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2hib.sys -- (perc2hib)
DRV - [2001/08/17 19:07:40 | 000,027,296 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\perc2.sys -- (perc2)
DRV - [2001/08/17 19:07:38 | 000,056,960 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78xx.sys -- (aic78xx)
DRV - [2001/08/17 19:07:36 | 000,055,168 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aic78u2.sys -- (aic78u2)
DRV - [2001/08/17 18:52:50 | 000,125,056 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftdisk.sys -- (Ftdisk)
DRV - [2001/08/17 18:52:16 | 000,040,448 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql1240.sys -- (ql1240)
DRV - [2001/08/17 18:52:16 | 000,033,152 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ql10wnt.sys -- (Ql10wnt)
DRV - [2001/08/17 18:52:16 | 000,014,720 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dac960nt.sys -- (dac960nt)
DRV - [2001/08/17 18:52:08 | 000,016,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ini910u.sys -- (ini910u)
DRV - [2001/08/17 18:52:08 | 000,013,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2001/08/17 18:52:08 | 000,013,952 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cbidf2k.sys -- (cbidf)
DRV - [2001/08/17 18:52:06 | 000,014,976 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cpqarray.sys -- (Cpqarray)
DRV - [2001/08/17 18:52:06 | 000,007,680 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\cd20xrnt.sys -- (cd20xrnt)
DRV - [2001/08/17 18:52:04 | 000,022,400 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\asc3350p.sys -- (asc3350p)
DRV - [2001/08/17 18:52:04 | 000,012,032 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\amsint.sys -- (amsint)
DRV - [2001/08/17 18:52:02 | 000,012,800 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\aha154x.sys -- (Aha154x)
DRV - [2001/08/17 18:52:00 | 000,023,552 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ABP480N5.SYS -- (abp480n5)
DRV - [2001/08/17 18:51:56 | 000,004,992 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\toside.sys -- (TosIde)
DRV - [2001/08/17 18:51:52 | 000,003,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde)
DRV - [2001/08/17 06:59:44 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\audstub.sys -- (audstub)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {45E8943A-03DC-4A91-A9A3-2457C4B0740A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{45E8943A-03DC-4A91-A9A3-2457C4B0740A}: "URL" = http://www.google.co...1I7AURU_enUS502
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/01/28 17:08:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/04/07 08:10:13 | 000,000,000 | ---D | M]
 
[2012/02/14 15:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Extensions
[2013/06/04 12:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions
[2012/11/19 17:10:04 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Subash\Application Data\Mozilla\Firefox\Profiles\xsxu6q43.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/04/18 16:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 10:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Subash\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/04/07 08:59:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NA1Messenger] C:\UPS\WSTD\UPSNA1Msgr.exe ()
O4 - HKLM..\Run: [tvncontrol] C:\Program Files\ShowMyPCService\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\RunServicesOnce: [FAXPrint] C:\WINDOWS\System32\awadpr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk = C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\WSTD\wstdPldReminder.exe (UPS)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1248132281578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.or...indows-i586.cab (Java Plug-in 10.51.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.192.11 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aeroproductsco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C44912-03C0-4394-8874-C95241E87D13}: DhcpNameServer = 192.168.192.11 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\896\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Subash/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Subash\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 14:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 14:29:34 | 000,000,000 | ---- | M] () - C:\autoexec.old -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/07 12:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2014/04/07 11:02:24 | 000,409,600 | ---- | C] (Farbar) -- C:\Documents and Settings\Subash\Desktop\FSS.exe
[2014/04/07 11:01:28 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Subash\Desktop\aswMBR.exe
[2014/04/07 08:21:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/04/07 08:18:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/07 08:18:14 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Subash\Desktop\JRT.exe
[2014/04/07 08:10:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/06 12:23:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 09:51:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Subash\Recent
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/04/04 14:26:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/04/04 14:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/04 13:37:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/04/04 13:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2014/04/04 13:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/04/04 13:37:08 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/04 13:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/04 13:36:51 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/04/04 13:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/04/04 13:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014/04/04 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/04/04 13:27:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Subash\Start Menu\Programs\CleanUp!
[2014/04/04 13:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/07 11:02:06 | 000,409,600 | ---- | M] (Farbar) -- C:\Documents and Settings\Subash\Desktop\FSS.exe
[2014/04/07 11:01:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Subash\Desktop\aswMBR.exe
[2014/04/07 10:59:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/07 10:59:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/07 10:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/07 10:54:14 | 168,521,728 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2014/04/07 09:19:19 | 000,000,253 | ---- | M] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2014/04/07 09:19:11 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2014/04/07 09:19:05 | 000,030,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/07 09:19:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 08:59:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/04/07 08:17:30 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Subash\Desktop\JRT.exe
[2014/04/07 08:16:46 | 001,426,178 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
[2014/04/07 07:54:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/06 16:56:06 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/06 12:23:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Subash\Desktop\OTL.exe
[2014/04/06 10:19:02 | 000,001,014 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 17:54:16 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 14:26:55 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:41:13 | 000,536,398 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/04 13:41:13 | 000,112,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/04/04 13:37:14 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:01 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/04 09:54:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/03 09:51:06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/04/02 13:39:57 | 000,001,172 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/01 11:20:59 | 000,056,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/25 07:15:19 | 000,000,446 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\scandoc on Aero.lnk
[2014/03/24 15:33:13 | 008,126,464 | ---- | M] () -- C:\Documents and Settings\Subash\Desktop\Bidops.mdb
[2014/03/17 07:08:51 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/03/14 16:37:20 | 000,348,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\Documents and Settings\Subash\*.tmp files -> C:\Documents and Settings\Subash\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/07 08:18:14 | 001,426,178 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\AdwCleaner.exe
[2014/04/06 10:19:02 | 000,001,014 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2014/04/04 14:27:00 | 000,030,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2014/04/04 14:26:55 | 000,001,612 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/04/04 13:37:14 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/04/04 13:36:56 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/04 13:35:47 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2014/04/02 13:39:57 | 000,001,172 | ---- | C] () -- C:\Documents and Settings\Subash\Desktop\Your Private Key.bin
[2014/04/02 11:15:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/04/01 11:20:59 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\48e909b1a349b297.sys
[2014/03/26 15:58:05 | 000,500,548 | ---- | C] () -- C:\Documents and Settings\Subash\My Documents\Payroll Change Form.exe
[2014/01/21 12:26:24 | 000,002,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2013/12/16 12:53:57 | 000,000,071 | ---- | C] () -- C:\WINDOWS\inspectr.ini
[2013/12/16 12:09:02 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Subash\PUTTY.RND
[2013/10/09 11:28:58 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbscan.sys
[2013/06/13 15:06:55 | 000,027,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\revoflt.sys
[2013/05/09 16:04:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2013/05/09 16:04:14 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\JinPanel.dll
[2013/03/27 07:20:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Subash\Application Data\wklnhst.dat
[2012/12/06 17:41:38 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2012/12/06 17:40:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2012/04/10 12:14:19 | 000,000,140 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2012/04/10 12:14:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2012/04/10 12:14:07 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2012/04/10 12:14:04 | 000,031,261 | ---- | C] () -- C:\WINDOWS\HL-5340D.INI
[2012/04/10 12:14:01 | 000,025,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprint.sys
[2012/04/10 12:13:33 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/04/10 12:13:33 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/04/10 12:13:32 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM08A.DAT
[2012/04/10 12:13:11 | 000,000,268 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/02/08 15:12:18 | 000,001,240 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\FASTWiz.html
[2009/07/21 14:28:37 | 000,001,248 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/07/20 16:20:13 | 004,718,592 | -H-- | C] () -- C:\Documents and Settings\Subash\NTUSER.bak
[2009/07/20 16:20:13 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Subash\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008/04/25 14:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 21:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 05:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/04/04 14:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/04/07 07:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2014/02/05 16:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2011/01/20 07:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NovaRad
[2009/06/26 11:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2014/02/05 16:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/19 16:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Centra
[2012/11/19 17:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Saba
[2014/02/05 17:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TeamViewer
[2013/03/27 07:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Template
[2014/03/03 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\TightVNC
[2012/02/27 08:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\webex
[2009/07/20 16:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Subash\Application Data\Windows Search
 
========== Purity Check ==========
 
 
 
< End of report >
 

  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

Whoa. What happened here now? There seems now that all system files are damaged. We are going to upload a file to Virustotal and check which infection caused that. It looks like a File Infector. Oh no ... 

 

1. First I want you to upload the file C:\WINDOWS\system32\Drivers\afd.sys  to Virustotal

2. If the file has already been analysed a windows will appear, then click on the Reanalyse button
3. When the Scan is finished please post the link (you can copy it from address bar in your browser) in your next reply


  • 1






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP