Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow PC, programs, and flash player slows or pauses


  • This topic is locked This topic is locked
22 replies to this topic

#1 Steelers2025

Steelers2025

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 22 September 2012 - 04:01 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by mikechips9111 at 16:00:50 on 2012-09-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1423 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\atashost.exe
C:\Windows\system32\libusbd-nt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\VentSrv\ventrilo_svc.exe
C:\Program Files\VentSrv\ventrilo_srv.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102874&gct=hp
uDefault_Search_URL = hxxp://google.inklineglobal.com/?MB
mStart Page = hxxp://search.entru.com/?s=21982
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\progra~1\yahoo!\companion\installs\cpn0\YTNavAssist.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: {61f9a87f-c1a0-47c5-88e3-a7d39e9c9f79} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] //~c:\program files\quicktime\qttask.exe -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
Trusted Zone: ukb-kvcd.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{A61DB213-C617-4C6C-98B8-96DFA4668E89} : NameServer = 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
TCP: Interfaces\{C520C8BA-FEB9-4FC8-B456-72E3DF3FBB6F} : NameServer = 8.8.8.8,8.8.8.4,208.67.220.220,208.67.222.222
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mikechips9111\appdata\roaming\mozilla\firefox\profiles\me8kstqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SearchMyWeb
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102874&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - SearchMyWeb
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.search.defaultenginename - SearchMyWeb
FF - user.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=
FF - user.js: browser.startup.homepage - hxxp://google.inklineglobal.com/?MB
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.id - 37c52f32000000000000001f3a96aa1c
FF - user.js: extensions.BabylonToolbar_i.hardId - 37c52f32000000000000001f3a96aa1c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15536
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:37:26
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114064
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-2-3 15672]
R1 MpKsld88def36;MpKsld88def36;c:\programdata\microsoft\microsoft antimalware\definition updates\{d96aaf90-e918-4593-8c50-c2f1715dc616}\MpKsld88def36.sys [2012-9-21 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-4-2 20376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-20 399432]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2009-3-12 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-3 22856]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-12-15 20080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9a93ad4acec15;Google Update Service (gupdate1c9a93ad4acec15);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-2-3 676936]
S2 trackcam;TrackerCam Video Capture Driver;c:\windows\system32\drivers\trackcam.sys [2010-3-4 78152]
S3 GamingMsFltr;Laser Gaming Mouse;c:\windows\system32\drivers\gamingms.sys [2010-10-9 9344]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-20 133104]
S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2008-2-22 180272]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-2-8 36928]
S3 SaiH0D60;SaiH0D60;c:\windows\system32\drivers\SaiH0D60.sys [2008-11-24 137600]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-3-10 31872]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-4-27 17792]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-5-18 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2009-2-18 2560]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-2-22 1245064]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-3 24652]
SUnknown MpKsl32a1c139;MpKsl32a1c139; [x]
.
=============== Created Last 30 ================
.
2012-09-22 10:20:10 -------- dc----w- c:\program files\DownloadToolz
2012-09-22 02:17:18 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d96aaf90-e918-4593-8c50-c2f1715dc616}\MpKsld88def36.sys
2012-09-22 02:04:08 -------- d-----w- c:\users\mikechips9111\appdata\roaming\SUPERAntiSpyware.com
2012-09-22 02:03:52 -------- dc----w- c:\program files\SUPERAntiSpyware
2012-09-22 02:03:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-22 01:28:32 -------- d-----w- c:\users\mikechips9111\appdata\local\temp
2012-09-22 01:23:54 -------- dcsh--w- C:\$RECYCLE.BIN
2012-09-22 00:25:19 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d96aaf90-e918-4593-8c50-c2f1715dc616}\mpengine.dll
2012-09-21 00:24:15 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-19 11:22:13 -------- d-----w- c:\users\mikechips9111\appdata\local\AdFender
2012-09-19 10:19:52 -------- d-----w- c:\users\mikechips9111\appdata\roaming\Charles
2012-09-19 10:16:44 -------- dc----w- c:\program files\Charles
2012-09-18 02:55:35 -------- dc----w- c:\program files\DebugMode
2012-09-18 01:45:29 -------- dc----w- c:\program files\vReveal 3
2012-09-17 22:31:09 -------- dc----w- c:\program files\Free Video Converter
2012-09-17 22:31:09 -------- d-----w- c:\users\mikechips9111\appdata\roaming\FreeVideoConverter
2012-09-17 05:34:29 -------- dc----w- c:\program files\Pinnacle
2012-09-17 05:34:29 -------- dc----w- c:\program files\common files\Yahoo!
2012-09-17 05:34:29 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-09-17 02:45:01 -------- d-----w- c:\users\mikechips9111\appdata\local\{CE0A7AE9-34AE-4089-950A-D3ACC7D1D3ED}
2012-09-17 02:36:03 -------- d-----w- c:\users\mikechips9111\appdata\local\{723C2B52-3250-4FCD-85BB-4AB0F4D4614B}
2012-09-09 11:28:27 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-09 11:12:14 -------- dc----w- c:\program files\LimeWire
2012-09-09 10:51:00 -------- d-----w- c:\users\mikechips9111\appdata\roaming\Azureus
2012-09-03 04:29:00 -------- d-----w- c:\users\mikechips9111\appdata\local\{B41B57D5-0FDE-4ED4-8807-F5ED38B303C0}
2012-09-03 00:54:17 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-09-03 00:45:50 -------- d-----w- c:\users\mikechips9111\appdata\roaming\Leawo
2012-09-03 00:45:11 -------- dc----w- c:\program files\Leawo
2012-09-03 00:45:11 -------- d-----w- c:\programdata\Leawo
2012-09-03 00:30:33 -------- dc----w- c:\program files\SpeedBit Video Accelerator
.
==================== Find3M ====================
.
2012-09-09 11:28:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 11:28:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 20:57:48 4024320 -c--a-w- c:\program files\GUT5C91.tmp
2012-07-18 02:31:35 4024320 -c--a-w- c:\program files\GUT89D8.tmp
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 16:02:04.88 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 26 September 2012 - 11:17 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 27 September 2012 - 08:47 PM

Ok i ran all of them programs here are the logs u asked for.

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 21:42:04
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : mikechips9111 - MIKECHIPS911-PC
# Boot Mode : Normal
# Running from : C:\Users\mikechips9111\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Viewpoint Manager Service

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\Askcom.xml
File Found : C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\GamesBar
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\mikechips9111\AppData\Local\APN
Folder Found : C:\Users\mikechips9111\AppData\Local\Conduit
Folder Found : C:\Users\mikechips9111\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\mikechips9111\AppData\LocalLow\Conduit
Folder Found : C:\Users\mikechips9111\AppData\LocalLow\xnn
Folder Found : C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\ConduitCommon
Folder Found : C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\CT2559647
Folder Found : C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Software\xnn
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61F9A87F-C1A0-47C5-88E3-A7D39E9C9F79}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2559647
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61F9A87F-C1A0-47C5-88E3-A7D39E9C9F79}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\Software\xnn
Key Found : HKU\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{61F9A87F-C1A0-47C5-88E3-A7D39E9C9F79}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=102874&gct=hp

-\\ Mozilla Firefox v4.0.1 (en-US)

Profile name : default
File : C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\prefs.js

Found : user_pref("CT2079528.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2079528.AllowNonPrivacy", false);
Found : user_pref("CT2079528.CTID", "CT2079528");
Found : user_pref("CT2079528.CTPBaseServerUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2079528.CommunityChanged", false);
Found : user_pref("CT2079528.DialogsAlignMode", "LTR");
Found : user_pref("CT2079528.EMailNotifierPollDate", "Fri Mar 20 2009 22:59:20 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT2079528.FirstTime", true);
Found : user_pref("CT2079528.FirstTimeFF3", true);
Found : user_pref("CT2079528.FixPageNotFoundErrors", true);
Found : user_pref("CT2079528.FixPageNotFoundUrl", "hxxp://SeeTooforJustintv.OurToolbar.com/notfound/?actid=E[...]
Found : user_pref("CT2079528.Initialize", true);
Found : user_pref("CT2079528.InitializeCommonPrefs", true);
Found : user_pref("CT2079528.IsGrouping", false);
Found : user_pref("CT2079528.IsMulticommunity", false);
Found : user_pref("CT2079528.IsOpenThankYouPage", false);
Found : user_pref("CT2079528.IsOpenUninstallPage", true);
Found : user_pref("CT2079528.LanguagePackLastCheckTime", "Fri Mar 20 2009 18:04:28 GMT-0400 (Eastern Dayligh[...]
Found : user_pref("CT2079528.LanguagePackReloadInterval", "24");
Found : user_pref("CT2079528.LastLogin", "Fri Mar 20 2009 20:33:19 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2079528.Locale", "en-us");
Found : user_pref("CT2079528.LoginCache", "4");
Found : user_pref("CT2079528.MCDetectTooltipHeight", "83");
Found : user_pref("CT2079528.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2079528.MCDetectTooltipWidth", "295");
Found : user_pref("CT2079528.MyGadgetsServerUrl", "hxxp://services.MyStuff.u-page.com/MyStuffService.asmx/Le[...]
Found : user_pref("CT2079528.MyGadgetsTrustedDomains", "u-page.com");
Found : user_pref("CT2079528.RadioLastCheckTime", "Fri Mar 20 2009 22:58:59 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2079528.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2079528.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2079528.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2079528.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT207[...]
Found : user_pref("CT2079528.Server", "hxxp://users.conduit.com");
Found : user_pref("CT2079528.SettingsLastUpdate", "1236858294");
Found : user_pref("CT2079528.ThirdPartyComponentsInterval", "72");
Found : user_pref("CT2079528.ThirdPartyComponentsLastCheck", "Tue Mar 10 2009 20:53:47 GMT-0400 (Eastern Day[...]
Found : user_pref("CT2079528.ThirdPartyComponentsLastUpdate", "1234008881");
Found : user_pref("CT2079528.ToolbarAlignMode", "SYSTEM");
Found : user_pref("CT2079528.ToolbarName", "SeeToo for Justin.tv");
Found : user_pref("CT2079528.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2079528.UserID", "UN20090310205346012");
Found : user_pref("CT2079528.VusualLastUpdateTime", "1230569392");
Found : user_pref("CT2079528.WeatherNetwork", "");
Found : user_pref("CT2079528.WeatherPollDate", "Fri Mar 20 2009 22:43:14 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2079528.WeatherUnit", "F");
Found : user_pref("CT2559647..clientLogIsEnabled", false);
Found : user_pref("CT2559647..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2559647..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2559647.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2559647.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2559647.AppTrackingLastCheckTime", "Sun Aug 05 2012 22:17:40 GMT-0400 (Eastern Daylight[...]
Found : user_pref("CT2559647.CTID", "CT2559647");
Found : user_pref("CT2559647.CurrentServerDate", "24-8-2012");
Found : user_pref("CT2559647.DialogsAlignMode", "LTR");
Found : user_pref("CT2559647.DialogsGetterLastCheckTime", "Thu Aug 23 2012 23:37:51 GMT-0400 (Eastern Daylig[...]
Found : user_pref("CT2559647.DownloadReferralCookieData", "");
Found : user_pref("CT2559647.ExternalComponentPollDate129404749084494749", "Sun Mar 25 2012 20:31:24 GMT-040[...]
Found : user_pref("CT2559647.ExternalComponentPollDate129404791544181654", "Sun Mar 25 2012 20:31:24 GMT-040[...]
Found : user_pref("CT2559647.ExternalComponentPollDate129413165572169584", "Sun Mar 25 2012 20:31:24 GMT-040[...]
Found : user_pref("CT2559647.FirstServerDate", "25-8-2011");
Found : user_pref("CT2559647.FirstTime", true);
Found : user_pref("CT2559647.FirstTimeFF3", true);
Found : user_pref("CT2559647.FixPageNotFoundErrors", true);
Found : user_pref("CT2559647.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2559647.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2559647.HasUserGlobalKeys", true);
Found : user_pref("CT2559647.HomePageProtectorEnabled", false);
Found : user_pref("CT2559647.Initialize", true);
Found : user_pref("CT2559647.InitializeCommonPrefs", true);
Found : user_pref("CT2559647.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2559647.InstallationId", "CT2559647_Coupons.exe");
Found : user_pref("CT2559647.InstallationType", "ConduitIntegration");
Found : user_pref("CT2559647.InstalledDate", "Thu Aug 25 2011 16:45:28 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2559647.IsAlertDBUpdated", true);
Found : user_pref("CT2559647.IsGrouping", false);
Found : user_pref("CT2559647.IsInitSetupIni", true);
Found : user_pref("CT2559647.IsMulticommunity", false);
Found : user_pref("CT2559647.IsOpenThankYouPage", false);
Found : user_pref("CT2559647.IsOpenUninstallPage", true);
Found : user_pref("CT2559647.IsProtectorsInit", true);
Found : user_pref("CT2559647.LanguagePackLastCheckTime", "Thu Aug 23 2012 23:37:52 GMT-0400 (Eastern Dayligh[...]
Found : user_pref("CT2559647.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2559647.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2559647.LastLogin_3.12.0.7", "Fri Jun 15 2012 23:07:24 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.13.0.6", "Sat Jul 28 2012 05:05:11 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.14.1.0", "Thu Aug 23 2012 23:37:51 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.5.1.1", "Thu Aug 25 2011 16:45:28 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT2559647.LastLogin_3.6.0.10", "Fri Oct 07 2011 21:20:03 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2559647.LastLogin_3.7.0.6", "Fri Dec 23 2011 17:18:23 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2559647.LastLogin_3.8.1.0", "Thu Apr 19 2012 05:03:15 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT2559647.LatestVersion", "3.14.1.0");
Found : user_pref("CT2559647.Locale", "en");
Found : user_pref("CT2559647.MCDetectTooltipHeight", "83");
Found : user_pref("CT2559647.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2559647.MCDetectTooltipWidth", "295");
Found : user_pref("CT2559647.MyStuffEnabledAtInstallation", false);
Found : user_pref("CT2559647.OriginalFirstVersion", "3.5.1.1");
Found : user_pref("CT2559647.SearchEngineBeforeUnload", "Coupons.com Customized Web Search");
Found : user_pref("CT2559647.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2559647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT255[...]
Found : user_pref("CT2559647.SearchInNewTabEnabled", true);
Found : user_pref("CT2559647.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2559647.SearchInNewTabLastCheckTime", "Thu Aug 23 2012 23:37:47 GMT-0400 (Eastern Dayli[...]
Found : user_pref("CT2559647.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2559647.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2559647.SearchProtectorEnabled", false);
Found : user_pref("CT2559647.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2559647.ServiceMapLastCheckTime", "Thu Aug 23 2012 23:37:50 GMT-0400 (Eastern Daylight [...]
Found : user_pref("CT2559647.SettingsLastCheckTime", "Thu Aug 23 2012 23:37:47 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT2559647.SettingsLastUpdate", "1344943760");
Found : user_pref("CT2559647.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2559647.ThirdPartyComponentsLastCheck", "Sat Aug 18 2012 16:27:11 GMT-0400 (Eastern Day[...]
Found : user_pref("CT2559647.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2559647.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2559647.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2559647");
Found : user_pref("CT2559647.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2559647.UserID", "UN89187868392555887");
Found : user_pref("CT2559647.alertChannelId", "952537");
Found : user_pref("CT2559647.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2559647.globalFirstTimeInfoLastCheckTime", "Thu Aug 23 2012 23:37:51 GMT-0400 (Eastern [...]
Found : user_pref("CT2559647.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2559647.initDone", true);
Found : user_pref("CT2559647.isAppTrackingManagerOn", false);
Found : user_pref("CT2559647.myStuffEnabled", true);
Found : user_pref("CT2559647.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2559647.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2559647.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2559647.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2559647.oldAppsList", "129126535051871363,129126535052027614,111,129732450647667807,100[...]
Found : user_pref("CT2559647.revertSettingsEnabled", false);
Found : user_pref("CT2559647.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2559647.searchProtectorEnableByLogin", true);
Found : user_pref("CT2559647.testingCtid", "");
Found : user_pref("CT2559647.toolbarAppMetaDataLastCheckTime", "Thu Aug 23 2012 23:37:51 GMT-0400 (Eastern D[...]
Found : user_pref("CT2559647.toolbarContextMenuLastCheckTime", "Mon Aug 13 2012 02:07:11 GMT-0400 (Eastern D[...]
Found : user_pref("CT2559647.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitSearchList", "Coupons.com Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2559647/CT2559647[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2559647", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2559647",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2559647&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f53[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\mikechips9111\\AppData\\Roaming\\Mo[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.14.1.0");
Found : user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2079528,CT2559647");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2079528,CT2559647");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2559647");
Found : user_pref("CommunityToolbar.globalUserId", "67f16d4c-42bb-4914-801f-3fbc70ee2016");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2559647");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Aug 23 2012 23:37:5[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Aug 23 2012 23:37:48 GMT-0400 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "de233e46-bbd2-4c10-827e-b10ae9fb2da1");
Found : user_pref("aol_toolbar.surf.date", "521");
Found : user_pref("aol_toolbar.surf.lastDate", "4");
Found : user_pref("aol_toolbar.surf.lastMonth", "1");
Found : user_pref("aol_toolbar.surf.lastYear", "2009");
Found : user_pref("aol_toolbar.surf.mURL", "");
Found : user_pref("aol_toolbar.surf.mURLh", "0");
Found : user_pref("aol_toolbar.surf.mURLw", "0");
Found : user_pref("aol_toolbar.surf.mURLx", "0");
Found : user_pref("aol_toolbar.surf.mURLy", "0");
Found : user_pref("aol_toolbar.surf.milestone", "-1");
Found : user_pref("aol_toolbar.surf.month", "872");
Found : user_pref("aol_toolbar.surf.prevMonth", "0");
Found : user_pref("aol_toolbar.surf.total", "873");
Found : user_pref("aol_toolbar.surf.week", "872");
Found : user_pref("aol_toolbar.surf.year", "872");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=114064&babsrc=NT_ss&mntrId=37c52f3[...]
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Coupons.com Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&Sea[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=102874&gct=hp");
Found : user_pref("extensions.vshare@toolbar.update.enabled", false);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=[...]
Found : user_pref("vshare.install.laststatreq", "1334793600000");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://www.ask.com/?l=dis&o=102874cr&gct=hp",
Found [l.66] : keyword = "basicscan.com",
Found [l.69] : search_url = "hxxp://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={searchTerms}",
Found [l.1671] : homepage = "hxxp://www.ask.com/?l=dis&o=102874cr&gct=hp",

-\\ Opera v [Unable to get version]

File : C:\Users\mikechips9111\AppData\Roaming\Opera\Opera\operaprefs.ini

Found : application/vnd.unity=6,,C:\Users\mikechips9111\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.[...]

*************************

AdwCleaner[R1].txt - [24290 octets] - [27/09/2012 21:42:04]

########## EOF - C:\AdwCleaner[R1].txt - [24351 octets] ##########




RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : mikechips9111 [Admin rights]
Mode : Remove -- Date : 09/27/2012 21:45:53

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] ClickClean.exe -- C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[21] : NtAlpcConnectPort @ 0x825F4887 -> HOOKED (Unknown @ 0x854301B0)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 ATA Device +++++
--- User ---
[MBR] d4b817aa1c4aab854deb642bd3580473
[BSP] 1e847a729ee3af32343bc21c7ea8c5d3 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 140827 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 288414945 | Size: 11797 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 28 September 2012 - 02:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 September 2012 - 05:00 PM

PC is still running slow at times and stalls on most programs loading.


ComboFix 12-08-05.02 - mikechips9111 09/28/2012 17:39:28.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1746 [GMT -4:00]
Running from: c:\users\mikechips9111\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 21:52 . 2012-09-28 21:52 -------- d-----w- c:\users\mikechips9111\AppData\Local\temp
2012-09-28 21:52 . 2012-09-28 21:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-28 21:52 . 2012-09-28 21:52 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-28 21:52 . 2012-09-28 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 01:43 . 2012-09-28 01:43 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8A6DE20-CAD1-452A-990D-1DA8D92D040C}\MpKsl46e2ffe3.sys
2012-09-28 01:39 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8A6DE20-CAD1-452A-990D-1DA8D92D040C}\mpengine.dll
2012-09-22 10:20 . 2012-09-22 10:20 -------- dc----w- c:\program files\DownloadToolz
2012-09-22 02:04 . 2012-09-22 02:04 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\SUPERAntiSpyware.com
2012-09-22 02:03 . 2012-09-22 02:04 -------- dc----w- c:\program files\SUPERAntiSpyware
2012-09-22 02:03 . 2012-09-22 02:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-22 00:25 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-19 11:22 . 2012-09-19 11:27 -------- d-----w- c:\users\mikechips9111\AppData\Local\AdFender
2012-09-19 10:19 . 2012-09-19 10:19 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\Charles
2012-09-19 10:16 . 2012-09-19 10:28 -------- dc----w- c:\program files\Charles
2012-09-18 02:55 . 2012-09-19 10:28 -------- dc----w- c:\program files\DebugMode
2012-09-18 01:45 . 2012-09-18 01:46 -------- dc----w- c:\program files\vReveal 3
2012-09-17 22:31 . 2012-09-17 22:31 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\FreeVideoConverter
2012-09-17 22:31 . 2012-09-17 22:31 -------- dc----w- c:\program files\Free Video Converter
2012-09-17 05:34 . 2012-09-17 05:59 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-09-17 05:34 . 2012-09-17 05:34 -------- dc----w- c:\program files\Pinnacle
2012-09-17 05:34 . 2012-09-17 05:34 -------- dc----w- c:\program files\Common Files\Yahoo!
2012-09-17 05:32 . 2012-09-17 05:32 -------- d-----w- c:\programdata\Pinnacle
2012-09-09 11:28 . 2012-09-09 11:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-09 11:12 . 2012-09-21 01:54 -------- dc----w- c:\program files\LimeWire
2012-09-09 10:51 . 2012-09-09 10:51 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\Azureus
2012-09-03 00:54 . 2012-09-03 00:54 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-09-03 00:45 . 2012-09-03 00:45 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\Leawo
2012-09-03 00:45 . 2012-09-03 00:45 -------- d-----w- c:\programdata\Leawo
2012-09-03 00:45 . 2012-09-03 00:45 -------- dc----w- c:\program files\Leawo
2012-09-03 00:30 . 2012-09-03 00:59 -------- dc----w- c:\program files\SpeedBit Video Accelerator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 11:28 . 2012-03-22 21:45 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 11:28 . 2010-05-30 19:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04 . 2009-02-03 10:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 20:04 . 2012-08-20 20:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-08-20 20:04 . 2012-08-20 20:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-20 20:04 . 2012-08-20 20:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-20 20:04 . 2012-08-20 20:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-20 20:04 . 2012-08-20 20:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-20 20:04 . 2012-08-20 20:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-08-20 20:04 . 2012-08-20 20:04 367104 ----a-w- c:\windows\system32\html.iec
2012-08-20 20:04 . 2012-08-20 20:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-08-20 20:04 . 2012-08-20 20:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-20 20:04 . 2012-08-20 20:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-08-20 20:04 . 2012-08-20 20:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-08-20 20:04 . 2012-08-20 20:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-08-20 20:04 . 2012-08-20 20:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-20 20:04 . 2012-08-20 20:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-08-20 20:04 . 2012-08-20 20:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-05 20:57 . 2012-08-05 20:57 4024320 -c--a-w- c:\program files\GUT5C91.tmp
2012-07-19 04:53 . 2012-07-19 04:53 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18AF0904-E886-4AA6-A48E-F2A926E5950A}\gapaengine.dll
2012-07-18 02:31 . 2012-07-18 02:31 4024320 -c--a-w- c:\program files\GUT89D8.tmp
2012-07-16 06:41 . 2012-07-18 23:24 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C50B350-6586-41AE-BC20-07E27EB551AD}\mpengine.dll
2012-07-04 14:02 . 2012-08-15 02:38 2047488 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 07:31 . 2011-06-02 07:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ares"="c:\program files\Ares\Ares.exe" [2010-10-27 1015808]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-09-03 1517296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="files\quicktime\qttask.exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlitzCastTray.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BlitzCastTray.exe
backup=c:\windows\pss\BlitzCastTray.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mikechips9111^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mikechips9111^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mikechips9111^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\mikechips9111\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
files\divx\divx plus web player\ddmservice.exe start [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
files\microsoft xbox 360 accessories\xboxstat.exe silentrun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 16:02 2356088 -c--a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-10-27 09:00 1015808 -c--a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 19:49 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-08-25 04:07 51048 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 -c--a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 20:34 136176 ----atw- c:\users\mikechips9111\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 19:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:55 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
2007-08-24 08:49 607624 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 21:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Modem Booster]
2010-10-19 18:11 8720072 -c--a-w- c:\program files\inKline Global\Modem Booster\ModemBtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-10 00:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 06:53 472112 -c--a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 18:48 647216 -c--a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-24 10:08 13601312 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-24 10:08 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2010-06-16 21:42 839680 -c--a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-12-06 21:13 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-21 02:24 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 03:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-926645526-3501171379-1899250667-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL46E2FFE3
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-08-20 20:04 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-09 18:53]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd8c60fce75320.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 09:03]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 09:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926645526-3501171379-1899250667-1000Core1cd734cf5b33de5.job
- c:\users\mikechips9111\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 20:34]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926645526-3501171379-1899250667-1000UA.job
- c:\users\mikechips9111\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 20:34]
.
2012-09-03 c:\windows\Tasks\Launch 3294.job
- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe [2012-09-03 00:54]
.
2012-09-03 c:\windows\Tasks\Launch 8643.job
- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe [2012-09-03 00:54]
.
2012-09-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0b76b20a-f4eb-4af1-a460-d80bec6e1a6a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2caf14d7-e230-470a-8af5-ec6a5e70fba3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102874&gct=hp
uDefault_Search_URL = hxxp://google.inklineglobal.com/?MB
mStart Page = hxxp://search.entru.com/?s=21982
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: ukb-kvcd.com
TCP: Interfaces\{A61DB213-C617-4C6C-98B8-96DFA4668E89}: NameServer = 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SearchMyWeb
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102874&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.search.selectedEngine - SearchMyWeb
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.search.defaultenginename - SearchMyWeb
FF - user.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=
FF - user.js: browser.startup.homepage - hxxp://google.inklineglobal.com/?MB
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.id - 37c52f32000000000000001f3a96aa1c
FF - user.js: extensions.BabylonToolbar_i.hardId - 37c52f32000000000000001f3a96aa1c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15536
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114064
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{61f9a87f-c1a0-47c5-88e3-a7d39e9c9f79} - (no file)
AddRemove-Ventrilo And Teamspeak Mix - c:\program files\Ventrilo And Teamspeak Mix\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-28 17:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,fc,89,40,cf,65,15,42,9c,08,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,fc,89,40,cf,65,15,42,9c,08,c4,\
.
[HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-28 17:58:01
ComboFix-quarantined-files.txt 2012-09-28 21:57
ComboFix2.txt 2012-09-22 01:28
ComboFix3.txt 2012-08-06 02:55
ComboFix4.txt 2012-08-05 21:20
.
Pre-Run: 40,939,581,440 bytes free
Post-Run: 46,273,974,272 bytes free
.
- - End Of File - - 5A1DDCDB19BB4415383890292C5FB302

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 28 September 2012 - 06:32 PM

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 28 September 2012 - 11:28 PM

00:23:54.0196 1312 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
00:23:54.0569 1312 ============================================================
00:23:54.0569 1312 Current date / time: 2012/09/29 00:23:54.0569
00:23:54.0569 1312 SystemInfo:
00:23:54.0569 1312
00:23:54.0569 1312 OS Version: 6.0.6002 ServicePack: 2.0
00:23:54.0569 1312 Product type: Workstation
00:23:54.0569 1312 ComputerName: MIKECHIPS911-PC
00:23:54.0570 1312 UserName: mikechips9111
00:23:54.0570 1312 Windows directory: C:\Windows
00:23:54.0570 1312 System windows directory: C:\Windows
00:23:54.0570 1312 Processor architecture: Intel x86
00:23:54.0570 1312 Number of processors: 2
00:23:54.0570 1312 Page size: 0x1000
00:23:54.0570 1312 Boot type: Normal boot
00:23:54.0570 1312 ============================================================
00:24:01.0697 1312 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:24:01.0705 1312 ============================================================
00:24:01.0705 1312 \Device\Harddisk0\DR0:
00:24:01.0705 1312 MBR partitions:
00:24:01.0705 1312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1130DCA2
00:24:01.0705 1312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1130DCE1, BlocksNum 0x170ADE0
00:24:01.0705 1312 ============================================================
00:24:02.0015 1312 D: <-> \Device\Harddisk0\DR0\Partition2
00:24:02.0015 1312 ============================================================
00:24:02.0016 1312 Initialize success
00:24:02.0016 1312 ============================================================
00:24:06.0390 3540 ============================================================
00:24:06.0390 3540 Scan started
00:24:06.0390 3540 Mode: Manual;
00:24:06.0390 3540 ============================================================
00:24:06.0455 3540 ================ Scan system memory ========================
00:24:06.0455 3540 System memory - ok
00:24:06.0455 3540 ================ Scan services =============================
00:24:06.0516 3540 !SASCORE - ok
00:24:06.0613 3540 ACPI - ok
00:24:06.0645 3540 adp94xx - ok
00:24:06.0677 3540 adpahci - ok
00:24:06.0694 3540 adpu160m - ok
00:24:06.0704 3540 adpu320 - ok
00:24:06.0784 3540 ADVService - ok
00:24:06.0797 3540 AeLookupSvc - ok
00:24:06.0829 3540 Afc - ok
00:24:06.0842 3540 AFD - ok
00:24:06.0893 3540 agp440 - ok
00:24:06.0940 3540 aic78xx - ok
00:24:06.0948 3540 ALG - ok
00:24:06.0960 3540 aliide - ok
00:24:07.0048 3540 ALSysIO - ok
00:24:07.0068 3540 amdagp - ok
00:24:07.0101 3540 amdide - ok
00:24:07.0131 3540 AmdK7 - ok
00:24:07.0148 3540 AmdK8 - ok
00:24:07.0213 3540 Appinfo - ok
00:24:07.0376 3540 arc - ok
00:24:07.0415 3540 arcsas - ok
00:24:07.0522 3540 aspnet_state - ok
00:24:07.0630 3540 AsyncMac - ok
00:24:07.0638 3540 atapi - ok
00:24:07.0746 3540 atashost - ok
00:24:07.0774 3540 athr - ok
00:24:07.0839 3540 AudioEndpointBuilder - ok
00:24:07.0850 3540 Audiosrv - ok
00:24:07.0883 3540 BCM43XV - ok
00:24:07.0915 3540 Beep - ok
00:24:07.0949 3540 BFE - ok
00:24:07.0990 3540 BITS - ok
00:24:08.0006 3540 blbdrive - ok
00:24:08.0060 3540 Bonjour Service - ok
00:24:08.0074 3540 bowser - ok
00:24:08.0105 3540 BrFiltLo - ok
00:24:08.0138 3540 BrFiltUp - ok
00:24:08.0178 3540 Bridge - ok
00:24:08.0211 3540 BridgeMP - ok
00:24:08.0222 3540 Browser - ok
00:24:08.0246 3540 Brserid - ok
00:24:08.0257 3540 BrSerWdm - ok
00:24:08.0281 3540 BrUsbMdm - ok
00:24:08.0289 3540 BrUsbSer - ok
00:24:08.0303 3540 BTHMODEM - ok
00:24:08.0366 3540 catchme - ok
00:24:08.0381 3540 cdfs - ok
00:24:08.0399 3540 cdrom - ok
00:24:08.0434 3540 CertPropSvc - ok
00:24:08.0449 3540 circlass - ok
00:24:08.0459 3540 CLFS - ok
00:24:08.0473 3540 clr_optimization_v2.0.50727_32 - ok
00:24:08.0492 3540 clr_optimization_v4.0.30319_32 - ok
00:24:08.0516 3540 CmBatt - ok
00:24:08.0541 3540 cmdide - ok
00:24:08.0564 3540 CnxtHdAudService - ok
00:24:08.0604 3540 Com4Qlb - ok
00:24:08.0615 3540 Compbatt - ok
00:24:08.0634 3540 COMSysApp - ok
00:24:08.0649 3540 crcdisk - ok
00:24:08.0658 3540 Crusoe - ok
00:24:08.0691 3540 CryptSvc - ok
00:24:08.0701 3540 CrystalSysInfo - ok
00:24:08.0727 3540 DcomLaunch - ok
00:24:08.0735 3540 DfsC - ok
00:24:08.0801 3540 DFSR - ok
00:24:08.0859 3540 Dhcp - ok
00:24:08.0902 3540 disk - ok
00:24:08.0922 3540 Dnscache - ok
00:24:08.0941 3540 dot3svc - ok
00:24:08.0986 3540 dot4 - ok
00:24:09.0030 3540 Dot4Print - ok
00:24:09.0074 3540 Dot4Scan - ok
00:24:09.0095 3540 dot4usb - ok
00:24:09.0122 3540 DPS - ok
00:24:09.0155 3540 drmkaud - ok
00:24:09.0165 3540 DXGKrnl - ok
00:24:09.0178 3540 E1G60 - ok
00:24:09.0226 3540 EagleNT - ok
00:24:09.0240 3540 EapHost - ok
00:24:09.0280 3540 Ecache - ok
00:24:09.0313 3540 ehRecvr - ok
00:24:09.0335 3540 ehSched - ok
00:24:09.0347 3540 ehstart - ok
00:24:09.0369 3540 elxstor - ok
00:24:09.0380 3540 EMDMgmt - ok
00:24:09.0413 3540 ErrDev - ok
00:24:09.0425 3540 EventSystem - ok
00:24:09.0482 3540 exfat - ok
00:24:09.0492 3540 fastfat - ok
00:24:09.0506 3540 fdc - ok
00:24:09.0524 3540 fdPHost - ok
00:24:09.0529 3540 FDResPub - ok
00:24:09.0555 3540 FileInfo - ok
00:24:09.0578 3540 Filetrace - ok
00:24:09.0591 3540 flpydisk - ok
00:24:09.0601 3540 FltMgr - ok
00:24:09.0640 3540 FontCache - ok
00:24:09.0664 3540 FontCache3.0.0.0 - ok
00:24:09.0676 3540 Fs_Rec - ok
00:24:09.0703 3540 gagp30kx - ok
00:24:09.0730 3540 GamingMsFltr - ok
00:24:09.0746 3540 gpsvc - ok
00:24:09.0765 3540 gupdate1c9a93ad4acec15 - ok
00:24:09.0782 3540 gupdatem - ok
00:24:09.0793 3540 HBtnKey - ok
00:24:09.0814 3540 HdAudAddService - ok
00:24:09.0822 3540 HDAudBus - ok
00:24:09.0832 3540 HidBth - ok
00:24:09.0843 3540 HidIr - ok
00:24:09.0853 3540 hidserv - ok
00:24:09.0873 3540 HidUsb - ok
00:24:09.0891 3540 hkmsvc - ok
00:24:09.0901 3540 HP Health Check Service - ok
00:24:09.0911 3540 HpCISSs - ok
00:24:09.0918 3540 HpqKbFiltr - ok
00:24:09.0928 3540 hpqwmiex - ok
00:24:09.0951 3540 HSFHWAZL - ok
00:24:09.0960 3540 HSF_DPV - ok
00:24:09.0971 3540 HSXHWAZL - ok
00:24:09.0984 3540 HTTP - ok
00:24:10.0003 3540 i2omp - ok
00:24:10.0027 3540 i8042prt - ok
00:24:10.0047 3540 iaStorV - ok
00:24:10.0092 3540 IDriverT - ok
00:24:10.0102 3540 idsvc - ok
00:24:10.0132 3540 IDSvix86 - ok
00:24:10.0145 3540 iirsp - ok
00:24:10.0168 3540 IKEEXT - ok
00:24:10.0196 3540 intelide - ok
00:24:10.0204 3540 intelppm - ok
00:24:10.0224 3540 IPBusEnum - ok
00:24:10.0233 3540 IpFilterDriver - ok
00:24:10.0242 3540 iphlpsvc - ok
00:24:10.0264 3540 IpInIp - ok
00:24:10.0280 3540 IPMIDRV - ok
00:24:10.0290 3540 IPNAT - ok
00:24:10.0305 3540 IRENUM - ok
00:24:10.0318 3540 isapnp - ok
00:24:10.0348 3540 iScsiPrt - ok
00:24:10.0368 3540 iteatapi - ok
00:24:10.0390 3540 iteraid - ok
00:24:10.0412 3540 kbdclass - ok
00:24:10.0421 3540 kbdhid - ok
00:24:10.0430 3540 KeyIso - ok
00:24:10.0453 3540 KSecDD - ok
00:24:10.0470 3540 KtmRm - ok
00:24:10.0493 3540 LanmanServer - ok
00:24:10.0510 3540 LanmanWorkstation - ok
00:24:10.0542 3540 LBTServ - ok
00:24:10.0578 3540 LHidFilt - ok
00:24:10.0607 3540 libusb0 - ok
00:24:10.0639 3540 libusbd - ok
00:24:10.0665 3540 LicCtrlService - ok
00:24:10.0684 3540 lltdio - ok
00:24:10.0703 3540 lltdsvc - ok
00:24:10.0719 3540 lmhosts - ok
00:24:10.0729 3540 LMouFilt - ok
00:24:10.0758 3540 LSI_FC - ok
00:24:10.0777 3540 LSI_SAS - ok
00:24:10.0800 3540 LSI_SCSI - ok
00:24:10.0817 3540 luafv - ok
00:24:10.0827 3540 LUsbFilt - ok
00:24:10.0864 3540 LVUSBSta - ok
00:24:10.0928 3540 MBAMProtector - ok
00:24:10.0945 3540 MBAMScheduler - ok
00:24:10.0951 3540 MBAMService - ok
00:24:10.0972 3540 mcdbus - ok
00:24:11.0003 3540 Mcx2Svc - ok
00:24:11.0032 3540 mdmxsdk - ok
00:24:11.0041 3540 megasas - ok
00:24:11.0070 3540 MegaSR - ok
00:24:11.0095 3540 MMCSS - ok
00:24:11.0112 3540 Modem - ok
00:24:11.0130 3540 monitor - ok
00:24:11.0146 3540 mouclass - ok
00:24:11.0163 3540 mouhid - ok
00:24:11.0172 3540 MountMgr - ok
00:24:11.0216 3540 MpFilter - ok
00:24:11.0278 3540 mpio - ok
00:24:11.0308 3540 MpKsl46e2ffe3 - ok
00:24:11.0319 3540 mpsdrv - ok
00:24:11.0338 3540 MpsSvc - ok
00:24:11.0359 3540 Mraid35x - ok
00:24:11.0368 3540 MRxDAV - ok
00:24:11.0391 3540 mrxsmb - ok
00:24:11.0409 3540 mrxsmb10 - ok
00:24:11.0424 3540 mrxsmb20 - ok
00:24:11.0433 3540 msahci - ok
00:24:11.0454 3540 msdsm - ok
00:24:11.0469 3540 MSDTC - ok
00:24:11.0489 3540 Msfs - ok
00:24:11.0529 3540 msisadrv - ok
00:24:11.0565 3540 MSiSCSI - ok
00:24:11.0589 3540 msiserver - ok
00:24:11.0620 3540 MSKSSRV - ok
00:24:11.0638 3540 MsMpSvc - ok
00:24:11.0675 3540 MSPCLOCK - ok
00:24:11.0708 3540 MSPQM - ok
00:24:11.0713 3540 MsRPC - ok
00:24:11.0728 3540 mssmbios - ok
00:24:11.0740 3540 MSTEE - ok
00:24:11.0762 3540 Mup - ok
00:24:11.0786 3540 napagent - ok
00:24:11.0816 3540 NativeWifiP - ok
00:24:11.0878 3540 NDIS - ok
00:24:11.0887 3540 NdisTapi - ok
00:24:11.0904 3540 Ndisuio - ok
00:24:11.0913 3540 NdisWan - ok
00:24:11.0924 3540 NDProxy - ok
00:24:11.0934 3540 NetBIOS - ok
00:24:11.0943 3540 netbt - ok
00:24:11.0973 3540 Netlogon - ok
00:24:11.0989 3540 Netman - ok
00:24:12.0033 3540 NetMsmqActivator - ok
00:24:12.0043 3540 NetPipeActivator - ok
00:24:12.0066 3540 netprofm - ok
00:24:12.0090 3540 NetTcpActivator - ok
00:24:12.0101 3540 NetTcpPortSharing - ok
00:24:12.0118 3540 nfrd960 - ok
00:24:12.0131 3540 NisDrv - ok
00:24:12.0154 3540 NisSrv - ok
00:24:12.0162 3540 NlaSvc - ok
00:24:12.0172 3540 NMIndexingService - ok
00:24:12.0242 3540 NMSAccessU - ok
00:24:12.0262 3540 nmservice - ok
00:24:12.0297 3540 nmwcd - ok
00:24:12.0307 3540 nmwcdc - ok
00:24:12.0324 3540 nmwcdnsu - ok
00:24:12.0329 3540 nmwcdnsuc - ok
00:24:12.0340 3540 Npfs - ok
00:24:12.0358 3540 npggsvc - ok
00:24:12.0368 3540 nsi - ok
00:24:12.0387 3540 nsiproxy - ok
00:24:12.0426 3540 Ntfs - ok
00:24:12.0457 3540 ntrigdigi - ok
00:24:12.0479 3540 Null - ok
00:24:12.0508 3540 NVENETFD - ok
00:24:12.0533 3540 nvlddmkm - ok
00:24:12.0555 3540 nvraid - ok
00:24:12.0572 3540 nvsmu - ok
00:24:12.0588 3540 nvstor - ok
00:24:12.0599 3540 nvsvc - ok
00:24:12.0610 3540 nv_agp - ok
00:24:12.0622 3540 NwlnkFlt - ok
00:24:12.0634 3540 NwlnkFwd - ok
00:24:12.0649 3540 ohci1394 - ok
00:24:12.0661 3540 ose - ok
00:24:12.0675 3540 p2pimsvc - ok
00:24:12.0685 3540 p2psvc - ok
00:24:12.0699 3540 papycpu2 - ok
00:24:12.0722 3540 papyjoy - ok
00:24:12.0730 3540 Parport - ok
00:24:12.0735 3540 partmgr - ok
00:24:12.0746 3540 Parvdm - ok
00:24:12.0823 3540 pbfilter - ok
00:24:12.0832 3540 PcaSvc - ok
00:24:12.0841 3540 pccsmcfd - ok
00:24:12.0851 3540 pci - ok
00:24:12.0904 3540 pciide - ok
00:24:12.0913 3540 pcmcia - ok
00:24:12.0993 3540 pcouffin - ok
00:24:13.0082 3540 PEAUTH - ok
00:24:13.0155 3540 pgfilter - ok
00:24:13.0164 3540 PID_0928 - ok
00:24:13.0174 3540 pla - ok
00:24:13.0183 3540 PlugPlay - ok
00:24:13.0193 3540 pnarp - ok
00:24:13.0224 3540 PnkBstrA - ok
00:24:13.0231 3540 PNRPAutoReg - ok
00:24:13.0242 3540 PNRPsvc - ok
00:24:13.0250 3540 PolicyAgent - ok
00:24:13.0264 3540 PptpMiniport - ok
00:24:13.0275 3540 Processor - ok
00:24:13.0284 3540 ProfSvc - ok
00:24:13.0293 3540 ProtectedStorage - ok
00:24:13.0301 3540 Ps2 - ok
00:24:13.0310 3540 PSched - ok
00:24:13.0319 3540 PsSdk41 - ok
00:24:13.0329 3540 purendis - ok
00:24:13.0359 3540 ql2300 - ok
00:24:13.0367 3540 ql40xx - ok
00:24:13.0377 3540 QWAVE - ok
00:24:13.0385 3540 QWAVEdrv - ok
00:24:13.0395 3540 RasAcd - ok
00:24:13.0403 3540 RasAuto - ok
00:24:13.0412 3540 Rasl2tp - ok
00:24:13.0421 3540 RasMan - ok
00:24:13.0430 3540 RasPppoe - ok
00:24:13.0438 3540 RasSstp - ok
00:24:13.0447 3540 rdbss - ok
00:24:13.0456 3540 RDPCDD - ok
00:24:13.0470 3540 rdpdr - ok
00:24:13.0479 3540 RDPENCDD - ok
00:24:13.0500 3540 RDPWD - ok
00:24:13.0521 3540 RemoteAccess - ok
00:24:13.0531 3540 RemoteRegistry - ok
00:24:13.0546 3540 rimmptsk - ok
00:24:13.0554 3540 rimsptsk - ok
00:24:13.0564 3540 rismxdp - ok
00:24:13.0572 3540 RpcLocator - ok
00:24:13.0582 3540 RpcSs - ok
00:24:13.0591 3540 rspndr - ok
00:24:13.0656 3540 SaiH0D60 - ok
00:24:13.0665 3540 SamSs - ok
00:24:13.0676 3540 SASDIFSV - ok
00:24:13.0688 3540 SASKUTIL - ok
00:24:13.0698 3540 sbp2port - ok
00:24:13.0718 3540 SCardSvr - ok
00:24:13.0728 3540 Schedule - ok
00:24:13.0737 3540 SCPolicySvc - ok
00:24:13.0755 3540 SCREAMINGBDRIVER - ok
00:24:13.0774 3540 sdbus - ok
00:24:13.0784 3540 SDRSVC - ok
00:24:13.0793 3540 secdrv - ok
00:24:13.0803 3540 seclogon - ok
00:24:13.0811 3540 SENS - ok
00:24:13.0821 3540 Serenum - ok
00:24:13.0830 3540 Serial - ok
00:24:13.0840 3540 sermouse - ok
00:24:13.0851 3540 ServiceLayer - ok
00:24:13.0877 3540 SessionEnv - ok
00:24:13.0888 3540 sffdisk - ok
00:24:13.0897 3540 sffp_mmc - ok
00:24:13.0907 3540 sffp_sd - ok
00:24:13.0916 3540 sfloppy - ok
00:24:13.0927 3540 SharedAccess - ok
00:24:13.0938 3540 ShellHWDetection - ok
00:24:13.0947 3540 sisagp - ok
00:24:13.0960 3540 SiSRaid2 - ok
00:24:13.0969 3540 SiSRaid4 - ok
00:24:13.0978 3540 slsvc - ok
00:24:13.0987 3540 SLUINotify - ok
00:24:14.0028 3540 SmartDefragDriver - ok
00:24:14.0038 3540 Smb - ok
00:24:14.0055 3540 SNMPTRAP - ok
00:24:14.0064 3540 spldr - ok
00:24:14.0072 3540 Spooler - ok
00:24:14.0081 3540 srv - ok
00:24:14.0090 3540 srv2 - ok
00:24:14.0099 3540 srvnet - ok
00:24:14.0110 3540 SSDPSRV - ok
00:24:14.0122 3540 SstpSvc - ok
00:24:14.0132 3540 Steam Client Service - ok
00:24:14.0141 3540 stisvc - ok
00:24:14.0149 3540 StkAMini - ok
00:24:14.0160 3540 StkASSrv - ok
00:24:14.0168 3540 StkScan - ok
00:24:14.0178 3540 SUPERWEBCAM - ok
00:24:14.0186 3540 swenum - ok
00:24:14.0195 3540 swprv - ok
00:24:14.0203 3540 Symantec Core LC - ok
00:24:14.0212 3540 Symc8xx - ok
00:24:14.0221 3540 SymEvent - ok
00:24:14.0230 3540 SymIM - ok
00:24:14.0238 3540 SYMREDRV - ok
00:24:14.0257 3540 SYMTDI - ok
00:24:14.0266 3540 Sym_hi - ok
00:24:14.0275 3540 Sym_u3 - ok
00:24:14.0284 3540 SynTP - ok
00:24:14.0293 3540 SysMain - ok
00:24:14.0302 3540 TabletInputService - ok
00:24:14.0312 3540 TapiSrv - ok
00:24:14.0320 3540 TBS - ok
00:24:14.0330 3540 Tcpip - ok
00:24:14.0338 3540 Tcpip6 - ok
00:24:14.0348 3540 tcpipreg - ok
00:24:14.0357 3540 TDPIPE - ok
00:24:14.0366 3540 TDTCP - ok
00:24:14.0378 3540 tdx - ok
00:24:14.0388 3540 TermDD - ok
00:24:14.0398 3540 TermService - ok
00:24:14.0406 3540 Themes - ok
00:24:14.0415 3540 THREADORDER - ok
00:24:14.0428 3540 trackcam - ok
00:24:14.0437 3540 TrkWks - ok
00:24:14.0446 3540 TrustedInstaller - ok
00:24:14.0458 3540 tssecsrv - ok
00:24:14.0467 3540 tunmp - ok
00:24:14.0476 3540 tunnel - ok
00:24:14.0484 3540 uagp35 - ok
00:24:14.0493 3540 udfs - ok
00:24:14.0510 3540 UI0Detect - ok
00:24:14.0518 3540 UIUSys - ok
00:24:14.0527 3540 uliagpkx - ok
00:24:14.0535 3540 uliahci - ok
00:24:14.0544 3540 UlSata - ok
00:24:14.0552 3540 ulsata2 - ok
00:24:14.0561 3540 umbus - ok
00:24:14.0572 3540 UMPass - ok
00:24:14.0581 3540 upnphost - ok
00:24:14.0590 3540 upperdev - ok
00:24:14.0604 3540 USB28xxBGA - ok
00:24:14.0612 3540 USB28xxOEM - ok
00:24:14.0621 3540 usbaudio - ok
00:24:14.0629 3540 usbccgp - ok
00:24:14.0639 3540 usbcir - ok
00:24:14.0649 3540 usbehci - ok
00:24:14.0658 3540 usbhub - ok
00:24:14.0667 3540 usbohci - ok
00:24:14.0675 3540 usbprint - ok
00:24:14.0685 3540 usbser - ok
00:24:14.0693 3540 UsbserFilt - ok
00:24:14.0702 3540 USBSTOR - ok
00:24:14.0710 3540 usbuhci - ok
00:24:14.0724 3540 usbvideo - ok
00:24:14.0734 3540 UxSms - ok
00:24:14.0756 3540 VCSVADHWSer - ok
00:24:14.0764 3540 vds - ok
00:24:14.0785 3540 Ventrilo - ok
00:24:14.0794 3540 vga - ok
00:24:14.0804 3540 VgaSave - ok
00:24:14.0815 3540 viaagp - ok
00:24:14.0824 3540 ViaC7 - ok
00:24:14.0832 3540 viaide - ok
00:24:14.0841 3540 VideoAcceleratorService - ok
00:24:14.0876 3540 Viewpoint Manager Service - ok
00:24:14.0887 3540 volmgr - ok
00:24:14.0896 3540 volmgrx - ok
00:24:14.0906 3540 volsnap - ok
00:24:14.0915 3540 vsmraid - ok
00:24:14.0930 3540 VSS - ok
00:24:14.0938 3540 VX3000 - ok
00:24:14.0952 3540 W32Time - ok
00:24:14.0966 3540 WacomPen - ok
00:24:14.0977 3540 Wanarp - ok
00:24:14.0985 3540 Wanarpv6 - ok
00:24:14.0994 3540 wcncsvc - ok
00:24:15.0003 3540 WcsPlugInService - ok
00:24:15.0012 3540 Wd - ok
00:24:15.0020 3540 Wdf01000 - ok
00:24:15.0029 3540 WdiServiceHost - ok
00:24:15.0037 3540 WdiSystemHost - ok
00:24:15.0046 3540 WebClient - ok
00:24:15.0054 3540 Wecsvc - ok
00:24:15.0063 3540 wercplsupport - ok
00:24:15.0071 3540 WerSvc - ok
00:24:15.0080 3540 winachsf - ok
00:24:15.0089 3540 WinDefend - ok
00:24:15.0130 3540 WinHttpAutoProxySvc - ok
00:24:15.0137 3540 Winmgmt - ok
00:24:15.0147 3540 WinRing0_1_2_0 - ok
00:24:15.0156 3540 WinRM - ok
00:24:15.0173 3540 WinUSB - ok
00:24:15.0182 3540 Wlansvc - ok
00:24:15.0190 3540 wlidsvc - ok
00:24:15.0199 3540 WLSetupSvc - ok
00:24:15.0208 3540 WmiAcpi - ok
00:24:15.0221 3540 wmiApSrv - ok
00:24:15.0231 3540 WMPNetworkSvc - ok
00:24:15.0240 3540 WPCSvc - ok
00:24:15.0249 3540 WPDBusEnum - ok
00:24:15.0268 3540 WpdUsb - ok
00:24:15.0278 3540 WPFFontCache_v0400 - ok
00:24:15.0288 3540 ws2ifsl - ok
00:24:15.0299 3540 wscsvc - ok
00:24:15.0307 3540 WSearch - ok
00:24:15.0321 3540 wuauserv - ok
00:24:15.0332 3540 WUDFRd - ok
00:24:15.0341 3540 wudfsvc - ok
00:24:15.0351 3540 XAudio - ok
00:24:15.0360 3540 XAudioService - ok
00:24:15.0373 3540 xnacc - ok
00:24:15.0383 3540 xusb21 - ok
00:24:15.0391 3540 YahooAUService - ok
00:24:15.0405 3540 ================ Scan global ===============================
00:24:15.0409 3540 [Global] - ok
00:24:15.0414 3540 ================ Scan MBR ==================================
00:24:15.0441 3540 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
00:24:15.0877 3540 \Device\Harddisk0\DR0 - ok
00:24:15.0878 3540 ================ Scan VBR ==================================
00:24:15.0882 3540 [ E59D63EB7F0DA59D41209FA088207ED7 ] \Device\Harddisk0\DR0\Partition1
00:24:15.0884 3540 \Device\Harddisk0\DR0\Partition1 - ok
00:24:15.0891 3540 [ FC2E795CF1D643F58DE222930D6FD9E0 ] \Device\Harddisk0\DR0\Partition2
00:24:15.0892 3540 \Device\Harddisk0\DR0\Partition2 - ok
00:24:15.0895 3540 ============================================================
00:24:15.0895 3540 Scan finished
00:24:15.0895 3540 ============================================================
00:24:15.0911 3344 Detected object count: 0
00:24:15.0911 3344 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-29 00:25:49
-----------------------------
00:25:49.354 OS Version: Windows 6.0.6002 Service Pack 2
00:25:49.355 Number of processors: 2 586 0x6802
00:25:49.356 ComputerName: MIKECHIPS911-PC UserName: mikechips9111
00:25:54.514 Initialize success
00:26:26.932 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
00:26:26.938 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC32P Size: 152627MB BusType: 3
00:26:26.967 Disk 0 MBR read successfully
00:26:26.974 Disk 0 MBR scan
00:26:26.981 Disk 0 unknown MBR code
00:26:26.987 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140827 MB offset 63
00:26:27.023 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11797 MB offset 288414945
00:26:27.035 Disk 0 scanning sectors +312576705
00:26:27.122 Disk 0 scanning C:\Windows\system32\drivers
00:26:40.876 Service scanning
00:26:53.311 Service MpKsl46e2ffe3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8A6DE20-CAD1-452A-990D-1DA8D92D040C}\MpKsl46e2ffe3.sys **LOCKED** 32
00:27:12.738 Modules scanning
00:27:27.486 Disk 0 trace - called modules:
00:27:27.516 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:27:27.526 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854475b0]
00:27:27.534 3 CLASSPNP.SYS[895af8b3] -> nt!IofCallDriver -> [0x85317020]
00:27:27.542 5 acpi.sys[82a0f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8535b030]
00:27:27.550 Scan finished successfully
00:27:48.697 Disk 0 MBR has been saved successfully to "C:\Users\mikechips9111\Desktop\MBR.dat"
00:27:48.702 The log file has been saved successfully to "C:\Users\mikechips9111\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 28 September 2012 - 11:36 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 29 September 2012 - 03:54 AM

There was no issues running the combo fix. Now as far as the PC goes it still stalls loading programs and is slow loading my web browser, world of warcraft, and my virus and spyware programs



ComboFix 12-08-05.02 - mikechips9111 09/29/2012 4:10.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1436 [GMT -4:00]
Running from: c:\users\mikechips9111\Desktop\ComboFix.exe
Command switches used :: c:\users\mikechips9111\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-29 )))))))))))))))))))))))))))))))
.
.
2012-09-29 08:22 . 2012-09-29 08:22 -------- d-----w- c:\users\mikechips9111\AppData\Local\temp
2012-09-29 08:22 . 2012-09-29 08:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-29 08:22 . 2012-09-29 08:22 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-09-29 08:22 . 2012-09-29 08:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-29 03:42 . 2012-09-29 04:03 -------- dc----w- c:\program files\Warcraft III Reign of Chaos & The Frozen Throne
2012-09-28 01:43 . 2012-09-28 01:43 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8A6DE20-CAD1-452A-990D-1DA8D92D040C}\MpKsl46e2ffe3.sys
2012-09-28 01:39 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8A6DE20-CAD1-452A-990D-1DA8D92D040C}\mpengine.dll
2012-09-22 10:20 . 2012-09-22 10:20 -------- dc----w- c:\program files\DownloadToolz
2012-09-22 02:04 . 2012-09-22 02:04 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\SUPERAntiSpyware.com
2012-09-22 02:03 . 2012-09-22 02:04 -------- dc----w- c:\program files\SUPERAntiSpyware
2012-09-22 02:03 . 2012-09-22 02:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-22 00:25 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-19 11:22 . 2012-09-19 11:27 -------- d-----w- c:\users\mikechips9111\AppData\Local\AdFender
2012-09-19 10:19 . 2012-09-19 10:19 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\Charles
2012-09-19 10:16 . 2012-09-19 10:28 -------- dc----w- c:\program files\Charles
2012-09-18 02:55 . 2012-09-19 10:28 -------- dc----w- c:\program files\DebugMode
2012-09-18 01:45 . 2012-09-18 01:46 -------- dc----w- c:\program files\vReveal 3
2012-09-17 22:31 . 2012-09-17 22:31 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\FreeVideoConverter
2012-09-17 22:31 . 2012-09-17 22:31 -------- dc----w- c:\program files\Free Video Converter
2012-09-17 05:34 . 2012-09-17 05:59 -------- d-----w- c:\programdata\Pinnacle VideoSpin
2012-09-17 05:34 . 2012-09-17 05:34 -------- dc----w- c:\program files\Pinnacle
2012-09-17 05:34 . 2012-09-17 05:34 -------- dc----w- c:\program files\Common Files\Yahoo!
2012-09-17 05:32 . 2012-09-17 05:32 -------- d-----w- c:\programdata\Pinnacle
2012-09-09 11:28 . 2012-09-09 11:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-09 11:12 . 2012-09-21 01:54 -------- dc----w- c:\program files\LimeWire
2012-09-09 10:51 . 2012-09-09 10:51 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\Azureus
2012-09-03 00:54 . 2012-09-03 00:54 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-09-03 00:45 . 2012-09-03 00:45 -------- d-----w- c:\users\mikechips9111\AppData\Roaming\Leawo
2012-09-03 00:45 . 2012-09-03 00:45 -------- d-----w- c:\programdata\Leawo
2012-09-03 00:45 . 2012-09-03 00:45 -------- dc----w- c:\program files\Leawo
2012-09-03 00:30 . 2012-09-03 00:59 -------- dc----w- c:\program files\SpeedBit Video Accelerator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 11:28 . 2012-03-22 21:45 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-09 11:28 . 2010-05-30 19:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 21:04 . 2009-02-03 10:05 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-20 20:04 . 2012-08-20 20:04 161792 ----a-w- c:\windows\system32\msls31.dll
2012-08-20 20:04 . 2012-08-20 20:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-08-20 20:04 . 2012-08-20 20:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-08-20 20:04 . 2012-08-20 20:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-08-20 20:04 . 2012-08-20 20:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-08-20 20:04 . 2012-08-20 20:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-08-20 20:04 . 2012-08-20 20:04 367104 ----a-w- c:\windows\system32\html.iec
2012-08-20 20:04 . 2012-08-20 20:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-08-20 20:04 . 2012-08-20 20:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-20 20:04 . 2012-08-20 20:04 152064 ----a-w- c:\windows\system32\wextract.exe
2012-08-20 20:04 . 2012-08-20 20:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-08-20 20:04 . 2012-08-20 20:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-08-20 20:04 . 2012-08-20 20:04 11776 ----a-w- c:\windows\system32\mshta.exe
2012-08-20 20:04 . 2012-08-20 20:04 101888 ----a-w- c:\windows\system32\admparse.dll
2012-08-20 20:04 . 2012-08-20 20:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-08-05 20:57 . 2012-08-05 20:57 4024320 -c--a-w- c:\program files\GUT5C91.tmp
2012-07-19 04:53 . 2012-07-19 04:53 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18AF0904-E886-4AA6-A48E-F2A926E5950A}\gapaengine.dll
2012-07-18 02:31 . 2012-07-18 02:31 4024320 -c--a-w- c:\program files\GUT89D8.tmp
2012-07-16 06:41 . 2012-07-18 23:24 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C50B350-6586-41AE-BC20-07E27EB551AD}\mpengine.dll
2012-07-04 14:02 . 2012-08-15 02:38 2047488 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 07:31 . 2011-06-02 07:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ares"="c:\program files\Ares\Ares.exe" [2010-10-27 1015808]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-09-03 1517296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="files\quicktime\qttask.exe -atboottime" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
c:\users\mikechips9111\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warcraft Config.lnk - c:\program files\Warcraft III Reign of Chaos & The Frozen Throne\support\config.exe [2011-1-5 23444992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BlitzCastTray.exe]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BlitzCastTray.exe
backup=c:\windows\pss\BlitzCastTray.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mikechips9111^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mikechips9111^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mikechips9111^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\mikechips9111\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
files\divx\divx plus web player\ddmservice.exe start [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
files\microsoft xbox 360 accessories\xboxstat.exe silentrun [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-09-26 16:02 2356088 -c--a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2010-10-27 09:00 1015808 -c--a-w- c:\program files\Ares\Ares.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-03-12 19:49 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2007-08-25 04:07 51048 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-06-23 23:44 1386776 -c--a-w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-15 20:34 136176 ----atw- c:\users\mikechips9111\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 19:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:55 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
2007-08-24 08:49 607624 ----a-w- c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-09-07 21:04 766536 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Modem Booster]
2010-10-19 18:11 8720072 -c--a-w- c:\program files\inKline Global\Modem Booster\ModemBtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 22:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-10 00:53 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2009-07-08 06:53 472112 -c--a-w- c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-07-07 18:48 647216 -c--a-w- c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-24 10:08 13601312 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-24 10:08 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpenDNS Updater]
2010-06-16 21:42 839680 -c--a-w- c:\program files\OpenDNS Updater\OpenDNSUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-12-06 21:13 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 -c--a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speech Recognition]
2008-01-21 02:24 49664 ----a-w- c:\windows\Speech\Common\sapisvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-28 03:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2007-04-10 21:46 709992 ----a-w- c:\windows\vVX3000.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-926645526-3501171379-1899250667-1000]
"EnableNotificationsRef"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 93950409
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL46E2FFE3
*NewlyCreated* - TRUESIGHT
*Deregistered* - 93950409
*Deregistered* - aswMBR
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2012-08-20 20:04 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-09 18:53]
.
2012-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd8c60fce75320.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 09:03]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 09:03]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926645526-3501171379-1899250667-1000Core1cd734cf5b33de5.job
- c:\users\mikechips9111\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 20:34]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926645526-3501171379-1899250667-1000UA.job
- c:\users\mikechips9111\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 20:34]
.
2012-09-03 c:\windows\Tasks\Launch 3294.job
- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe [2012-09-03 00:54]
.
2012-09-03 c:\windows\Tasks\Launch 8643.job
- c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe [2012-09-03 00:54]
.
2012-09-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 0b76b20a-f4eb-4af1-a460-d80bec6e1a6a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-09-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2caf14d7-e230-470a-8af5-ec6a5e70fba3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=102874&gct=hp
uDefault_Search_URL = hxxp://google.inklineglobal.com/?MB
mStart Page = hxxp://search.entru.com/?s=21982
mWindow Title =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: ukb-kvcd.com
TCP: Interfaces\{A61DB213-C617-4C6C-98B8-96DFA4668E89}: NameServer = 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SearchMyWeb
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=102874&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.search.selectedEngine - SearchMyWeb
FF - user.js: keyword.URL - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(general.useragent.extra.brc,
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.search.defaultenginename - SearchMyWeb
FF - user.js: browser.search.defaulturl - hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q=
FF - user.js: browser.startup.homepage - hxxp://google.inklineglobal.com/?MB
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.id - 37c52f32000000000000001f3a96aa1c
FF - user.js: extensions.BabylonToolbar_i.hardId - 37c52f32000000000000001f3a96aa1c
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15536
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=114064
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Ventrilo And Teamspeak Mix - c:\program files\Ventrilo And Teamspeak Mix\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-29 04:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,fc,89,40,cf,65,15,42,9c,08,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,81,fc,89,40,cf,65,15,42,9c,08,c4,\
.
[HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3528)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
.
Completion time: 2012-09-29 04:25:38
ComboFix-quarantined-files.txt 2012-09-29 08:25
ComboFix2.txt 2012-09-28 21:58
ComboFix3.txt 2012-09-22 01:28
ComboFix4.txt 2012-08-06 02:55
ComboFix5.txt 2012-09-29 08:08
.
Pre-Run: 60,154,281,984 bytes free
Post-Run: 59,934,400,512 bytes free
.
- - End Of File - - DBFF5E4E0BE290A6C5AF9F768B856971

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 29 September 2012 - 05:54 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 29 September 2012 - 04:26 PM

OTL logfile created on: 9/29/2012 5:14:17 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mikechips9111\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.44 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 74.74% Memory free
5.11 Gb Paging File | 4.47 Gb Available in Paging File | 87.42% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137.53 Gb Total Space | 51.66 Gb Free Space | 37.56% Space Free | Partition Type: NTFS
Drive D: | 11.52 Gb Total Space | 1.95 Gb Free Space | 16.93% Space Free | Partition Type: NTFS

Computer Name: MIKECHIPS911-PC | User Name: mikechips9111 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mikechips9111\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\VentSrv\ventrilo_srv.exe ()
PRC - C:\Program Files\VentSrv\ventrilo_svc.exe ()
PRC - C:\Windows\System32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (VideoAcceleratorService) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (SpeedBit Ltd.)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (LicCtrlService) -- C:\Windows\Runservice.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Ventrilo) -- C:\Program Files\VentSrv\ventrilo_svc.exe ()
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (http://libusb-win32.sourceforge.net)
SRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys ()
SRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys ()


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder\SysInfo.sys File not found
DRV - (catchme) -- C:\Users\MIKECH~1\AppData\Local\Temp\catchme.sys File not found
DRV - (ALSysIO) -- C:\Users\MIKECH~1\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (PsSdk41) -- C:\Windows\System32\drivers\pssdk41.sys (microOLAP Technologies LTD)
DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()
DRV - (pbfilter) -- C:\Program Files\PeerBlock\pbfilter.sys ()
DRV - (WinRing0_1_2_0) -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys (OpenLibSys.org)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Company)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (trackcam) -- C:\Windows\System32\drivers\trackcam.sys (Eagletron Inc.)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (purendis) -- C:\Windows\System32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (GamingMsFltr) -- C:\Windows\System32\drivers\gamingms.sys (Primax Ltd)
DRV - (VCSVADHWSer) -- C:\Windows\System32\drivers\vcsvad.sys (Avnex)
DRV - (SaiH0D60) -- C:\Windows\System32\drivers\SaiH0D60.sys (Saitek)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDAud.sys (Conexant Systems Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20070823.002\IDSvix86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (SUPERWEBCAM) -- C:\Windows\System32\drivers\superwebcam.sys (Windows ® 2000 DDK provider)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
DRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys ()
DRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
IE - HKLM\..\URLSearchHook: {61f9a87f-c1a0-47c5-88e3-a7d39e9c9f79} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{01843EF3-4C88-4C77-9B6C-269984C92B10}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com/?MB
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102874&gct=hp
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{01843EF3-4C88-4C77-9B6C-269984C92B10}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114064&babsrc=SP_ss&mntrId=37c52f32000000000000001f3a96aa1c
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{1977AFBA-FC27-429D-850A-6282E9032584}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{2EA6F660-1690-4443-88C2-5F699CA0B733}: "URL" = http://www.amazon.com/gp/search?ie=UTF8&tag=griffindigita-20&index=blended&linkCode=qs&camp=1789&creative=9325&keywords={searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{2EC7BF67-3117-4A29-8272-B8D6212322C2}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}: "URL" = http://rover.ebay.com/rover/1/711-53200-19255-0/1?satitle={searchTerms}&ext={searchTerms}&customid=&toolid=10001&campid=5336017972&type=3
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{7D9DA333-6EA8-453A-9759-1AC738D1CCD5}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{8EBEDBD9-DB1C-402C-91FC-0118F7813FD9}: "URL" = http://twitnit.com/{searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{8F4AD901-C14C-4A5A-B1F4-805D3789683F}: "URL" = http://twitnit.com/{searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{AC854C16-CA1E-43f1-8513-0D2F36C726ED}: "URL" = http://www.offos.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=BxWH1dpW
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{C512F26C-B56D-4500-82B2-A6855387AF61}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{E08A9998-D98F-476f-8F5C-37C80FE0A4DA}: "URL" = http://start.oberon-media.com/search.html?cx=partner-pub-7805041628024522%3A87d08n6ktp5&cof=FORID%3A10&ie=UTF-8&sa=Search&q={searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{F813F595-1DA6-4476-915D-E3C2FDF0B758}: "URL" = http://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q={searchTerms}
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{FEB10357-6ACA-4BAE-A962-244152F538F1}: "URL" = [String data over 1000 bytes]
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "SearchMyWeb"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102874&gct=hp"
FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071301000019
FF - prefs.js..extensions.enabledAddons: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {1fc895a6-2042-46ec-a61b-233165b4c218}:1.2.5
FF - prefs.js..extensions.enabledAddons: dislikes@dige:1.0.1.4
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledAddons: fbphotozoom@installdaddy.com:1.3
FF - prefs.js..extensions.enabledAddons: {37153479-1976-43c3-a1ee-557513977b64}:3.14.1.0
FF - prefs.js..extensions.enabledAddons: OneClickDownload@OneClickDownload.com:1.0
FF - prefs.js..extensions.enabledItems: {1fc895a6-2042-46ec-a61b-233165b4c218}:1.2.4
FF - prefs.js..extensions.enabledItems: staff@hide-my-ip.com:1.0
FF - prefs.js..extensions.enabledItems: justintvpublisher@justin.tv:3.1.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071301000019
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.3
FF - prefs.js..extensions.enabledItems: dislikes@dige:1.0.0.1
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.3
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "SearchMyWeb"
FF - user.js..keyword.URL: "http://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q="
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""
FF - user.js..browser.search.defaultenginename: "SearchMyWeb"
FF - user.js..browser.search.defaulturl: "http://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q="
FF - user.js..browser.startup.homepage: "http://google.inklineglobal.com/?MB"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files\BF3 Alpha Trial Web Plugins\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\mikechips9111\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mikechips9111\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\mikechips9111\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/10 23:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/10 23:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files\fbphotozoom\fbphotozoom13.xpi [2012/03/10 07:35:12 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/06 23:40:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/22 17:45:07 | 000,000,000 | ---D | M]

[2009/06/24 19:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Extensions
[2009/06/24 19:10:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2012/08/18 16:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions
[2010/05/02 22:39:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/31 19:48:24 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2012/06/15 23:15:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/09 22:35:25 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(51)
[2012/08/03 00:33:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/19 05:05:39 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\fbdislike@doweb.fr
[2011/02/07 16:57:36 | 000,000,000 | ---D | M] (Justin.tv Publisher) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\justintvpublisher@justin.tv
[2011/02/07 16:57:36 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\moveplayer@movenetworks.com
[2012/08/18 16:27:03 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\OneClickDownload@OneClickDownload.com
[2011/10/15 19:31:58 | 000,072,942 | ---- | M] () (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\dislikes@dige.xpi
[2012/07/28 05:07:40 | 000,324,456 | ---- | M] () (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\smarterwiki@wikiatic.com.xpi
[2011/07/23 19:24:16 | 000,003,084 | ---- | M] () (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi
[2011/07/17 20:46:17 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012/08/03 00:33:31 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2009/02/03 18:42:13 | 000,001,739 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\aim-search.xml
[2012/08/12 03:45:44 | 000,002,402 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\askcom.xml
[2011/07/07 10:17:58 | 000,000,925 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\conduit.xml
[2011/04/18 18:12:13 | 000,001,784 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\inkline.xml
[2012/09/09 07:36:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/23 16:46:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/26 19:44:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/13 21:19:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/06/23 21:43:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/09/12 01:47:26 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2012/03/10 07:35:12 | 000,102,233 | ---- | M] () (No name found) -- C:\PROGRAM FILES\FBPHOTOZOOM\FBPHOTOZOOM13.XPI
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/06/02 03:31:11 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/15 01:37:03 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/06/02 03:31:15 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/05/28 13:59:55 | 000,001,532 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-com.xml

========== Chrome ==========

CHR - homepage: http://www.ask.com/?l=dis&o=102874cr&gct=hp
CHR - default_search_provider: BasicScan (Enabled)
CHR - default_search_provider: search_url = http://www.basicscan.com/?tmp=redir_bho_bing&dist=0&prt=BscscnPB&keywords={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.ask.com/?l=dis&o=102874cr&gct=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\mikechips9111\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\mikechips9111\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Click&Clean = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\
CHR - Extension: Stop Autoplay for YouTube. = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh\0.11.5.24_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: SuperSafeSearch = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\pineidnkcdnmfhhmidgopchoiojgmdne\0.1_0\
CHR - Extension: Gmail = C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/28 17:52:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] //~c:\program files\quicktime\qttask.exe -atboottime File not found
O4 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (SPEEDbit)
O4 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000..\Run: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\MIKECH~1\AppData\Local\Temp\Rpcqt.dll,Sets File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SPEEDbit)
O15 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..Trusted Domains: ukb-kvcd.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A61DB213-C617-4C6C-98B8-96DFA4668E89}: NameServer = 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\mikechips9111\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mikechips9111\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/22 12:09:01 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/29 17:12:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mikechips9111\Desktop\OTL.exe
[2012/09/29 06:45:48 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\[PC Game] DOOM 3 (Extract and Play)
[2012/09/29 04:57:30 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\bleep.Slap.2009.UNRATED.WS.DVDRip.XviD-VoMiT.(www.USABIT.com)
[2012/09/29 04:25:41 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Local\temp
[2012/09/29 04:24:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/28 23:44:56 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III Reign of Chaos & The Frozen Throne
[2012/09/28 23:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III Reign of Chaos & The Frozen Throne
[2012/09/28 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\Warcraft III Reign of Chaos & The Frozen Thron
[2012/09/27 07:18:53 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\Wrestlemania 17
[2012/09/27 07:04:46 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\WWF Wrestlemania X8
[2012/09/25 11:54:11 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\The Cabin In The Woods 2011 DVDRip XviD-EXViD
[2012/09/22 17:56:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 17:56:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 17:56:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 17:56:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 17:56:26 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 17:56:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/22 17:56:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 17:56:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 06:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Download Toolz
[2012/09/22 06:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\DownloadToolz
[2012/09/21 22:04:08 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/21 22:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/21 22:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/21 22:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/19 07:22:13 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Local\AdFender
[2012/09/19 06:19:52 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\Charles
[2012/09/19 06:18:46 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Documents\Fiddler2
[2012/09/19 06:17:35 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Documents\My Cheat Tables
[2012/09/19 06:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2012/09/17 22:56:15 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Debugmode
[2012/09/17 22:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugmode
[2012/09/17 22:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2012/09/17 21:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vReveal
[2012/09/17 21:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\vReveal 3
[2012/09/17 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
[2012/09/17 18:31:09 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\FreeVideoConverter
[2012/09/17 18:31:09 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2012/09/17 04:11:44 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Desktop\CDisplay
[2012/09/17 01:59:46 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Documents\Pinnacle VideoSpin
[2012/09/17 01:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle VideoSpin
[2012/09/17 01:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2012/09/17 01:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle VideoSpin
[2012/09/17 01:34:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Pinnacle
[2012/09/17 01:34:29 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2012/09/17 01:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Pinnacle
[2012/09/16 22:45:01 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Local\{CE0A7AE9-34AE-4089-950A-D3ACC7D1D3ED}
[2012/09/16 22:36:03 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Local\{723C2B52-3250-4FCD-85BB-4AB0F4D4614B}
[2012/09/09 07:28:55 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/09 07:28:27 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/09 07:28:27 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/09 07:28:27 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/09 07:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2012/09/09 06:51:00 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\Azureus
[2012/09/09 06:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/09/03 00:29:00 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Local\{B41B57D5-0FDE-4ED4-8807-F5ED38B303C0}
[2012/09/02 20:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Accelerator
[2012/09/02 20:54:17 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2012/09/02 20:45:50 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\Documents\Leawo
[2012/09/02 20:45:50 | 000,000,000 | ---D | C] -- C:\Users\mikechips9111\AppData\Roaming\Leawo
[2012/09/02 20:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Leawo
[2012/09/02 20:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Leawo
[2012/09/02 20:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Accelerator
[2012/03/24 18:41:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\mikechips9111\AppData\Roaming\pcouffin.sys
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/29 17:16:27 | 000,434,803 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/29 17:12:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mikechips9111\Desktop\OTL.exe
[2012/09/29 16:31:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 16:31:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/29 06:30:25 | 000,016,173 | ---- | M] () -- C:\Users\mikechips9111\Desktop\[kat.ph]pc.game.doom.3.extract.and.play.torrent
[2012/09/29 05:42:57 | 000,651,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/29 05:42:57 | 000,123,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/29 04:32:55 | 000,434,803 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/29 04:31:32 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/09/29 04:30:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/28 23:44:56 | 000,001,062 | ---- | M] () -- C:\Users\mikechips9111\Desktop\Frozen Throne.lnk
[2012/09/28 23:44:56 | 000,001,057 | ---- | M] () -- C:\Users\mikechips9111\Desktop\Warcraft III.lnk
[2012/09/28 21:14:07 | 000,001,189 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\vso_ts_preview.xml
[2012/09/28 17:52:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/27 21:27:22 | 432,524,304 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/24 06:19:05 | 000,002,127 | ---- | M] () -- C:\Users\mikechips9111\Desktop\Google Chrome.lnk
[2012/09/24 06:19:05 | 000,002,044 | ---- | M] () -- C:\Users\mikechips9111\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/22 18:10:43 | 000,000,026 | ---- | M] () -- C:\Windows\dvdSanta.INI
[2012/09/22 02:23:50 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0b76b20a-f4eb-4af1-a460-d80bec6e1a6a.job
[2012/09/21 22:04:27 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2caf14d7-e230-470a-8af5-ec6a5e70fba3.job
[2012/09/20 21:52:18 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/20 21:06:25 | 000,222,208 | ---- | M] () -- C:\Users\mikechips9111\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/20 21:05:12 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/09/18 20:12:21 | 000,454,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/09/17 22:59:26 | 000,060,633 | ---- | M] () -- C:\WaxCrash.dmp
[2012/09/17 22:26:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/09/17 22:22:15 | 000,000,764 | ---- | M] () -- C:\Users\mikechips9111\Application Data\Microsoft\Internet Explorer\Quick Launch\vReveal 3.lnk
[2012/09/17 21:47:22 | 000,000,232 | -H-- | M] () -- C:\Users\mikechips9111\Desktop\vReveal.settings.xml
[2012/09/17 18:31:12 | 000,000,922 | ---- | M] () -- C:\Users\mikechips9111\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2012/09/09 07:28:13 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/09 07:28:09 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/09 07:28:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/09 07:28:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/09 07:28:08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/09/09 07:28:08 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/06 14:54:05 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd8c60fce75320.job
[2012/09/02 20:58:37 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Launch 8643.job
[2012/09/02 20:54:24 | 000,001,846 | ---- | M] () -- C:\Users\mikechips9111\Desktop\SpeedBit Video Accelerator.lnk
[2012/09/02 20:54:17 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\System32\AniGIF.ocx
[2012/09/02 20:31:19 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Launch 3294.job
[2012/09/02 17:16:53 | 000,014,227 | ---- | M] () -- C:\Users\mikechips9111\Desktop\PlayMaker_Icon_Troy_Polamalu_Avatar_Brand_Legendary.png
[4 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/29 06:30:23 | 000,016,173 | ---- | C] () -- C:\Users\mikechips9111\Desktop\[kat.ph]pc.game.doom.3.extract.and.play.torrent
[2012/09/28 23:44:56 | 000,001,062 | ---- | C] () -- C:\Users\mikechips9111\Desktop\Frozen Throne.lnk
[2012/09/28 23:44:56 | 000,001,057 | ---- | C] () -- C:\Users\mikechips9111\Desktop\Warcraft III.lnk
[2012/09/27 21:27:22 | 432,524,304 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/21 22:04:27 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 2caf14d7-e230-470a-8af5-ec6a5e70fba3.job
[2012/09/21 22:04:27 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 0b76b20a-f4eb-4af1-a460-d80bec6e1a6a.job
[2012/09/17 22:59:23 | 000,060,633 | ---- | C] () -- C:\WaxCrash.dmp
[2012/09/17 22:22:15 | 000,000,764 | ---- | C] () -- C:\Users\mikechips9111\Application Data\Microsoft\Internet Explorer\Quick Launch\vReveal 3.lnk
[2012/09/17 18:31:12 | 000,000,922 | ---- | C] () -- C:\Users\mikechips9111\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Video Converter.lnk
[2012/09/17 01:32:14 | 000,000,349 | ---- | C] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012/09/06 14:54:05 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd8c60fce75320.job
[2012/09/02 20:58:37 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Launch 8643.job
[2012/09/02 20:54:24 | 000,001,846 | ---- | C] () -- C:\Users\mikechips9111\Desktop\SpeedBit Video Accelerator.lnk
[2012/09/02 20:31:19 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\Launch 3294.job
[2012/09/02 17:16:54 | 000,014,227 | ---- | C] () -- C:\Users\mikechips9111\Desktop\PlayMaker_Icon_Troy_Polamalu_Avatar_Brand_Legendary.png
[2012/08/25 16:03:25 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat
[2012/08/23 05:10:55 | 000,000,218 | ---- | C] () -- C:\Users\mikechips9111\.recently-used.xbel
[2012/08/05 17:00:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 17:00:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 17:00:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 17:00:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 17:00:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/28 04:10:00 | 000,000,697 | ---- | C] () -- C:\Users\mikechips9111\.jscreenfix-deluxe.licence
[2012/07/17 04:59:48 | 001,802,240 | -HS- | C] () -- C:\Users\mikechips9111\ehthumbs_vista.db
[2012/07/09 03:43:41 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/06/26 16:42:06 | 000,000,552 | ---- | C] () -- C:\Users\mikechips9111\AppData\Local\d3d8caps.dat
[2012/03/24 18:42:04 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2012/03/24 18:41:21 | 000,081,920 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\ezpinst.exe
[2012/03/24 18:41:21 | 000,007,176 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\pcouffin.cat
[2012/03/24 18:41:21 | 000,001,144 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\pcouffin.inf
[2012/03/24 04:16:40 | 000,001,189 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\vso_ts_preview.xml
[2012/03/06 18:20:54 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/13 01:59:06 | 000,000,059 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini
[2011/08/13 00:49:55 | 000,000,000 | ---- | C] () -- C:\Users\mikechips9111\AppData\Local\{AA1145EB-F1DC-4325-B86F-D8D8376AB422}
[2011/08/13 00:49:55 | 000,000,000 | ---- | C] () -- C:\Users\mikechips9111\AppData\Local\{1AC09461-FEA0-4701-A39E-D7A4B17E17B5}
[2011/08/11 00:03:16 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2011/06/11 22:27:01 | 000,000,020 | ---- | C] () -- C:\Windows\btw.ini
[2011/06/11 22:26:56 | 000,044,544 | ---- | C] () -- C:\Windows\System32\gif89.dll
[2011/05/26 14:37:43 | 000,005,401 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\Cabos.plist
[2011/05/17 18:40:40 | 000,000,210 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/05/04 19:15:50 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/04/06 15:38:51 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/06 15:38:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/01 15:39:40 | 000,016,896 | ---- | C] () -- C:\Windows\System32\fpsp.dll
[2011/02/03 23:40:32 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe
[2011/02/03 23:40:32 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2010/10/06 20:27:47 | 000,139,832 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/10/06 20:27:26 | 000,218,496 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/10/06 20:27:20 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/10/06 20:12:06 | 000,138,056 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\PnkBstrK.sys
[2010/09/24 23:41:50 | 000,000,167 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\PLGComp.ini
[2010/09/21 21:51:18 | 000,000,101 | ---- | C] () -- C:\Users\mikechips9111\AppData\Local\fusioncache.dat
[2010/04/02 13:29:16 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/10/29 14:10:08 | 000,000,960 | ---- | C] () -- C:\ProgramData\ss.ini
[2009/08/20 04:14:29 | 000,024,282 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\UserTile.png
[2009/06/24 19:13:07 | 000,000,099 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\MPUI.ini
[2009/06/12 20:48:30 | 000,000,016 | ---- | C] () -- C:\Users\mikechips9111\persistent_state
[2009/03/29 02:25:16 | 000,434,803 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/03/29 02:25:16 | 000,434,803 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/19 17:02:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/01/17 02:10:57 | 000,001,356 | ---- | C] () -- C:\Users\mikechips9111\AppData\Local\d3d9caps.dat
[2009/01/13 18:16:02 | 000,000,258 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\wklnhst.dat
[2008/12/31 01:42:21 | 000,222,208 | ---- | C] () -- C:\Users\mikechips9111\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 01:42:52 | 000,229,323 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\nvModes.dat
[2008/12/27 01:42:52 | 000,229,323 | ---- | C] () -- C:\Users\mikechips9111\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 953 bytes -> C:\ProgramData\TEMP:24721E3C
@Alternate Data Stream - 64 bytes -> C:\Users\mikechips9111\Documents\socomtheme.mp3:TOC.WMV
@Alternate Data Stream - 16 bytes -> C:\Users\mikechips9111\Downloads:Shareaza.GUID
@Alternate Data Stream - 1437 bytes -> C:\ProgramData\Microsoft:tzb2h4kxbKN0J2Wt2sdYv
@Alternate Data Stream - 1293 bytes -> C:\Program Files\Common Files\System:sDz8Y9pGV33LCIWxjTj8MKUAiE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 1241 bytes -> C:\ProgramData\Microsoft:gEruNu1M12mxXEInrcNJRy
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:890CC2F3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 30 September 2012 - 05:31 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\..\URLSearchHook: {61f9a87f-c1a0-47c5-88e3-a7d39e9c9f79} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files\BF3 Alpha Trial Web Plugins\npesnlaunch.dll File not found
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll File not found
    FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: File not found
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [QuickTime Task] //~c:\program files\quicktime\qttask.exe -atboottime File not found
    O4 - HKU\S-1-5-21-926645526-3501171379-1899250667-1000..\Run: [Video Library] C:\Windows\system32\rundll32.exe C:\Users\MIKECH~1\AppData\Local\Temp\Rpcqt.dll,Sets File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    @Alternate Data Stream - 953 bytes -> C:\ProgramData\TEMP:24721E3C
    @Alternate Data Stream - 64 bytes -> C:\Users\mikechips9111\Documents\socomtheme.mp3:TOC.WMV
    @Alternate Data Stream - 16 bytes -> C:\Users\mikechips9111\Downloads:Shareaza.GUID
    @Alternate Data Stream - 1437 bytes -> C:\ProgramData\Microsoft:tzb2h4kxbKN0J2Wt2sdYv
    @Alternate Data Stream - 1293 bytes -> C:\Program Files\Common Files\System:sDz8Y9pGV33LCIWxjTj8MKUAiE
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:EEDA5B17
    @Alternate Data Stream - 1241 bytes -> C:\ProgramData\Microsoft:gEruNu1M12mxXEInrcNJRy
    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:890CC2F3
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:1CA73D29
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D74B6CF5  
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.entru.com/?s=21982
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{01843EF3-4C88-4C77-9B6C-269984C92B10}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102874&gct=hp
    IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{01843EF3-4C88-4C77-9B6C-269984C92B10}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=114064&babsrc=SP_ss&mntrId=37c52f32000000000000001f3a96aa1c
    IE - HKU\S-1-5-21-926645526-3501171379-1899250667-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "SearchMyWeb"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=102874&gct=hp"
    FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071301000019
    FF - prefs.js..extensions.enabledAddons: staff@hide-my-ip.com:1.0
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    FF - user.js..browser.search.selectedEngine: "SearchMyWeb"
    FF - user.js..network.proxy.no_proxies_on: ""
    FF - user.js..browser.search.defaultenginename: "SearchMyWeb"
    FF - user.js..browser.startup.homepage: "http://google.inklineglobal.com/?MB"
    [2009/02/03 18:42:13 | 000,001,739 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\aim-search.xml
    [2012/08/12 03:45:44 | 000,002,402 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\askcom.xml
    [2011/07/07 10:17:58 | 000,000,925 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\conduit.xml
    [2011/04/18 18:12:13 | 000,001,784 | ---- | M] () -- C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\inkline.xml
    [2012/07/15 01:37:03 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 30 September 2012 - 06:01 AM

PC seems to be running at a better speed now some programs still stall.


========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{61f9a87f-c1a0-47c5-88e3-a7d39e9c9f79} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61f9a87f-c1a0-47c5-88e3-a7d39e9c9f79}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@esn/esnlaunch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Video Library deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
ADS C:\ProgramData\TEMP:24721E3C deleted successfully.
ADS C:\Users\mikechips9111\Documents\socomtheme.mp3:TOC.WMV deleted successfully.
Unable to delete ADS C:\Users\mikechips9111\Downloads:Shareaza.GUID .
ADS C:\ProgramData\Microsoft:tzb2h4kxbKN0J2Wt2sdYv deleted successfully.
ADS C:\Program Files\Common Files\System:sDz8Y9pGV33LCIWxjTj8MKUAiE deleted successfully.
ADS C:\ProgramData\TEMP:EEDA5B17 deleted successfully.
ADS C:\ProgramData\Microsoft:gEruNu1M12mxXEInrcNJRy deleted successfully.
ADS C:\ProgramData\TEMP:890CC2F3 deleted successfully.
ADS C:\ProgramData\TEMP:1CA73D29 deleted successfully.
ADS C:\ProgramData\TEMP:010ADD2C deleted successfully.
ADS C:\ProgramData\TEMP:D74B6CF5 deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01843EF3-4C88-4C77-9B6C-269984C92B10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01843EF3-4C88-4C77-9B6C-269984C92B10}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-926645526-3501171379-1899250667-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{01843EF3-4C88-4C77-9B6C-269984C92B10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01843EF3-4C88-4C77-9B6C-269984C92B10}\ not found.
Registry key HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-926645526-3501171379-1899250667-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "SearchMyWeb" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://www.ask.com/?l=dis&o=102874&gct=hp" removed from browser.startup.homepage
Prefs.js: moveplayer@movenetworks.com:1.0.0.071301000019 removed from extensions.enabledAddons
Prefs.js: staff@hide-my-ip.com:1.0 removed from extensions.enabledAddons
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
C:\Users\mikechips9111\AppData\Roaming\Mozilla\FireFox\Profiles\me8kstqd.default\user.js moved successfully.
C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\aim-search.xml moved successfully.
C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\askcom.xml moved successfully.
C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\conduit.xml moved successfully.
C:\Users\mikechips9111\AppData\Roaming\Mozilla\Firefox\Profiles\me8kstqd.default\searchplugins\inkline.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mikechips9111\Desktop\cmd.bat deleted successfully.
C:\Users\mikechips9111\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1

User: mikechips9111
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mcx1

User: mikechips9111
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09302012_065844

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 PM

Posted 30 September 2012 - 12:32 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 8.1.5
Coupon Printer for Windows
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Steelers2025

Steelers2025
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 30 September 2012 - 05:55 PM

Had no issues with anything PC is running at normal speed rite now just goggle chrome sometimes stalls loading.


Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
mikechips9111 :: MIKECHIPS911-PC [administrator]

Protection: Disabled

9/30/2012 6:41:12 PM
mbam-log-2012-09-30 (18-41-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230163
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:52:42 PM, on 9/30/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\Dwm.exe
C:\Users\mikechips9111\Desktop\HijackThis.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin\ClickClean.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mikechips9111\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.inklineglobal.com/?MB
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\speedbit video accelerator\sblsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{A61DB213-C617-4C6C-98B8-96DFA4668E89}: NameServer = 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{A61DB213-C617-4C6C-98B8-96DFA4668E89}: NameServer = 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Amazon Unbox Video Service (ADVService) - Unknown owner - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Google Update Service (gupdate1c9a93ad4acec15) (gupdate1c9a93ad4acec15) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe
O23 - Service: VideoAcceleratorService - SpeedBit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8568 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users