Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MyStart by Incredibar


  • This topic is locked This topic is locked
34 replies to this topic

#1 jackbetal

jackbetal

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 10 June 2012 - 06:14 PM

My pc is also slowing down considerably. I also seem to have a problem whereby words are underlined and I am redirected to an ad which I think is a separate problem.

Thank you in advance.





.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by INSPIRON at 22:47:45 on 2012-06-10
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.2047.1174 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Expat Shield\bin\openvpnas.exe
C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Expat Shield\bin\openvpntray.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\prxtbHots.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\prxtbHots.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - c:\program files\hotspot_shield\prxtbHots.dll
uRun: [WheresJames Startup Manager] c:\program files\wheresjames\startupmgr\StartupMgr.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [aliim] c:\program files\trademanager\aliim.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
TCP: Interfaces\{68E5C55E-1ED0-40C5-97C5-DBA2DE489A38} : DhcpNameServer = 89.101.160.5 89.101.160.4
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2012-1-6 331608]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2012-1-5 363336]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S1 MpKsl4553fad1;MpKsl4553fad1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67741e01-4e02-4876-a083-7a5c9698920c}\mpksl4553fad1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{67741e01-4e02-4876-a083-7a5c9698920c}\MpKsl4553fad1.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\ExpatTrayService.exe [2012-1-6 77520]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-7-29 86824]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2012-3-29 2385896]
.
=============== Created Last 30 ================
.
2012-06-10 00:36:45 -------- d-----w- C:\_OTL
2012-06-09 22:27:42 -------- d-sha-r- C:\cmdcons
2012-06-09 22:25:38 98816 ----a-w- c:\windows\sed.exe
2012-06-09 22:25:38 518144 ----a-w- c:\windows\SWREG.exe
2012-06-09 22:25:38 256000 ----a-w- c:\windows\PEV.exe
2012-06-09 22:25:38 208896 ----a-w- c:\windows\MBR.exe
2012-06-09 18:14:28 -------- d-----w- c:\windows\system32\NtmsData
2012-06-09 14:05:52 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-06-09 14:05:52 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-06 21:02:31 -------- d-----w- c:\windows\system32\aliedit
2012-06-06 21:02:16 -------- d-----w- c:\program files\Trademanager
2012-06-06 20:56:59 -------- d-----w- c:\documents and settings\inspiron\local settings\application data\Alibaba
2012-06-06 20:47:50 -------- d-----w- c:\documents and settings\inspiron\local settings\application data\npwangwang
2012-06-05 12:25:40 215920 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 22:32:58 53248 ------r- c:\documents and settings\inspiron\application data\microsoft\installer\{3f1420a7-ff17-40f0-b4fe-3481b8d10081}\PCToolkit.exe1_3F1420A7FF1740F0B4FE3481B8D10081.exe
2012-06-04 22:32:58 53248 ------r- c:\documents and settings\inspiron\application data\microsoft\installer\{3f1420a7-ff17-40f0-b4fe-3481b8d10081}\PCToolkit.exe_3F1420A7FF1740F0B4FE3481B8D10081.exe
2012-06-04 22:32:58 335872 ------r- c:\documents and settings\inspiron\application data\microsoft\installer\{3f1420a7-ff17-40f0-b4fe-3481b8d10081}\Acrord_EN.exe_3F1420A7FF1740F0B4FE3481B8D10081.exe
2012-06-04 22:32:10 33360 ----a-w- c:\windows\system32\ftserui2.dll
2012-06-04 22:32:09 61067 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-06-04 22:32:09 201096 ----a-w- c:\windows\system32\FTLang.dll
2012-06-04 22:31:48 62216 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-06-04 22:31:48 188416 ----a-w- c:\windows\system32\ftdiunin.exe
2012-06-04 22:31:48 105352 ----a-w- c:\windows\system32\ftbusui.dll
2012-06-04 22:31:47 218504 ----a-w- c:\windows\system32\ftd2xx.dll
2012-06-04 22:31:39 -------- d-----w- c:\program files\Autel
2012-06-04 13:57:05 -------- d-----w- c:\windows\system32\appmgmt
2012-06-03 13:08:47 -------- d-----w- c:\documents and settings\all users\application data\hssff
2012-06-03 12:39:20 -------- d-----w- c:\documents and settings\inspiron\local settings\application data\Vid-Saver
2012-06-03 12:39:15 -------- d-----w- c:\program files\Vid-Saver
2012-05-30 12:59:30 4966600 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-05-29 18:13:40 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-05-29 18:13:40 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-05-29 18:13:40 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll
2012-05-29 18:13:40 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll
2012-05-22 18:22:33 -------- d-----w- c:\documents and settings\inspiron\local settings\application data\Apple Computer
2012-05-22 18:22:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-22 18:22:17 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-22 18:21:01 -------- d-----w- c:\program files\iPod
2012-05-22 18:20:53 -------- d-----w- c:\program files\iTunes
2012-05-22 18:20:53 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-22 18:20:15 -------- d-----w- c:\documents and settings\inspiron\local settings\application data\Apple
2012-05-22 18:19:55 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-05-22 18:19:55 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-05-22 18:16:28 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-22 18:16:26 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-20 22:13:13 -------- d-----w- C:\Expat Shield
2012-05-20 22:12:38 613704 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2012-05-20 22:12:38 597832 ----a-w- c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2012-05-20 22:12:37 -------- d-----w- c:\program files\Expat Shield
2012-05-19 21:51:41 -------- d-----w- c:\documents and settings\inspiron\local settings\application data\Hotspot_Shield
2012-05-19 21:51:38 -------- d-----w- c:\program files\Hotspot_Shield
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
============= FINISH: 22:48:55.31 ===============

Attached File  attach.txt   11.64KB   2 downloads
Attached File  ark.txt   33.26KB   0 downloads
Attached File  ComboFix.txt   15.57KB   0 downloads

Edited by jackbetal, 10 June 2012 - 06:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 10 June 2012 - 11:54 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 07:32 AM

As I compile this reply I "Mystart by Incredibar" is still opening in my browser when I initially open it. My pc is sluggish for normal use. Like creating a new folder or copying to a usb stick are taking forever. Also when I try to add a reply to this it says the page does not exist so I am using fast reply instead.

Here is the Checkup.txt

******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6.19) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
INSPIRON Desktop Virus SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 26% Defragment your hard drive soon!
````````````````````End of Log``````````````````````





Here is ComboFix.txt

******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************



ComboFix 12-06-10.01 - INSPIRON 11/06/2012 13:42:20.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.353.1033.18.2047.1537 [GMT 1:00]
Running from: c:\documents and settings\INSPIRON\Desktop\Virus\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-10 00:36 . 2012-06-10 00:36 -------- d-----w- C:\_OTL
2012-06-09 18:14 . 2012-06-09 19:20 -------- d-----w- c:\windows\system32\NtmsData
2012-06-09 14:05 . 2012-06-09 14:05 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-06 21:02 . 2012-06-06 21:02 -------- d-----w- c:\windows\system32\aliedit
2012-06-06 21:02 . 2012-06-06 21:11 -------- d-----w- c:\program files\Trademanager
2012-06-06 20:56 . 2012-06-06 20:56 -------- d-----w- c:\documents and settings\INSPIRON\Local Settings\Application Data\Alibaba
2012-06-06 20:47 . 2012-06-06 20:47 -------- d-----w- c:\documents and settings\INSPIRON\Local Settings\Application Data\npwangwang
2012-06-05 12:25 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 22:32 . 2012-06-04 22:32 53248 ------r- c:\documents and settings\INSPIRON\Application Data\Microsoft\Installer\{3F1420A7-FF17-40F0-B4FE-3481B8D10081}\PCToolkit.exe1_3F1420A7FF1740F0B4FE3481B8D10081.exe
2012-06-04 22:32 . 2012-06-04 22:32 53248 ------r- c:\documents and settings\INSPIRON\Application Data\Microsoft\Installer\{3F1420A7-FF17-40F0-B4FE-3481B8D10081}\PCToolkit.exe_3F1420A7FF1740F0B4FE3481B8D10081.exe
2012-06-04 22:32 . 2012-06-04 22:32 335872 ------r- c:\documents and settings\INSPIRON\Application Data\Microsoft\Installer\{3F1420A7-FF17-40F0-B4FE-3481B8D10081}\Acrord_EN.exe_3F1420A7FF1740F0B4FE3481B8D10081.exe
2012-06-04 22:32 . 2006-05-19 10:51 33360 ----a-w- c:\windows\system32\ftserui2.dll
2012-06-04 22:32 . 2012-04-13 09:05 201096 ----a-w- c:\windows\system32\FTLang.dll
2012-06-04 22:32 . 2006-05-18 08:49 61067 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2012-06-04 22:32 . 2012-06-04 22:32 -------- d-----w- c:\program files\DIFX
2012-06-04 22:31 . 2012-04-13 09:05 105352 ----a-w- c:\windows\system32\ftbusui.dll
2012-06-04 22:31 . 2012-04-13 09:05 62216 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2012-06-04 22:31 . 2006-05-24 09:40 188416 ----a-w- c:\windows\system32\ftdiunin.exe
2012-06-04 22:31 . 2012-04-13 09:05 218504 ----a-w- c:\windows\system32\ftd2xx.dll
2012-06-04 22:31 . 2012-06-04 22:31 -------- d-----w- c:\program files\Autel
2012-06-04 13:26 . 2012-06-04 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-06-03 13:08 . 2012-06-03 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\hssff
2012-06-03 12:39 . 2012-06-03 12:39 -------- d-----w- c:\documents and settings\INSPIRON\Local Settings\Application Data\Vid-Saver
2012-06-03 12:39 . 2012-06-04 13:47 -------- d-----w- c:\program files\Vid-Saver
2012-05-30 12:59 . 2012-05-30 12:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-29 18:13 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor90.dll
2012-05-29 18:13 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor80.dll
2012-05-29 18:13 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor70.dll
2012-05-29 18:13 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor60.dll
2012-05-24 16:00 . 2012-05-24 16:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Temp
2012-05-24 16:00 . 2012-05-24 16:00 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2012-05-24 15:57 . 2012-05-24 15:57 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2012-05-22 18:22 . 2012-05-22 18:22 -------- d-----w- c:\documents and settings\INSPIRON\Local Settings\Application Data\Apple Computer
2012-05-22 18:22 . 2012-05-22 18:27 -------- d-----w- c:\documents and settings\INSPIRON\Application Data\Apple Computer
2012-05-22 18:22 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-22 18:22 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-05-22 18:21 . 2012-05-22 18:21 -------- d-----w- c:\program files\iPod
2012-05-22 18:20 . 2012-05-22 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-05-22 18:20 . 2012-05-22 18:22 -------- d-----w- c:\program files\iTunes
2012-05-22 18:20 . 2012-05-22 18:20 -------- d-----w- c:\documents and settings\INSPIRON\Local Settings\Application Data\Apple
2012-05-22 18:20 . 2012-05-22 18:20 -------- d-----w- c:\program files\Apple Software Update
2012-05-22 18:20 . 2012-05-22 18:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-05-22 18:19 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-05-22 18:19 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-05-22 18:18 . 2012-05-22 18:20 -------- d-----w- c:\program files\Common Files\Apple
2012-05-22 18:16 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-05-22 18:16 . 2008-04-14 04:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-05-20 22:13 . 2012-05-20 22:13 -------- d-----w- C:\Expat Shield
2012-05-20 22:12 . 2012-01-05 00:31 613704 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2012-05-20 22:12 . 2012-01-05 00:31 597832 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2012-05-20 22:12 . 2012-05-29 18:13 -------- d-----w- c:\program files\Expat Shield
2012-05-19 21:51 . 2012-05-29 18:41 -------- d-----w- c:\documents and settings\INSPIRON\Local Settings\Application Data\Hotspot_Shield
2012-05-19 21:51 . 2012-05-19 21:51 -------- d-----w- c:\program files\Hotspot_Shield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-19 03:50 . 2012-04-19 03:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-19 04:17 . 2011-04-04 23:59 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-09_22.34.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-11 11:02 . 2012-06-11 11:02 16384 c:\windows\Temp\Perflib_Perfdata_114.dat
+ 2012-06-10 11:16 . 2012-06-10 11:16 1259008 c:\windows\Installer\24785d2.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\prxtbHots.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Hotspot_Shield\prxtbHots.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\prxtbHots.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WheresJames Startup Manager"="c:\program files\WheresJames\StartupMgr\StartupMgr.exe" [2011-08-21 475136]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]
"aliim"="c:\program files\Trademanager\aliim.exe" [2012-04-18 215032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"VX6000"="c:\windows\vVX6000.exe" [2007-04-10 996712]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-02 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Trademanager\\AliIM.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16/03/2011 16:03 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [05/04/2011 00:59 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [14/07/2010 13:51 65584]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 04:53 193288]
R2 ExpatShieldService;Expat Shield Service;c:\program files\Expat Shield\bin\openvpnas.exe [06/01/2012 19:32 331608]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\Expat Shield\HssWPR\hsssrv.exe [05/01/2012 00:01 363336]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe -product Expat --> c:\program files\Expat Shield\bin\hsswd.exe -product Expat [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 13:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 17232]
S1 MpKsl4553fad1;MpKsl4553fad1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67741E01-4E02-4876-A083-7A5C9698920C}\MpKsl4553fad1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67741E01-4E02-4876-A083-7A5C9698920C}\MpKsl4553fad1.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30/04/2012 09:44 5106744]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [30/05/2012 13:56 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\Expat Shield\bin\ExpatTrayService.exe [06/01/2012 19:39 77520]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [29/07/2011 22:41 86824]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [29/03/2012 23:12 2385896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-790525478-839522115-1003Core.job
- c:\documents and settings\INSPIRON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:35]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-790525478-839522115-1003UA.job
- c:\documents and settings\INSPIRON\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-02 20:35]
.
2012-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-790525478-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
2012-06-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-790525478-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.101.160.5 89.101.160.4
FF - ProfilePath -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-11 13:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(168)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-11 13:51:44
ComboFix-quarantined-files.txt 2012-06-11 12:51
ComboFix2.txt 2012-06-10 23:29
ComboFix3.txt 2012-06-10 01:42
ComboFix4.txt 2012-06-09 23:37
ComboFix5.txt 2012-06-11 12:37
.
Pre-Run: 5,844,709,376 bytes free
Post-Run: 5,831,630,848 bytes free
.
- - End Of File - - E3C53AEE233F18AB0EA1347CA188F3F1

Edited by jackbetal, 11 June 2012 - 07:58 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 11 June 2012 - 08:11 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 09:37 AM

The pc is still sluggish and "MyStart by Incredibar" is still opening when I open my browser initially.

Here is TDSSKiller.2.7.36.0_11.06.2012_14.50.22_log.txt

******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************




14:50:22.0562 1988 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
14:50:23.0343 1988 ============================================================
14:50:23.0343 1988 Current date / time: 2012/06/11 14:50:23.0343
14:50:23.0343 1988 SystemInfo:
14:50:23.0343 1988
14:50:23.0343 1988 OS Version: 5.1.2600 ServicePack: 3.0
14:50:23.0343 1988 Product type: Workstation
14:50:23.0343 1988 ComputerName: DELL-3DE6A87245
14:50:23.0343 1988 UserName: INSPIRON
14:50:23.0343 1988 Windows directory: C:\WINDOWS
14:50:23.0343 1988 System windows directory: C:\WINDOWS
14:50:23.0343 1988 Processor architecture: Intel x86
14:50:23.0343 1988 Number of processors: 1
14:50:23.0343 1988 Page size: 0x1000
14:50:23.0343 1988 Boot type: Normal boot
14:50:23.0343 1988 ============================================================
14:50:34.0140 1988 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:50:34.0140 1988 ============================================================
14:50:34.0140 1988 \Device\Harddisk0\DR0:
14:50:34.0140 1988 MBR partitions:
14:50:34.0140 1988 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
14:50:34.0140 1988 ============================================================
14:50:34.0171 1988 C: <-> \Device\Harddisk0\DR0\Partition0
14:50:34.0171 1988 ============================================================
14:50:34.0171 1988 Initialize success
14:50:34.0171 1988 ============================================================
14:50:43.0093 3368 ============================================================
14:50:43.0093 3368 Scan started
14:50:43.0093 3368 Mode: Manual;
14:50:43.0093 3368 ============================================================
14:50:45.0609 3368 Abiosdsk - ok
14:50:45.0625 3368 abp480n5 - ok
14:50:45.0671 3368 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:50:46.0062 3368 ACPI - ok
14:50:46.0109 3368 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:50:46.0578 3368 ACPIEC - ok
14:50:46.0593 3368 adpu160m - ok

Here is aswMBR.txt. This scan slowed down to nearly a stop. As you can see from the scan I saved log a couple of times prematurely thinking it was finished as the scan had stopped still for minutes.
******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-09 23:47:06
-----------------------------
23:47:06.237 OS Version: Windows 5.1.2600 Service Pack 3
23:47:06.237 Number of processors: 1 586 0xD08
23:47:06.237 ComputerName: DELL-3DE6A87245 UserName: INSPIRON
23:47:09.190 Initialize success
00:04:08.190 AVAST engine defs: 12060901
00:05:22.284 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:05:22.284 Disk 0 Vendor: HTS548060M9AT00 MGBOA5EA Size: 57231MB BusType: 3
00:05:22.331 Disk 0 MBR read successfully
00:05:22.331 Disk 0 MBR scan
00:05:22.550 Disk 0 Windows XP default MBR code
00:05:22.550 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
00:05:22.565 Disk 0 scanning sectors +117194175
00:05:22.862 Disk 0 scanning C:\WINDOWS\system32\drivers
00:05:48.284 Service scanning
00:06:18.972 Modules scanning
00:06:26.925 Disk 0 trace - called modules:
00:06:26.940 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
00:06:26.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e57ab8]
00:06:27.440 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89dd4d98]
00:06:28.440 AVAST engine scan C:\WINDOWS
00:06:52.347 AVAST engine scan C:\WINDOWS\system32
00:09:54.409 AVAST engine scan C:\WINDOWS\system32\drivers
00:10:22.925 AVAST engine scan C:\Documents and Settings\INSPIRON
00:11:16.503 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\MBR.dat"
00:11:16.503 The log file has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 15:02:15
-----------------------------
15:02:15.843 OS Version: Windows 5.1.2600 Service Pack 3
15:02:15.843 Number of processors: 1 586 0xD08
15:02:15.843 ComputerName: DELL-3DE6A87245 UserName: INSPIRON
15:02:17.140 Initialize success
15:04:52.843 AVAST engine defs: 12061100
15:05:03.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:05:03.859 Disk 0 Vendor: HTS548060M9AT00 MGBOA5EA Size: 57231MB BusType: 3
15:05:03.875 Disk 0 MBR read successfully
15:05:03.875 Disk 0 MBR scan
15:05:03.921 Disk 0 Windows XP default MBR code
15:05:03.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
15:05:03.937 Disk 0 scanning sectors +117194175
15:05:04.078 Disk 0 scanning C:\WINDOWS\system32\drivers
15:06:13.875 Service scanning
15:06:46.531 Modules scanning
15:06:57.843 Disk 0 trace - called modules:
15:06:57.859 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
15:06:57.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e11ab8]
15:06:58.218 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89de7d98]
15:06:59.125 AVAST engine scan C:\WINDOWS
15:07:23.734 AVAST engine scan C:\WINDOWS\system32
15:16:04.093 AVAST engine scan C:\WINDOWS\system32\drivers
15:16:36.437 AVAST engine scan C:\Documents and Settings\INSPIRON
15:18:20.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\MBR.dat"
15:18:20.250 The log file has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\aswMBR.txt"
15:19:02.406 File: C:\Documents and Settings\INSPIRON\Desktop\Dreambox\Dreambox IPTV\dbvstart.bat **INFECTED** Win32:Malware-gen
15:27:04.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\Scans\MBR.dat"
15:27:04.328 The log file has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\Scans\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 15:02:15
-----------------------------
15:02:15.843 OS Version: Windows 5.1.2600 Service Pack 3
15:02:15.843 Number of processors: 1 586 0xD08
15:02:15.843 ComputerName: DELL-3DE6A87245 UserName: INSPIRON
15:02:17.140 Initialize success
15:04:52.843 AVAST engine defs: 12061100
15:05:03.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:05:03.859 Disk 0 Vendor: HTS548060M9AT00 MGBOA5EA Size: 57231MB BusType: 3
15:05:03.875 Disk 0 MBR read successfully
15:05:03.875 Disk 0 MBR scan
15:05:03.921 Disk 0 Windows XP default MBR code
15:05:03.937 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57223 MB offset 63
15:05:03.937 Disk 0 scanning sectors +117194175
15:05:04.078 Disk 0 scanning C:\WINDOWS\system32\drivers
15:06:13.875 Service scanning
15:06:46.531 Modules scanning
15:06:57.843 Disk 0 trace - called modules:
15:06:57.859 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
15:06:57.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e11ab8]
15:06:58.218 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89de7d98]
15:06:59.125 AVAST engine scan C:\WINDOWS
15:07:23.734 AVAST engine scan C:\WINDOWS\system32
15:16:04.093 AVAST engine scan C:\WINDOWS\system32\drivers
15:16:36.437 AVAST engine scan C:\Documents and Settings\INSPIRON
15:18:20.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\MBR.dat"
15:18:20.250 The log file has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\aswMBR.txt"
15:19:02.406 File: C:\Documents and Settings\INSPIRON\Desktop\Dreambox\Dreambox IPTV\dbvstart.bat **INFECTED** Win32:Malware-gen
15:27:04.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\Scans\MBR.dat"
15:27:04.328 The log file has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\Scans\aswMBR.txt"
15:30:09.734 AVAST engine scan C:\Documents and Settings\All Users
15:33:32.046 Scan finished successfully
15:34:10.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\Scans\MBR.dat"
15:34:10.953 The log file has been saved successfully to "C:\Documents and Settings\INSPIRON\Desktop\Virus\Scans\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 11 June 2012 - 09:56 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 11:27 AM

Here is OTL.txt

******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************



OTL logfile created on: 11/06/2012 16:04:24 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\INSPIRON\Desktop\Virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.56% Memory free
2.60 Gb Paging File | 1.94 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 5.35 Gb Free Space | 9.57% Space Free | Partition Type: NTFS

Computer Name: DELL-3DE6A87245 | User Name: INSPIRON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\INSPIRON\Desktop\Virus\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Expat Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Expat Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Expat Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\hidfind.exe (Alps Electric Co., Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\avutil-51.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\avformat-54.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll ()
MOD - C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll ()
MOD - C:\Program Files\Expat Shield\bin\openvpntray.exe ()
MOD - C:\Program Files\Expat Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files\Expat Shield\bin\openvpnas.exe ()
MOD - C:\Program Files\Expat Shield\bin\hsswd.exe ()
MOD - C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Program Files\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Program Files\Rainlendar2\wxmsw28u_xrc_vc_rny.dll ()
MOD - C:\Program Files\Rainlendar2\wxbase28u_xml_vc_rny.dll ()
MOD - C:\Program Files\Rainlendar2\wxmsw28u_html_vc_rny.dll ()
MOD - C:\Program Files\Rainlendar2\wxmsw28u_adv_vc_rny.dll ()
MOD - C:\Program Files\Rainlendar2\wxmsw28u_core_vc_rny.dll ()
MOD - C:\Program Files\Rainlendar2\wxbase28u_vc_rny.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\Program Files\Rainlendar2\lfs.dll ()
MOD - C:\Program Files\Rainlendar2\lua51.dll ()
MOD - C:\Program Files\Expat Shield\bin\libidn-11.dll ()
MOD - C:\Program Files\Expat Shield\bin\libssl32.dll ()
MOD - C:\Program Files\Expat Shield\bin\libeay32.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ExpatTrayService) -- C:\Program Files\Expat Shield\bin\ExpatTrayService.exe ()
SRV - (ExpatShieldService) -- C:\Program Files\Expat Shield\bin\openvpnas.exe ()
SRV - (ExpatWd) -- C:\Program Files\Expat Shield\bin\hsswd.exe ()
SRV - (ExpatSrv) -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (dlbt_device) -- C:\WINDOWS\system32\dlbtcoms.exe (Dell)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MpKsl4553fad1) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67741E01-4E02-4876-A083-7A5C9698920C}\MpKsl4553fad1.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\INSPIRON\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Documents and Settings\INSPIRON\Local Settings\temp\aswMBR.sys ()
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ctxusbm) -- C:\WINDOWS\system32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (VX6000) -- C:\WINDOWS\system32\drivers\VX6000Xp.sys (Microsoft Corporation
)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w29n51) Intel® -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{10D9DD25-24CF-48D3-B184-1B28D1A0E1FE}: "URL" = http://search.avg.com/?d=4e0fb7b5&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = http://search.expatshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\DOCUME~1\INSPIRON\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/29 09:32:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012/03/12 13:53:24 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/17 01:00:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/21 22:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/06 21:47:50 | 000,000,000 | ---D | M]

[2011/07/31 00:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\INSPIRON\Application Data\Mozilla\Extensions
[2012/06/03 14:09:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/10 12:15:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/08/08 02:15:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/13 09:56:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/22 01:48:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/05/20 23:12:37 | 000,000,000 | ---D | M] (Expat Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012/02/22 01:48:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/25 03:21:56 | 000,108,536 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwangwang.dll
[2011/07/08 05:49:46 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/07/08 05:49:46 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/07/08 05:49:46 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/07/08 05:49:46 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb128/?loc=IB_DS&search={searchTerms}&a=6PQzXd1mfb&i=26
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/11 00:26:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
O4 - HKU\S-1-5-21-746137067-790525478-839522115-1003..\Run: [aliim] C:\Program Files\Trademanager\AliIM.exe (Alibaba software (Shanghai) Corporation.)
O4 - HKU\S-1-5-21-746137067-790525478-839522115-1003..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
O4 - HKU\S-1-5-21-746137067-790525478-839522115-1003..\Run: [WheresJames Startup Manager] C:\Program Files\WheresJames\StartupMgr\StartupMgr.exe (WheresJames Software (www.wheresjames.com))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-790525478-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.5 89.101.160.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68E5C55E-1ED0-40C5-97C5-DBA2DE489A38}: DhcpNameServer = 89.101.160.5 89.101.160.4
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/13 16:22:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 15:19:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/10 01:36:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/09 23:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Desktop\Virus
[2012/06/09 23:27:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/06/09 23:25:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/09 23:25:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/09 23:25:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/09 23:25:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/09 22:48:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\INSPIRON\Recent
[2012/06/09 19:14:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/06/08 21:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Desktop\The Sopranos
[2012/06/07 12:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Desktop\Business
[2012/06/06 22:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TradeManager
[2012/06/06 22:02:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\aliedit
[2012/06/06 22:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trademanager
[2012/06/06 21:56:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Alibaba
[2012/06/06 21:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\npwangwang
[2012/06/04 23:32:10 | 000,033,360 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftserui2.dll
[2012/06/04 23:32:09 | 000,201,096 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\FTLang.dll
[2012/06/04 23:32:09 | 000,061,067 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftser2k.sys
[2012/06/04 23:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/06/04 23:31:48 | 000,105,352 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftbusui.dll
[2012/06/04 23:31:48 | 000,062,216 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\drivers\ftdibus.sys
[2012/06/04 23:31:47 | 000,218,504 | ---- | C] (FTDI Ltd.) -- C:\WINDOWS\System32\ftd2xx.dll
[2012/06/04 23:31:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Start Menu\Programs\Autel
[2012/06/04 23:31:39 | 000,000,000 | ---D | C] -- C:\Program Files\Autel
[2012/06/04 20:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2012/06/04 14:57:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/06/04 14:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/06/03 14:16:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Desktop\P90X & P90X+ Plus - Extreme Home Fitness Exercise Videos - Portable MP4 (PSP-IPOD)
[2012/06/03 14:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\hssff
[2012/06/03 13:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Vid-Saver
[2012/06/03 13:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\Vid-Saver
[2012/05/29 09:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012/05/22 19:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Apple Computer
[2012/05/22 19:22:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Application Data\Apple Computer
[2012/05/22 19:22:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/22 19:22:17 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/05/22 19:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/22 19:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/22 19:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/22 19:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Apple
[2012/05/22 19:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/05/22 19:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/22 19:19:55 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2012/05/22 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/05/22 19:16:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012/05/22 19:16:26 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012/05/20 23:13:13 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2012/05/20 23:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Expat Shield
[2012/05/20 23:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Expat Shield
[2012/05/19 22:51:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Hotspot_Shield
[2012/05/19 22:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot_Shield

========== Files - Modified Within 30 Days ==========

[2012/06/11 16:10:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-790525478-839522115-1003UA.job
[2012/06/11 13:19:58 | 000,000,106 | ---- | M] () -- C:\Documents and Settings\INSPIRON\default.pls
[2012/06/11 12:09:23 | 100,193,302 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/06/11 12:05:02 | 000,000,008 | ---- | M] () -- C:\Documents and Settings\INSPIRON\MagicEmotions.idx
[2012/06/11 12:03:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/11 12:03:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-746137067-790525478-839522115-1003.job
[2012/06/11 12:02:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/11 01:08:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/06/11 00:26:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/10 22:23:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\INSPIRON\defogger_reenable
[2012/06/10 21:10:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-790525478-839522115-1003Core.job
[2012/06/10 18:50:20 | 000,202,333 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012/06/10 15:05:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-790525478-839522115-1003.job
[2012/06/10 13:30:29 | 000,170,496 | ---- | M] () -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/10 12:15:03 | 000,034,764 | ---- | M] () -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\dt.dat
[2012/06/09 23:27:49 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/06/08 20:49:42 | 005,434,305 | ---- | M] () -- C:\Documents and Settings\INSPIRON\Desktop\McKeown.mp3
[2012/06/08 20:49:31 | 058,870,491 | ---- | M] () -- C:\Documents and Settings\INSPIRON\Desktop\McKeown 7.30 LateLunch300412.mp3
[2012/06/06 22:02:43 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TradeManager 2011.lnk
[2012/06/04 23:31:43 | 000,002,048 | ---- | M] () -- C:\Documents and Settings\INSPIRON\Desktop\MaxiLink.lnk
[2012/06/03 13:37:54 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/05/31 14:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 19:22:26 | 000,435,971 | ---- | M] () -- C:\Documents and Settings\INSPIRON\Desktop\Accaglobal Disciplinary Procedures.pdf
[2012/05/29 09:32:01 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2012/05/22 19:22:20 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/22 19:20:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/20 23:13:50 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Expat Shield Launch.lnk

========== Files Created - No Company Name ==========

[2012/06/10 22:23:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\INSPIRON\defogger_reenable
[2012/06/10 12:15:03 | 000,034,764 | ---- | C] () -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\dt.dat
[2012/06/09 23:27:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/06/09 23:27:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/06/09 23:25:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/09 23:25:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/09 23:25:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/09 23:25:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/09 23:25:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/08 20:49:17 | 005,434,305 | ---- | C] () -- C:\Documents and Settings\INSPIRON\Desktop\McKeown.mp3
[2012/06/08 20:49:01 | 058,870,491 | ---- | C] () -- C:\Documents and Settings\INSPIRON\Desktop\McKeown 7.30 LateLunch300412.mp3
[2012/06/08 13:41:44 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\INSPIRON\MagicEmotions.idx
[2012/06/06 22:02:43 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TradeManager 2011.lnk
[2012/06/04 23:31:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2012/06/04 23:31:47 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2012/06/04 23:31:43 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\INSPIRON\Desktop\MaxiLink.lnk
[2012/05/29 19:22:26 | 000,435,971 | ---- | C] () -- C:\Documents and Settings\INSPIRON\Desktop\Accaglobal Disciplinary Procedures.pdf
[2012/05/22 19:22:20 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/05/22 19:20:16 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/22 19:20:12 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/05/20 23:13:50 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Expat Shield Launch.lnk
[2012/03/29 23:12:16 | 000,015,497 | R--- | C] () -- C:\WINDOWS\VX6KStd.ini
[2012/03/12 22:05:58 | 000,000,619 | R--- | C] () -- C:\WINDOWS\System32\hppapr13.dat
[2012/02/23 21:43:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 22:28:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/14 22:35:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011/10/31 23:44:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/10/31 23:36:05 | 000,000,354 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2011/10/31 23:33:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsb.dll
[2011/10/31 23:33:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbtcub.dll
[2011/10/31 23:33:45 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbtins.dll
[2011/10/31 23:33:45 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbtinsr.dll
[2011/10/31 23:33:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2011/10/31 23:33:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2011/10/31 23:33:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2011/10/31 23:33:43 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2011/10/31 23:33:43 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2011/10/31 23:33:43 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2011/10/31 23:33:39 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2011/07/31 23:41:56 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011/07/31 00:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/30 20:42:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/06/30 20:42:40 | 000,170,496 | ---- | C] () -- C:\Documents and Settings\INSPIRON\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/29 14:53:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/06/14 11:41:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2011/06/14 11:29:56 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/06/13 16:51:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/13 16:26:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/13 16:18:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/11 13:02:10 | 000,235,960 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >


Here is Extras.txt

******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************



OTL Extras logfile created on: 11/06/2012 16:04:24 - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\INSPIRON\Desktop\Virus
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.56% Memory free
2.60 Gb Paging File | 1.94 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 5.35 Gb Free Space | 9.57% Space Free | Partition Type: NTFS

Computer Name: DELL-3DE6A87245 | User Name: INSPIRON | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Trademanager\AliIM.exe" = C:\Program Files\Trademanager\AliIM.exe:*:Enabled:AliIM -- (Alibaba software (Shanghai) Corporation.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F1420A7-FF17-40F0-B4FE-3481B8D10081}" = MaxiLink
"{4073AAEC-B01B-4000-BC9B-1447E3A7BD87}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCF75973-29C2-4245-80E3-B3C2B7E7548B}" = AVG 2012
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"AB2094562DCCF887D275D26D0C18F6D23EBE5E07" = Windows Driver Package - STMicroelectronics (STTub203) USB
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AliSetup" = AliSetup 0.1.0.52
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2012
"bcDTVLink" = bitcontrol® Digital TV Link v2.5
"bcMPEG2dec" = bitcontrol® MPEG-2 Video Decoder v1.5
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"ExpatShield" = Expat Shield 2.24
"FileZilla Client" = FileZilla Client 3.5.2
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Hotspot_Shield Toolbar" = Hotspot Shield Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Mozilla Firefox (3.6.19)" = Mozilla Firefox (3.6.19)
"ProInst" = Intel® PROSet/Wireless Software
"Rainlendar2" = Rainlendar2 (remove only)
"RealPlayer 12.0" = RealPlayer
"ST6UNST #1" = mFaraj DB viewer4.0.0
"TradeManager 2011 SP3" = TradeManager 2011 SP3
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 1.1.11
"WheresJames Startup Manager 2.22" = WheresJames Startup Manager 2.22
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AliIM Plugins for Browser" = AliIM Plugins for Browser
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/06/2012 12:18:32 | Computer Name = DELL-3DE6A87245 | Source = Bonjour Service | ID = 100
Description =

Error - 03/06/2012 12:18:32 | Computer Name = DELL-3DE6A87245 | Source = Bonjour Service | ID = 100
Description =

Error - 06/06/2012 08:20:24 | Computer Name = DELL-3DE6A87245 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 19.0.1084.52, faulting module
chrome.dll, version 19.0.1084.52, fault address 0x000261df.

Error - 07/06/2012 16:10:19 | Computer Name = DELL-3DE6A87245 | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 19.0.1084.52, faulting module
ntdll.dll, version 5.1.2600.6055, fault address 0x00019af2.

Error - 09/06/2012 13:57:14 | Computer Name = DELL-3DE6A87245 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0xdb2359db.

Error - 09/06/2012 14:36:21 | Computer Name = DELL-3DE6A87245 | Source = NTBackup | ID = 8001
Description = End Backup of 'C:' 'Warnings or errors were encountered.' Verify:
Off Mode: Replace Type: Normal Consult the backup report for more details.

Error - 09/06/2012 14:36:26 | Computer Name = DELL-3DE6A87245 | Source = NTBackup | ID = 8019
Description = End Operation: Warnings or errors were encountered. Consult the backup
report for more details.

Error - 09/06/2012 16:57:30 | Computer Name = DELL-3DE6A87245 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0xc0000001.

Error - 09/06/2012 18:37:47 | Computer Name = DELL-3DE6A87245 | Source = Application Error | ID = 1000
Description = Faulting application startupmgr.exe, version 2.22.0.1, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 09/06/2012 21:43:03 | Computer Name = DELL-3DE6A87245 | Source = Application Error | ID = 1000
Description = Faulting application startupmgr.exe, version 2.22.0.1, faulting module
startupmgr.exe, version 2.22.0.1, fault address 0x0003761a.

[ System Events ]
Error - 02/06/2012 16:22:22 | Computer Name = DELL-3DE6A87245 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 02/06/2012 16:22:22 | Computer Name = DELL-3DE6A87245 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 02/06/2012 16:38:13 | Computer Name = DELL-3DE6A87245 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 02/06/2012 16:38:13 | Computer Name = DELL-3DE6A87245 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 03/06/2012 10:42:58 | Computer Name = DELL-3DE6A87245 | Source = Service Control Manager | ID = 7023
Description = The iPod Service service terminated with the following error: %%2147549465

Error - 03/06/2012 10:43:12 | Computer Name = DELL-3DE6A87245 | Source = DCOM | ID = 10010
Description = The server {063D34A4-BF84-4B8D-B699-E8CA06504DDE} did not register
with DCOM within the required timeout.

Error - 04/06/2012 07:52:15 | Computer Name = DELL-3DE6A87245 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.66 for the Network Card with network
address 0012F0384501 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 04/06/2012 09:00:11 | Computer Name = DELL-3DE6A87245 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 04/06/2012 09:00:18 | Computer Name = DELL-3DE6A87245 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 04/06/2012 09:25:18 | Computer Name = DELL-3DE6A87245 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.


< End of report >

Edited by jackbetal, 11 June 2012 - 11:30 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 11 June 2012 - 12:03 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
    IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552
    IE - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}: "URL" = http://search.expatshield.com/g/results.php?c=s&q={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\DOCUME~1\INSPIRON\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll ()
    FF - HKCU\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}: C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll (alibaba)
    [2012/04/25 03:21:56 | 000,108,536 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwangwang.dll
    O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-746137067-790525478-839522115-1003\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
      
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 12:41 PM

Hey Gringo.
The pc is still sluggish and "MyStart by Incredibar" is still as it was. No noticeable changes yet.



Here is 06112012_182956.log

******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ deleted successfully.
C:\Program Files\Hotspot_Shield\prxtbHots.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{b167b83b-348e-4f8a-a00d-693f28ede787}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b167b83b-348e-4f8a-a00d-693f28ede787}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0\ deleted successfully.
File move failed. C:\DOCUME~1\INSPIRON\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\{@alibaba.com/alisetup;version=1.0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{@alibaba.com/alisetup;version=1.0}\ not found.
C:\Documents and Settings\INSPIRON\Local Settings\Application Data\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npwangwang.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Program Files\Hotspot_Shield\prxtbHots.dll not found.
Registry value HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}\ not found.
File C:\Program Files\Hotspot_Shield\prxtbHots.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\INSPIRON\Desktop\Virus\cmd.bat deleted successfully.
C:\Documents and Settings\INSPIRON\Desktop\Virus\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: INSPIRON
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: INSPIRON
->Flash cache emptied: 5089 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06112012_182956

Files\Folders moved on Reboot...
C:\DOCUME~1\INSPIRON\LOCALS~1\Temp\..\application data\npwangwang\npwangwang.dll moved successfully.

Registry entries deleted on Reboot...

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 11 June 2012 - 01:16 PM

Greetings

"MyStart by Incredibar" - in which browser is this affecting


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 01:21 PM

Google chrome. When I tried to open Firefox there to check how that was it said it was already running. It isn't. Even when I check Task Manager it is not running.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 11 June 2012 - 01:37 PM

Greetings

restart the computer and check firfox - I have had that happen before

for chrome I want you to uninstall chrome and if asked about user data or settings remove that also

restart the computer and reinstall chrome and check it out for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 01:43 PM

I have already tried the restart for firefox and still a message saying it already running. Will I loose all my favourites in chrome if I remove user settings and data?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 PM

Posted 11 June 2012 - 01:48 PM

you can backup your faverorits this way


you can also export your bookmarks by going to Wrench > Bookmark manager > Organize > Export bookmarks. You can import the resulting html into Chrome and other browsers when necessary.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jackbetal

jackbetal
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 11 June 2012 - 06:29 PM

Hey Gringo.

"MyStart by Incredibar" seems to be gone now. I uninstalled Chrome and reinstalled it as you requested and it worked.


I did the same with Firefox but I am still getting this message.

"Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system".


I also still have the problem where by if I am in a site there could be random words highlighted and underlined and when I run my cursor over them they pop up and ad.

Edited by jackbetal, 11 June 2012 - 06:39 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users