Jump to content


 

Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to remove Easylife search app

Started by ehrengraf , Feb 19 2013 03:11 PM

  • This topic is locked This topic is locked
14 replies to this topic

#1 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 February 2013 - 03:11 PM

Hello, I have tried a number of removal tools and have been unable to remove it from my computer. I would like to also remove any other junk that can be removed at the same time. Any help would be appreciated, thanks very much for your time in advance.

 

Log details from DDS:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16457
Run by Barkley at 21:02:46 on 2013-02-19
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.1.1033.18.2046.935 [GMT 1:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Users\Barkley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barkley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barkley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barkley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Barkley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://search.easylifeapp.com/?pid=724&r=2013/02/18&hid=2979317692&lg=EN&cc=DE
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeBridge] <no file>
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [gbrspcontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{94761BB7-AF3F-4437-B498-1FF0A72DB41B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94761BB7-AF3F-4437-B498-1FF0A72DB41B}\5416379724F687D2634314244313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94761BB7-AF3F-4437-B498-1FF0A72DB41B}\54862756E676271666 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{967A571A-FBF9-414F-8516-2A22C22D655C} : DHCPNameServer = 10.143.147.147 10.143.147.148
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-9-3 35064]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2011-12-19 19632]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494416]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 36072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-2-14 70352]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-1-15 1851088]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-19 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-19 682344]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-30 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-19 21104]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-1-17 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-17 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-12-31 1343400]
.
=============== Created Last 30 ================
.
2013-02-19 20:00:25    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{786fdad2-75d8-43b6-a76f-7505fa0c33d2}\offreg.dll
2013-02-19 19:53:35    6823496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-02-19 19:53:27    6991832    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{786fdad2-75d8-43b6-a76f-7505fa0c33d2}\mpengine.dll
2013-02-19 14:43:48    --------    d-----w-    c:\users\barkley\appdata\local\CrashDumps
2013-02-19 14:41:24    --------    d-----w-    c:\users\barkley\appdata\roaming\SUPERAntiSpyware.com
2013-02-19 14:40:54    --------    d-----w-    c:\users\barkley\appdata\local\NPE
2013-02-19 14:40:53    --------    d-----w-    c:\programdata\Norton
2013-02-19 14:40:28    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-02-19 14:40:28    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-02-19 14:33:58    --------    d-----w-    c:\users\barkley\appdata\local\VS Revo Group
2013-02-19 14:33:38    --------    d-----w-    c:\programdata\VS Revo Group
2013-02-19 13:33:18    --------    d-----w-    c:\windows\system32\appmgmt
2013-02-19 13:33:12    --------    d-----w-    c:\users\barkley\appdata\roaming\Malwarebytes
2013-02-19 13:33:04    --------    d-----w-    c:\programdata\Malwarebytes
2013-02-19 13:33:03    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-19 13:33:03    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-19 13:14:25    --------    d-----w-    c:\users\barkley\appdata\roaming\PDAppFlex
2013-02-19 13:09:59    --------    d-----w-    c:\program files\Enigma Software Group
2013-02-19 13:09:49    --------    d-----w-    c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-02-19 13:09:46    --------    d-----w-    c:\program files\common files\Wise Installation Wizard
2013-02-19 11:41:32    81920    ----a-w-    c:\windows\eSellerateControl350.dll
2013-02-19 11:41:32    356352    ----a-w-    c:\windows\eSellerateEngine.dll
2013-02-19 11:41:32    274432    ----a-w-    c:\windows\system32\ssleay32.dll
2013-02-19 11:41:32    1122304    ----a-w-    c:\windows\system32\libeay32.dll
2013-02-19 11:41:32    --------    d-----w-    c:\program files\Search Easylife App Removal Tool
2013-02-19 11:40:43    --------    d-----w-    c:\users\barkley\appdata\local\Programs
2013-02-19 11:17:56    --------    d-----w-    c:\programdata\PC Tools
2013-02-19 11:17:55    --------    d-----w-    c:\users\barkley\appdata\roaming\TestApp
2013-02-19 10:59:33    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-02-19 10:58:36    --------    d-----w-    c:\users\barkley\appdata\local\temp
2013-02-19 10:44:53    98816    ----a-w-    c:\windows\sed.exe
2013-02-19 10:44:53    256000    ----a-w-    c:\windows\PEV.exe
2013-02-19 10:44:53    208896    ----a-w-    c:\windows\MBR.exe
2013-02-18 23:29:37    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2013-02-18 21:32:24    --------    d-----w-    c:\users\barkley\appdata\roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-02-18 21:32:19    --------    d-----w-    c:\program files\Adobe Download Assistant
2013-02-16 12:22:13    --------    d-----w-    C:\hq3
2013-02-15 19:12:34    --------    d-----w-    c:\program files\common files\COMODO
2013-02-14 09:03:34    --------    d-----w-    C:\hq2
2013-02-04 09:37:36    --------    d-----w-    c:\users\barkley\appdata\local\DOSBox
2013-02-04 09:37:28    --------    d-----w-    c:\program files\DOSBox-0.74
2013-02-04 09:35:27    --------    d-----w-    C:\Hero
2013-02-01 10:32:43    26840    ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2013-02-01 10:31:36    --------    d-----w-    c:\program files\iPod
2013-02-01 10:31:26    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-02-01 10:31:26    --------    d-----w-    c:\program files\iTunes
2013-01-31 16:29:40    295424    ----a-w-    c:\windows\system32\atmfd.dll
2013-01-31 16:29:39    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-01-31 16:02:09    5120    ----a-w-    c:\windows\system32\wmi.dll
2013-01-31 16:02:09    19824    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2013-01-31 16:02:09    159232    ----a-w-    c:\windows\system32\imagehlp.dll
2013-01-31 16:01:33    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2013-01-31 15:57:02    --------    d-----r-    c:\program files\Skype
2013-01-31 15:47:56    769024    ----a-w-    c:\windows\system32\localspl.dll
2013-01-31 15:47:53    140288    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-01-31 15:47:53    1159680    ----a-w-    c:\windows\system32\crypt32.dll
2013-01-31 15:47:53    103936    ----a-w-    c:\windows\system32\cryptnet.dll
2013-01-31 15:47:11    8192    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2013-01-31 15:47:11    58880    ----a-w-    c:\windows\system32\rdpwsx.dll
2013-01-31 15:47:11    129536    ----a-w-    c:\windows\system32\rdpcorekmts.dll
2013-01-31 15:45:59    919040    ----a-w-    c:\windows\system32\rdpcorets.dll
2013-01-31 15:45:59    183808    ----a-w-    c:\windows\system32\drivers\rdpwd.sys
2013-01-31 15:45:58    376832    ----a-w-    c:\windows\system32\dpnet.dll
2013-01-31 15:45:57    1389568    ----a-w-    c:\windows\system32\msxml6.dll
2013-01-31 15:45:56    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-01-31 15:45:55    78336    ----a-w-    c:\windows\system32\synceng.dll
2013-01-31 15:36:55    2048    ----a-w-    c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2013-02-08 00:54:26    74096    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 00:54:26    697712    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-17 00:28:58    232336    ------w-    c:\windows\system32\MpSigStub.exe
2012-11-23 02:56:23    2345984    ----a-w-    c:\windows\system32\win32k.sys
2012-11-23 02:48:41    49152    ----a-w-    c:\windows\system32\taskhost.exe
.
============= FINISH: 21:03:49.27 ===============
 

 

 

Attached Files


 

  • BC Ads
  • BleepingComputer.com

#2 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 19 February 2013 - 03:34 PM

Good evening. smile.png

Please download AdwCleaner by Xplode from here and save it to your Desktop.
 

  • Close all open programs, including browsers.
  • Double click adwcleaner.exe to begin.
  • Click on Search and, once complete, let me have the contents of the text that opens.
  • A copy of the text file will be saved to C:\AdwCleaner[R*].txt - make sure you post the file with the biggest "R" number.

 


Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#3 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 February 2013 - 03:41 PM

Thanks for your quick reply.

 

 

 

# AdwCleaner v2.112 - Logfile created 02/19/2013 at 21:40:19
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Enterprise Service Pack 1 (32 bits)
# User : Barkley - BARKLEY-PC
# Boot Mode : Normal
# Running from : C:\Users\Barkley\Downloads\adwcleaner0 (1).exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
Key Found : HKLM\Software\SProtector
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16457
 
[OK] Registry is clean.
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Barkley\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [6697 octets] - [19/02/2013 15:21:11]
AdwCleaner[R2].txt - [6757 octets] - [19/02/2013 15:22:57]
AdwCleaner[R3].txt - [827 octets] - [19/02/2013 21:40:19]
AdwCleaner[S1].txt - [6858 octets] - [19/02/2013 15:23:13]
 
########## EOF - C:\AdwCleaner[R3].txt - [946 octets] ##########

#4 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 19 February 2013 - 03:57 PM

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#5 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 February 2013 - 05:48 PM

ESET results....

 

 

 

C:\Users\Barkley\Downloads\iSkysoft_Video_Converter_2.2.0.0_Warez-BB.rar    a variant of Win32/Keygen.AT application
C:\Users\Barkley\Downloads\video-converter-ultimate_full975.exe    Win32/OpenCandy application

#6 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 19 February 2013 - 06:04 PM

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#7 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 19 February 2013 - 06:22 PM

Running the scan now. Unfortunately it's after midnight in Berlin so I will post the results in about 7 hours. Thanks again for your help.

Schönen Abend.

Luca

#8 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 February 2013 - 01:48 AM

OTL

 

 

 

 

OTL logfile created on: 2/20/2013 12:15:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barkley\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 55.92% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 1.51 Gb Free Space | 1.55% Space Free | Partition Type: NTFS
Drive E: | 135.13 Gb Total Space | 48.70 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
 
Computer Name: BARKLEY-PC | User Name: Barkley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/20 00:14:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Barkley\Downloads\OTL.scr
PRC - [2013/02/14 10:48:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe
PRC - [2013/01/15 09:59:28 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/08 00:37:37 | 001,990,464 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/05/15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 06:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/02/20 11:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 11:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/02/14 10:48:36 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)
SRV - [2013/02/08 01:54:40 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/15 09:59:28 | 001,851,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/08 00:37:37 | 001,990,464 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2012/07/22 08:41:56 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/05/15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/31 09:03:56 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Barkley\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Barkley\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/08 00:37:56 | 000,082,952 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012/11/08 00:37:55 | 000,036,072 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/11/08 00:37:54 | 000,494,416 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2012/11/08 00:37:52 | 000,019,632 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2012/09/03 08:20:00 | 000,035,064 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/05/15 11:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/08/02 06:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/?pid=724&r=2013/02/18&hid=2979317692&lg=EN&cc=DE
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=724&r=2013/02/18&hid=2979317692&lg=EN&cc=DE
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.chatzum.com/?q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 C3 07 6D 00 3E CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=724&r=2013/02/18&hid=2979317692&lg=EN&cc=DE
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Barkley\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Barkley\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012/03/19 22:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Barkley\AppData\Roaming\Mozilla\Firefox\extensions
[2012/03/19 22:18:22 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\Barkley\AppData\Roaming\Mozilla\Firefox\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
 
========== Chrome  ==========
 
CHR - default_search_provider: EasyLife (Enabled)
CHR - default_search_provider: suggest_url = none
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Barkley\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Barkley\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Barkley\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Barkley\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2013/02/19 11:58:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94761BB7-AF3F-4437-B498-1FF0A72DB41B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{967A571A-FBF9-414F-8516-2A22C22D655C}: DhcpNameServer = 10.143.147.147 10.143.147.148
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/19 22:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/19 15:43:48 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Local\CrashDumps
[2013/02/19 15:41:24 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/19 15:40:54 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Local\NPE
[2013/02/19 15:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/02/19 15:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/19 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/19 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/19 15:33:58 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Local\VS Revo Group
[2013/02/19 15:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/02/19 14:33:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013/02/19 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Roaming\Malwarebytes
[2013/02/19 14:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/19 14:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/19 14:33:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/19 14:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/19 14:14:25 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Roaming\PDAppFlex
[2013/02/19 14:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/02/19 14:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/02/19 12:41:32 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\libeay32.dll
[2013/02/19 12:41:32 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/02/19 12:41:32 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\System32\ssleay32.dll
[2013/02/19 12:41:32 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/02/19 12:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\Search Easylife App Removal Tool
[2013/02/19 12:40:43 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Local\Programs
[2013/02/19 12:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/19 12:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/02/19 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Roaming\TestApp
[2013/02/19 12:01:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/19 11:59:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/19 11:58:36 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Local\temp
[2013/02/19 11:44:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/19 11:44:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/19 11:44:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/19 11:43:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/19 11:43:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/19 11:42:16 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Barkley\Desktop\ComboFix.exe
[2013/02/19 00:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/02/18 22:35:51 | 000,000,000 | ---D | C] -- C:\Users\Barkley\Desktop\Adobe Photoshop CS6
[2013/02/18 22:32:24 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/02/18 22:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2013/02/18 22:32:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2013/02/16 13:22:13 | 000,000,000 | ---D | C] -- C:\hq3
[2013/02/15 20:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO
[2013/02/14 10:03:34 | 000,000,000 | ---D | C] -- C:\hq2
[2013/02/04 10:37:36 | 000,000,000 | ---D | C] -- C:\Users\Barkley\AppData\Local\DOSBox
[2013/02/04 10:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
[2013/02/04 10:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\DOSBox-0.74
[2013/02/04 10:35:27 | 000,000,000 | ---D | C] -- C:\Hero
[2013/02/01 11:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/02/01 11:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/02/01 11:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/02/01 11:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/01 11:29:10 | 000,000,000 | ---D | C] -- C:\Users\Barkley\Desktop\Run music
[2013/02/01 00:49:05 | 000,000,000 | ---D | C] -- C:\Users\Barkley\Desktop\Nazi Germany
[2013/01/31 17:29:40 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/31 17:29:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/31 17:20:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/31 17:20:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/31 17:20:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/31 17:20:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/31 17:20:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/31 17:20:53 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/31 17:20:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/31 17:20:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/31 17:01:33 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2013/01/31 16:57:02 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/01/31 16:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/31 16:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/31 16:48:12 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/31 16:48:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/31 16:48:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/31 16:48:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/31 16:48:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/31 16:48:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/31 16:48:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/31 16:48:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/31 16:48:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/31 16:48:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/31 16:48:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/31 16:48:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/31 16:48:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/31 16:47:11 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013/01/31 16:47:11 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013/01/31 16:47:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2013/01/31 16:46:50 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2013/01/31 16:46:25 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/01/31 16:46:17 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/01/31 16:46:17 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/01/31 16:46:14 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/31 16:46:13 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2013/01/31 16:46:09 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013/01/31 16:46:09 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/01/31 16:46:05 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013/01/31 16:46:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013/01/31 16:46:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/31 16:46:00 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/31 16:45:59 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013/01/31 16:45:58 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/31 16:45:55 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/01/31 16:36:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/01/31 14:20:57 | 000,000,000 | ---D | C] -- C:\Users\Barkley\Desktop\Invoices Berlin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/20 00:15:51 | 001,474,832 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/19 23:54:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/19 23:26:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1297470398-401614444-1456284907-1000UA.job
[2013/02/19 21:20:25 | 000,015,695 | ---- | M] () -- C:\Users\Barkley\Desktop\bull narrow horns.jpg
[2013/02/19 20:57:17 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 20:57:16 | 000,015,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/19 20:50:24 | 000,659,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/19 20:50:24 | 000,120,714 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/19 20:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/19 20:45:47 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/19 15:41:03 | 000,001,234 | ---- | M] () -- C:\Users\Barkley\Desktop\Spybot - Search & Destroy.lnk
[2013/02/19 15:40:50 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/19 14:33:05 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/19 14:15:56 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Barkley-PC-Barkley.job
[2013/02/19 14:15:22 | 000,013,677 | ---- | M] () -- C:\Users\Barkley\Desktop\bull.jpg
[2013/02/19 12:11:46 | 000,002,378 | ---- | M] () -- C:\Users\Barkley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/19 12:11:46 | 000,002,376 | ---- | M] () -- C:\Users\Barkley\Desktop\Google Chrome.lnk
[2013/02/19 11:58:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/19 11:42:45 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Barkley\Desktop\ComboFix.exe
[2013/02/19 07:48:15 | 003,682,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/19 00:33:42 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1297470398-401614444-1456284907-1000Core.job
[2013/02/18 22:32:19 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013/02/18 22:23:27 | 000,043,142 | ---- | M] () -- C:\Users\Barkley\Desktop\ic.jpg
[2013/02/18 22:22:37 | 000,002,843 | ---- | M] () -- C:\Users\Barkley\Desktop\si.jpg
[2013/02/17 15:13:16 | 000,036,183 | ---- | M] () -- C:\Users\Barkley\Desktop\huey.jpg
[2013/02/17 10:43:58 | 000,446,927 | ---- | M] () -- C:\Users\Barkley\Desktop\photo.JPG
[2013/02/16 11:23:02 | 000,081,018 | ---- | M] () -- C:\Users\Barkley\Desktop\awkward.jpg
[2013/02/15 20:12:35 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/02/08 01:54:26 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/08 01:54:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/05 15:41:39 | 000,184,542 | ---- | M] () -- C:\Users\Barkley\Desktop\antwerp.jpg
[2013/02/04 10:37:29 | 000,001,864 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013/02/04 10:34:28 | 002,506,536 | ---- | M] () -- C:\Users\Barkley\Desktop\heroq.zip
[2013/02/01 13:59:55 | 000,101,879 | ---- | M] () -- C:\Users\Barkley\Desktop\seymour.jpg
[2013/02/01 12:04:22 | 000,001,103 | ---- | M] () -- C:\Users\Barkley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/02/01 11:32:51 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/19 21:20:24 | 000,015,695 | ---- | C] () -- C:\Users\Barkley\Desktop\bull narrow horns.jpg
[2013/02/19 15:41:03 | 000,001,234 | ---- | C] () -- C:\Users\Barkley\Desktop\Spybot - Search & Destroy.lnk
[2013/02/19 15:40:50 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/19 14:33:05 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/19 14:15:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\AdobeAAMUpdater-1.0-Barkley-PC-Barkley.job
[2013/02/19 14:15:21 | 000,013,677 | ---- | C] () -- C:\Users\Barkley\Desktop\bull.jpg
[2013/02/19 12:11:46 | 000,002,378 | ---- | C] () -- C:\Users\Barkley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/19 12:11:46 | 000,002,376 | ---- | C] () -- C:\Users\Barkley\Desktop\Google Chrome.lnk
[2013/02/19 11:44:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/19 11:44:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/19 11:44:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/19 11:44:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/19 11:44:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/19 00:29:19 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013/02/19 00:27:17 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013/02/19 00:24:47 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/02/19 00:24:27 | 000,001,477 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/02/18 22:32:19 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2013/02/18 22:32:19 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2013/02/18 22:23:27 | 000,043,142 | ---- | C] () -- C:\Users\Barkley\Desktop\ic.jpg
[2013/02/18 22:22:33 | 000,002,843 | ---- | C] () -- C:\Users\Barkley\Desktop\si.jpg
[2013/02/17 15:13:16 | 000,036,183 | ---- | C] () -- C:\Users\Barkley\Desktop\huey.jpg
[2013/02/17 10:43:35 | 000,446,927 | ---- | C] () -- C:\Users\Barkley\Desktop\photo.JPG
[2013/02/16 11:21:54 | 000,081,018 | ---- | C] () -- C:\Users\Barkley\Desktop\awkward.jpg
[2013/02/05 15:41:20 | 000,184,542 | ---- | C] () -- C:\Users\Barkley\Desktop\antwerp.jpg
[2013/02/04 10:37:29 | 000,001,864 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk
[2013/02/04 10:34:21 | 002,506,536 | ---- | C] () -- C:\Users\Barkley\Desktop\heroq.zip
[2013/02/01 13:59:54 | 000,101,879 | ---- | C] () -- C:\Users\Barkley\Desktop\seymour.jpg
[2013/02/01 11:32:51 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/31 13:59:07 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/07/16 02:31:18 | 000,009,695 | ---- | C] () -- C:\Users\Barkley\AppData\Local\recently-used.xbel
[2012/01/17 05:42:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012/01/17 05:41:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/30 00:10:15 | 001,474,832 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011/12/29 23:58:17 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >

Extras

 

 

 

 

OTL Extras logfile created on: 2/20/2013 12:15:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Barkley\Downloads
 Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 55.92% Memory free
4.00 Gb Paging File | 2.94 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.66 Gb Total Space | 1.51 Gb Free Space | 1.55% Space Free | Partition Type: NTFS
Drive E: | 135.13 Gb Total Space | 48.70 Gb Free Space | 36.04% Space Free | Partition Type: NTFS
 
Computer Name: BARKLEY-PC | User Name: Barkley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16473E39-E1D3-499C-9785-EFB66B8BFA80}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1C668B9B-70A6-49D4-BB92-F674A6FAA86D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{24E566A4-364D-4272-8B96-274FA7D261A1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2662A178-2C72-4ACD-B862-7826C5567B43}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{39D1044A-ADAE-41F8-B621-B11C3928D4AB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{487B3DC5-0195-4375-A422-790BF3CAC2AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A3567AE-5673-4307-9CB7-BC65776E9499}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7067F691-F15B-4160-9DA9-3FA91CAB3FF4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7214B67E-67FA-4B38-B15C-1510654AD624}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7F5DD9BB-1823-42AF-B73C-630A25B16DAB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{81550D6F-5807-46FC-885C-C8B4C056F51F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8DB0EF98-9999-43D4-884D-77C55FE6C902}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9F4D36CD-7739-4CD9-9E5C-DAFFF4DCCF2C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9F6463F8-EF6B-40CD-AF42-02A194FB01AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE4041EB-922E-4272-B29A-B9077BC2ABD4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CDB8D184-6813-4B02-9A65-4A5889E7D086}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D09A641E-BCE3-4306-AA0A-45F8639A99A5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DE874C8A-6F46-4DCF-BCD6-68D1E0A50392}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E1A188E4-CE80-499A-B7FB-13A98F99F77B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ECF047EE-CF64-432B-9878-1F6B9AB44B3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F0253516-400E-449C-825C-A358E66DE6DB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B86349-D68B-44E8-A0E5-ADF564275E24}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{0ADD878E-2109-4733-9D18-CECB391C4E82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B250810-8A90-47F9-AAFB-E545A9A6111A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1AB242B4-1B84-4CA0-8BFD-7A0E6C0A365F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{23C9C963-C0DA-453C-ACFC-74E662CA0B21}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{276DFDFB-17E8-4A28-B5F9-F09698CA94C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{28016212-9A6E-4260-9538-22019E724804}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{29F16C53-4C0B-4A8D-B8B9-277BF8F312BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2FAFDC72-B0F2-4C9A-9F70-318EDB0FDB9E}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{44B9B7B7-1FC4-4071-B48E-0C530EC854CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4C140645-B295-4DCB-A2C8-2A739774B320}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4DD218AD-6113-4EEE-9F87-1953C597EC15}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{675B8EE8-E5EC-4972-B2B9-652AAE276BD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{705DE587-ACB5-498D-8FDA-3BA17CF91DEE}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{7629ED41-B4F4-4088-AC3E-B9BFCEF52D6A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{79919310-6BAF-4F35-AC6B-2E7E5FE35719}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F32F4EC-0009-46DC-BFB6-9EC7688745F7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7FC07F91-32A6-40B7-B758-A97DD0859AE5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{7FF1049E-7675-45E5-88C0-2347A165A724}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{80A06F9E-57C5-4EEA-A098-52992F710108}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{87E57E8C-9E94-4CF7-9A7F-6532F7E7E2A2}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{960E8121-94D3-4D83-9328-45FA0CE18278}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9B52240E-B704-4F88-A551-8E3690A73AC8}" = protocol=6 | dir=out | app=system | 
"{9ECB98AB-B270-4F0E-9C15-3C6FA7D09F4A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A56378DC-9739-464A-B765-C2FE014FFDCE}" = protocol=17 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe | 
"{C29A3831-2103-4C88-9E6F-A5F1B218F065}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{C7BA6827-11F0-4DFA-B4E9-964D1432B175}" = protocol=6 | dir=in | app=c:\program files\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{EABCCD76-AA64-4353-A362-F679114DAAE2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F4DC2D1C-A9F5-4AF5-B443-86E40B3DB598}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6098B70-B924-46D5-98C9-4576A3C031E4}" = protocol=6 | dir=in | app=c:\program files\common files\comodo\geekbuddyrsp.exe | 
"{F83EC17A-9608-42CC-9571-7626C65F582D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{18193053-030D-4FF0-B462-B037A2DF82B5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{ABD5E4EF-31BB-4E30-A5C2-633E06100D71}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4F2B6546-276A-422D-ADA2-0E72775A48AB}" = GeekBuddy
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770103E9-E1C3-48C9-812B-2982C7070575}_is1" = Pazera Free MOV to AVI Converter 1.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Comodo Dragon" = Comodo Dragon
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"FileZilla Client" = FileZilla Client 3.5.3
"GIMP-2_is1" = GIMP 2.8.0
"HandBrake" = HandBrake 0.9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PokerStars" = PokerStars
"Steam App 32430" = Star Wars: The Force Unleashed
"VLC media player" = VLC media player 1.1.11
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/19/2013 9:33:08 AM | Computer Name = Barkley-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 2/19/2013 10:12:39 AM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.66.83.42, time stamp:
 0x511af576  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x31504247  Faulting process id: 0xcf0  Faulting application
 start time: 0x01ce0eab2be0524d  Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
 module path: unknown  Report Id: 6aaa824f-7a9e-11e2-9ed1-001b24fe3125
 
Error - 2/19/2013 10:25:14 AM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.66.83.42, time stamp:
 0x511af576  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x31504247  Faulting process id: 0x8dc  Faulting application
 start time: 0x01ce0eaced27eb49  Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
 module path: unknown  Report Id: 2c91977c-7aa0-11e2-84e1-001b24fe3125
 
Error - 2/19/2013 10:33:49 AM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ruplp.exe, version: 3.1.3.621, time stamp:
 0x4fce260e  Faulting module name: KERNELBASE.dll, version: 6.1.7601.17965, time stamp:
 0x506dbd3f  Exception code: 0x0eedfade  Fault offset: 0x0000c6e3  Faulting process id:
 0xfdc  Faulting application start time: 0x01ce0eae1f441927  Faulting application path:
 C:\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe  Faulting module path:
 C:\Windows\system32\KERNELBASE.dll  Report Id: 5f74cfef-7aa1-11e2-84e1-001b24fe3125
 
Error - 2/19/2013 10:36:01 AM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.66.83.42, time stamp:
 0x511af576  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x31504247  Faulting process id: 0xba8  Faulting application
 start time: 0x01ce0eae6a936dbd  Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
 module path: unknown  Report Id: ae1e916e-7aa1-11e2-bd57-001b24fe3125
 
Error - 2/19/2013 10:39:43 AM | Computer Name = Barkley-PC | Source = Application Hang | ID = 1002
Description = The program SpybotSD.exe version 1.6.2.46 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 3b0    Start
 Time: 01ce0eaeef04fdc0    Termination Time: 15    Application Path: C:\Program Files\Spybot
 - Search & Destroy\SpybotSD.exe    Report Id: 313bec5f-7aa2-11e2-bd57-001b24fe3125  
 
Error - 2/19/2013 10:43:26 AM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.66.83.42, time stamp:
 0x511af576  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x31504247  Faulting process id: 0x8b0  Faulting application
 start time: 0x01ce0eaf73401730  Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
 module path: unknown  Report Id: b74c4ce8-7aa2-11e2-bed4-001b24fe3125
 
Error - 2/19/2013 10:44:27 AM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nvtray.exe, version: 7.17.13.142, time 
stamp: 0x4fb212f3  Faulting module name: nvtray.exe, version: 7.17.13.142, time stamp:
 0x4fb212f3  Exception code: 0x40000015  Fault offset: 0x00101ae9  Faulting process id:
 0xe58  Faulting application start time: 0x01ce0eaf763c30e8  Faulting application path:
 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe  Faulting module path: C:\Program
 Files\NVIDIA Corporation\Display\nvtray.exe  Report Id: dbbb5d80-7aa2-11e2-bed4-001b24fe3125
 
Error - 2/19/2013 3:46:31 PM | Computer Name = Barkley-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Steam.exe, version: 1.66.83.42, time stamp:
 0x511af576  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x31504247  Faulting process id: 0xb10  Faulting application
 start time: 0x01ce0ed9cf0102be  Faulting application path: C:\Program Files\Steam\Steam.exe
Faulting
 module path: unknown  Report Id: 0e6282f4-7acd-11e2-bc1e-001b24fe3125
 
Error - 2/19/2013 3:51:16 PM | Computer Name = Barkley-PC | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
 
< End of report >

#9 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 20 February 2013 - 04:49 PM

Good evening. smile.png
 

Close all open programs, including browsers, and do the following:

 

Run OTL.exe.
 

 

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.


Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

 


Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#10 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 February 2013 - 05:10 PM

This popped up when I rebooted - I assume it's the correct log?

 

 

 

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Barkley\Downloads\cmd.bat deleted successfully.
C:\Users\Barkley\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Barkley
->Temp folder emptied: 56641046 bytes
->Temporary Internet Files folder emptied: 37165009 bytes
->Java cache emptied: 7925 bytes
->Google Chrome cache emptied: 174160920 bytes
->Flash cache emptied: 58651 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500432 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 535070 bytes
RecycleBin emptied: 2013 bytes
 
Total Files Cleaned = 258.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Barkley
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 02202013_230530
 
Files\Folders moved on Reboot...
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

#11 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 20 February 2013 - 05:55 PM

OK, you need to manually reset the Chrome Homepage and also the Default Search Engine:  http://support.google.com/chrome/bin/answer.py?hl=en&answer=95314 and http://support.google.com/chrome/bin/answer.py?hl=en&answer=95653

Let me know how you get on.


Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#12 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 20 February 2013 - 06:02 PM

Hey... So I've adjusted the search engine to google again and removed easylife from the menu - thanks for the links.

 

Does my system look relatively clean now? I will continue to run Comodo antivirus and regular Spybot searches etc. Do you recommend I do anything else??

 

 

L


#13 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 21 February 2013 - 03:12 PM

Good evening. smile.png

Assuming that your PC hasn't self-destructed overnight, which is always a worry where Microsoft is concerned, then i'd say you were about done. I want you to run your PC as normal for a few days and when you are happy that everything is fine, do the following:

Create a new Restore Point with a memorable name - this will give a clean one should you need it in the future. If you use a Restore Point from before this point you may reinstall any infection that was present at the time, so only do so if using this latest one doesn't solve any issues.
A tutorial for System Restore is available here.

Run OTL and click on the CleanUp button at the top - it will peform a little housekeeping to leave your PC a little less cluttered.

Some bedtime reading: This is a very good tutorial about keeping your computer safe and secure on the internet. It's a little old, but still contains some good ideas.


Edited by Noviciate, 21 February 2013 - 03:12 PM.

Team Numpty - Poking a finger in the eye of malware since a week last Thursday!

#14 ehrengraf

ehrengraf

    New Member

  • Members
  • Pip
  • 8 posts

Posted 21 February 2013 - 06:28 PM

Mate, thank you for your help.

 

If you ever come to Berlin shoot me an email - ehrengraf@gmail.com

 

Your first beers are on me.

 

 

 

Lucas


#15 Noviciate

Noviciate

    Forum Addict

  • Malware Response Team
  • PipPipPipPipPipPip
  • 4,470 posts
  • Gender:Male
  • Location:Numpty HQ

Posted 22 February 2013 - 03:09 PM

Always a pleasure. As this issue appears to have been resolved, this thread is now closed.


Team Numpty - Poking a finger in the eye of malware since a week last Thursday!
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·