Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Easylife App. Have I removed it?


  • Please log in to reply
9 replies to this topic

#1 SteveBrocks

SteveBrocks

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 01:30 PM

Mod Edit: Moved to Virus, Trojan, Spyware, and Malware Removal Logs ~~ bopme

 

Mrs B down loaded a data pack the other night via sendspace.com.

Immediately after that Internet explorer diverted to a web page called easy life. Suspicious we did some looking in to it. IE and google chrome which led us here.

 

More research pointed to two new folders in C:/ program files/easy life and c:/program files/browsetobuy. A file called sprotector.dll had been created and this was the malicious bit.

I used this thread in this thread to get advice on how to clean the machine but the problem remained I eventually deleted the folders manually, reset the default home page and uninstalled chrome.  The problem appears to have cleared,  BUT!  If I search for files containing easy life of browsetobuy some files are still showing up even though the folders are empty so I am not convinced its cleared yet. I spent 5 hours on it last Friday....Do I need to do a bit more yet until I am happy.

 

 


 


Edited by boopme, 11 February 2013 - 01:56 PM.


BC AdBot (Login to Remove)

 


#2 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 01:32 PM

Security Check:

 

 Results of screen317's Security Check version 0.99.57 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 39 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Toshiba Toshiba Online Product Information TOPI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:48 PM

Posted 11 February 2013 - 01:43 PM

If you ran ComboFix then we need to see that and a DDS log from this guide. Do steps 6,7, and 8

 

Please follow this Preparation Guide and post in a new topic.

Let me know if all went well.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 01:52 PM

I'm re-running all the steps now. 

 

ADWCLEANER

 

 

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 18:36:51
# Updated 10/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Lisa - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Lisa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\BetterSoft
Folder Deleted : C:\Users\Lisa\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CA3EB689-8F09-4026-AA10-B9534C691CE0}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [359 octets] - [08/02/2013 21:27:26]
AdwCleaner[S2].txt - [9624 octets] - [08/02/2013 21:31:17]
AdwCleaner[S3].txt - [1155 octets] - [11/02/2013 18:36:51]

########## EOF - C:\AdwCleaner[S3].txt - [1215 octets] ##########



DDS. txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Lisa at 18:50:24 on 2013-02-11
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2939.1366 [GMT 0:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\KiesAirMessage.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
mStart Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: easyfundraising toolbar: {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - c:\program files\easyfundraising toolbar\tbcore3.dll
TB: easyfundraising toolbar: {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - c:\program files\easyfundraising toolbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaRegistration.exe
mRun: [topi] c:\program files\toshiba\toshiba online product information\topi.exe -startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [Google EULA Launcher] c:\program files\google\google eula\GoogleEULALauncher.exe IE PA
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
StartupFolder: c:\users\lisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\lisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\windows\system32\wpclsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} - hxxp://downloads.virginmedia.com/CST/ver1/vistainstaller.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{28821493-3D8A-4C68-9326-D5A6D1259F37} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-16 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-7-1 7168]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-10-26 124368]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-12-9 83168]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-1 30192]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S3 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-12-9 181344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-02-11 18:23:42 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{429ec92e-695a-4b24-ad45-eae13d440dba}\mpengine.dll
2013-02-08 23:00:36 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-08 22:56:25 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6dd348d4-ec6b-4355-83d9-6dc213d40929}\mpengine.dll
2013-02-08 22:45:12 -------- d-----w- C:\_OTL
2013-02-08 22:23:08 -------- d-sh--w- C:\$RECYCLE.BIN
2013-02-08 21:56:26 98816 ----a-w- c:\windows\sed.exe
2013-02-08 21:56:26 256000 ----a-w- c:\windows\PEV.exe
2013-02-08 21:56:26 208896 ----a-w- c:\windows\MBR.exe
2013-02-08 21:28:41 134 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-08 19:13:14 -------- d-----w- c:\users\lisa\appdata\roaming\SendSpace
.
==================== Find3M  ====================
.
2013-02-11 18:21:04 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-11 18:21:04 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 16:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-15 16:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12:54 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50:29 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-28 14:18:54 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-11-23 01:35:53 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22:50 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 18:51:12.91 ===============
 


Edited by SteveBrocks, 11 February 2013 - 03:36 PM.


#5 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 01:57 PM

RogueKiller:

 

 

RogueKiller V8.5.0 [Feb  8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Lisa [Admin rights]
Mode : Remove -- Date : 02/11/2013 18:56:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX +++++
--- User ---
[MBR] d95040a4a43e0c07459c1b4894c9954a
[BSP] d494a23712e6606c402830d61a6197cc : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 153000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 316418048 | Size: 150743 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02112013_02d1856.txt >>
RKreport[1]_S_02112013_02d1855.txt ; RKreport[2]_D_02112013_02d1856.txt



#6 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 02:18 PM

Hi Boopme

 

Below is a script from Combox that I have just run.  

 

The refernces to easylife now are in c:\Users\Lisa\AppData\Local\Microsoft\Windows Sidebar\Gadgets\EasyLife Gadget.Gadget\images.   However if I try to navigate there the folder doesn't exist.

 

 

COMBO FIX:

 

 

 

 

 

ComboFix 13-02-07.02 - Lisa 11/02/2013  18:59:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2939.1567 [GMT 0:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-11 to 2013-02-11  )))))))))))))))))))))))))))))))
.
.
2013-02-11 19:09 . 2013-02-11 19:09 -------- d-----w- c:\users\Steve\AppData\Local\temp
2013-02-11 19:09 . 2013-02-11 19:09 -------- d-----w- c:\users\John\AppData\Local\temp
2013-02-11 19:09 . 2013-02-11 19:09 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2013-02-11 19:09 . 2013-02-11 19:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-11 19:09 . 2013-02-11 19:09 -------- d-----w- c:\users\Christopher\AppData\Local\temp
2013-02-11 18:23 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{429EC92E-695A-4B24-AD45-EAE13D440DBA}\mpengine.dll
2013-02-08 23:00 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-08 22:56 . 2013-01-18 12:17 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DD348D4-EC6B-4355-83D9-6DC213D40929}\mpengine.dll
2013-02-08 22:45 . 2013-02-08 22:45 -------- d-----w- C:\_OTL
2013-02-08 21:28 . 2013-02-08 21:33 134 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-08 19:13 . 2013-02-08 19:13 -------- d-----w- c:\users\Lisa\AppData\Roaming\SendSpace
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 18:21 . 2012-04-14 18:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-11 18:21 . 2011-06-07 19:14 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 01:28 . 2009-10-03 17:36 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 16:56 . 2012-08-04 20:34 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-15 16:56 . 2010-05-09 09:07 473520 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12 . 2012-12-24 20:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-24 20:28 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-29 21:47 . 2012-11-29 21:48 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1790E8E2-C47E-47AC-8E80-EAE2C715D919}\gapaengine.dll
2012-11-28 14:18 . 2012-12-09 22:10 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-11-28 14:17 . 2012-11-28 14:17 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-11-28 14:17 . 2012-11-28 14:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-11-28 14:17 . 2012-11-28 14:17 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-11-28 14:17 . 2012-11-28 14:17 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-11-28 14:17 . 2012-11-28 14:17 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-11-28 14:17 . 2012-11-28 14:17 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-11-28 14:17 . 2012-11-28 14:17 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-11-28 14:17 . 2012-11-28 14:17 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-11-28 14:17 . 2012-11-28 14:17 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-11-28 14:17 . 2012-11-28 14:17 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-11-28 14:17 . 2012-11-28 14:17 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-11-28 14:17 . 2012-11-28 14:17 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-11-28 14:17 . 2012-11-28 14:17 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-11-28 14:17 . 2012-11-28 14:17 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-11-28 14:17 . 2012-11-28 14:17 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-11-28 14:17 . 2012-11-28 14:17 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-11-28 14:17 . 2012-11-28 14:17 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-11-28 14:17 . 2012-11-28 14:17 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-11-28 14:17 . 2012-11-28 14:17 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-11-28 14:17 . 2012-11-28 14:17 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-11-28 14:17 . 2012-11-28 14:17 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-11-28 14:17 . 2012-11-28 14:17 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-11-28 14:17 . 2012-11-28 14:17 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-11-28 14:17 . 2012-11-28 14:17 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-11-28 14:17 . 2012-11-28 14:17 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-11-28 14:17 . 2012-11-28 14:17 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-11-28 14:17 . 2012-11-28 14:17 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-11-28 14:17 . 2012-11-28 14:17 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-11-28 14:17 . 2012-11-28 14:17 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-11-28 14:17 . 2012-12-09 22:10 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-11-28 14:17 . 2012-12-09 22:10 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-11-28 14:17 . 2008-07-01 14:35 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-11-23 01:35 . 2013-01-09 03:06 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-09 03:05 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09 . 2012-12-13 00:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 00:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 00:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 00:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 00:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 00:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37AA2B59-4831-4A05-9B8D-B42774DAB6CE}"= "c:\program files\easyfundraising toolbar\tbcore3.dll" [2012-07-11 2663800]
.
[HKEY_CLASSES_ROOT\clsid\{37aa2b59-4831-4a05-9b8d-b42774dab6ce}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37AA2B59-4831-4A05-9B8D-B42774DAB6CE}"= "c:\program files\easyfundraising toolbar\tbcore3.dll" [2012-07-11 2663800]
.
[HKEY_CLASSES_ROOT\clsid\{37aa2b59-4831-4a05-9b8d-b42774dab6ce}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-03 967608]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-11-28 577536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-03 309688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
Akamai REG_MULTI_SZ    Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:21]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbff93ecdcdd20.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 13:55]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
mStart Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A057A204-BACC-4D26-CFC3-3CECC9AB2EDA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-11 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????33F????P???x???????????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-11  19:13:31
ComboFix-quarantined-files.txt  2013-02-11 19:13
ComboFix2.txt  2013-02-08 22:23
.
Pre-Run: 58,285,948,928 bytes free
Post-Run: 57,920,733,184 bytes free
.
- - End Of File - - 22184B706F755F1DD75224240D60150A
 



#7 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 02:31 PM

This is the OTL log:

 

 

 

 

 

 

 

 

OTL logfile created on: 11/02/2013 19:20:46 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 40.65% Memory free
5.95 Gb Paging File | 4.25 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.41 Gb Total Space | 54.13 Gb Free Space | 36.23% Space Free | Partition Type: NTFS
Drive E: | 147.21 Gb Total Space | 107.49 Gb Free Space | 73.02% Space Free | Partition Type: NTFS
Drive F: | 72.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: HOME-PC | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lisa\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\Toshiba\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\f0f77a17e664a6388678af5e46ea9429\Kies.Theme.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\b902ba083796f1c1fb74f45dd83c0a89\DevicePodcast.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\ec9214816cbb4027b08be96e208e6f40\DeviceVideo.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\5f4a232309755f342f3845d30cce3a1c\DevicePhoto.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\49d6481e8f3b412dc4d9b1760772e65d\DeviceMusic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\bb7db1a3f8f05076482e91f63414ef38\VideoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\2e0062207cb3fa6152d15060be8961a5\PodcastService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\87b4763e6e0e393aef206c54ef129041\PhotoManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\1cb33769cb7197c0ef14ace1e2d7fa87\Podcaster.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b2d8278fc4d447c89bb8fb71a767e112\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\f6751c6c2f816dc211f7de422982927d\DeviceHost.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\2e052f145f47654c5404eb5aeced665c\Phonebook.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\69f5802772fda7a8e65d8157a3c3f18c\CPKTMusicPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\ef358c60e1a9a62794255cefd175a8a4\MusicManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\b6beedbe049f04c3a8d995e9507af811\BATPlugin.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\5b7fa86905670aca3ce89c88c2051f12\Kies.Common.StoreManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\55776affc49c5323328a21ce00d10f20\Kies.Common.MediaDB.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\d30dd594f264c0bdcc68e2bbff360cfd\ASF_cSharpAPI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\777b21ab9fcca5853d0bd9e3838f1b72\Kies.Common.AllShare.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\cc6fc5c527824d56a73ede1a4bf73e66\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1640d1c3f5f9c9f6f68787d58584740c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5f18ab7e7fa319dbb036125af28bb5ba\Kies.Common.DeviceServiceLib.FileService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\b30fbf04a2061b33edfd5aa0d6168856\Interop.DevFileServiceLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\71c7511b6903372dd44fc01f711bd590\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7bada63d778a6824f83e244c7f87c398\Kies.Common.DeviceServiceLib.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\abd439614529064058e8a7e27795deb4\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\eb923a3ddf3bfe0955bb22574ee2cf11\Kies.Common.DeviceService.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\613d9b5af9aba20ee1353c43c9c0a84b\Interop.MP3FileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\145952716fb5eee03a99b0ccf8ac02cb\Interop.OGGFileInfoCOMLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\04a15f0b553077053b0d70c292e93f2a\Interop.PRPLAYERCORELib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\df583bdd5805a8ea646aa90a83e31a0a\Interop.P3MPINTERFACECTRLLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\fc800ac08424b22cf6cdee50b33dbf41\Kies.Common.Multimedia.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\44e034a25d213b8bde463353f1f2bbd9\Kies.Common.MainUI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\8ea615184f2f6240df29ba506a9c178c\CabLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\6708bfbc7eed4c2e49b9b31b5baab8f9\Kies.Common.DBManager.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\ede2cb8d493fe0860167dc3639f14f0c\ICSharpCode.SharpZipLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\a58eacde1e563bcaa194f7a5c7dbfe26\Kies.Common.Util.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\74beb2399f38cbef8b8aaa61bf6bded1\Kies.Locale.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\1224c906a60f250029b81536811cb7e4\Interop.DeviceSearchLib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\b481a29bb9a3c34217c06d2f95fee751\Kies.MVVM.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\be82e50d883efd94c5a34bdab29f53f9\Kies.UI.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\befd714f490ce7c9048191de55545844\GongSolutions.Wpf.DragDrop.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\1daab7f22a77d1b975a424d471907ed2\Kies.Interface.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5cf050c8bbcaba774c993810252f5fd7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\0f3b0e826eaa519bd7a3cad3de4fe3f4\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\cbb1eb18b6cfdc6f75b8643217ef079e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2297aa4cb17f43a679db50ea05b2b811\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\2b9d89aae25d4741c0204d3aded055cd\Kies.ni.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c627e9b7f10b01db43645284e601f255\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll ()
MOD - C:\Program Files\easyfundraising toolbar\tbcore3.dll ()
MOD - C:\Program Files\easyfundraising toolbar\tbhelper.dll ()
MOD - C:\Program Files\easyfundraising toolbar\MsgWindowPlugin.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()


========== Services (SafeList) ==========

SRV - (TOSHIBA Bluetooth Service) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (TemproMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (TNaviSrv) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (Tosrfcom) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys File not found
DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (UVCFTR) -- C:\Windows\System32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/?pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
IE - HKLM\..\SearchScopes\{32469BA8-1A2E-4520-A36F-E4691C11AC38}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\SearchScopes,DefaultScope = {32469BA8-1A2E-4520-A36F-E4691C11AC38}
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&abc=ie&pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\SearchScopes\{32469BA8-1A2E-4520-A36F-E4691C11AC38}: "URL" = http://www.google.com/search?source=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en-GB
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-766189783-2040060669-467746949-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/06/13 20:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2009/06/13 20:37:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/05/16 01:03:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/22 16:00:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

========== Chrome ==========

CHR - homepage: http://search.easylifeapp.com/?pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = http://www.google.co.uk/search?source=ig&hl=en&rlz=1I7GGLL_en-GB&q={searchTerms}&meta=cr=countryUK|countryGB&aq=f&oq=
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = http://www.google.co.uk/search?source=ig&hl=en&rlz=1I7GGLL_en-GB&q={searchTerms}&meta=cr=countryUK|countryGB&aq=f&oq=
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nplcpkbfejalodhdkigfnjlmdnpebgjl\1\
CHR - Extension: No name found = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/02/08 22:18:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (easyfundraising toolbar) - {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - C:\Program Files\easyfundraising toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..\Toolbar\WebBrowser: (easyfundraising toolbar) - {37AA2B59-4831-4A05-9B8D-B42774DAB6CE} - C:\Program Files\easyfundraising toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe ( )
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOSHIBA Online Product Information] C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-766189783-2040060669-467746949-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-766189783-2040060669-467746949-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-766189783-2040060669-467746949-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\S-1-5-21-766189783-2040060669-467746949-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Elizabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-766189783-2040060669-467746949-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.virginmedia.com/CST/ver1/vistainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28821493-3D8A-4C68-9326-D5A6D1259F37}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\WALLPAPERS\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/13 12:37:08 | 000,000,089 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/11 19:13:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/11 19:11:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/11 18:48:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\dds.com
[2013/02/08 23:02:07 | 000,158,128 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2013/02/08 23:02:07 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2013/02/08 23:02:07 | 000,149,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2013/02/08 22:45:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/08 22:28:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2013/02/08 21:56:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/08 21:56:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/08 21:56:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/08 21:56:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/08 21:55:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/08 21:55:12 | 005,030,592 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe
[2013/02/08 21:43:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\RK_Quarantine
[2013/02/08 19:13:14 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SendSpace
[2013/01/24 23:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/11 19:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/11 19:16:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/11 18:53:03 | 000,003,536 | ---- | M] () -- C:\Users\Lisa\Desktop\attach.zip
[2013/02/11 18:49:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\dds.com
[2013/02/11 18:48:36 | 000,609,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/11 18:48:36 | 000,109,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/11 18:42:06 | 000,001,833 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2013/02/11 18:41:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cbff93ecdcdd20.job
[2013/02/11 18:41:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 18:41:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 18:41:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 18:36:31 | 000,587,659 | ---- | M] () -- C:\Users\Lisa\Desktop\adwcleaner.exe
[2013/02/11 18:21:04 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/11 18:21:04 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/08 22:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2013/02/08 22:18:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/08 21:55:35 | 005,030,592 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe
[2013/02/08 21:42:43 | 000,782,336 | ---- | M] () -- C:\Users\Lisa\Desktop\RogueKiller.exe
[2013/02/08 21:33:30 | 000,000,134 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/08 21:17:30 | 000,881,914 | ---- | M] () -- C:\Users\Lisa\Desktop\SecurityCheck.exe
[2013/02/08 19:17:06 | 050,034,258 | ---- | M] () -- C:\Users\Lisa\Desktop\King and I Audition Pack.pdf
[2013/02/06 21:45:51 | 000,809,817 | ---- | M] () -- C:\Users\Lisa\Desktop\Ebay letter 1.PDF
[2013/02/06 21:43:59 | 002,902,297 | ---- | M] () -- C:\Users\Lisa\Desktop\save a childs life logo.jpg
[2013/02/06 21:43:25 | 000,184,993 | ---- | M] () -- C:\Users\Lisa\Desktop\save a childs life logo_small.jpg
[2013/01/26 20:44:27 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/15 16:56:10 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2013/01/15 16:56:07 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2013/01/15 16:53:05 | 000,158,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2013/01/15 16:53:01 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2013/01/15 16:52:55 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/11 18:53:03 | 000,003,536 | ---- | C] () -- C:\Users\Lisa\Desktop\attach.zip
[2013/02/11 18:36:31 | 000,587,659 | ---- | C] () -- C:\Users\Lisa\Desktop\adwcleaner.exe
[2013/02/08 21:56:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/08 21:56:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/08 21:56:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/08 21:56:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/08 21:56:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/08 21:42:43 | 000,782,336 | ---- | C] () -- C:\Users\Lisa\Desktop\RogueKiller.exe
[2013/02/08 21:28:41 | 000,000,134 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/08 21:17:24 | 000,881,914 | ---- | C] () -- C:\Users\Lisa\Desktop\SecurityCheck.exe
[2013/02/08 19:13:16 | 050,034,258 | ---- | C] () -- C:\Users\Lisa\Desktop\King and I Audition Pack.pdf
[2013/02/06 21:45:49 | 000,809,817 | ---- | C] () -- C:\Users\Lisa\Desktop\Ebay letter 1.PDF
[2013/02/06 21:39:24 | 000,184,993 | ---- | C] () -- C:\Users\Lisa\Desktop\save a childs life logo_small.jpg
[2013/02/06 21:36:58 | 002,902,297 | ---- | C] () -- C:\Users\Lisa\Desktop\save a childs life logo.jpg
[2012/11/28 14:17:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/11/28 14:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/11/28 14:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/11/28 14:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/11/28 14:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/05/16 19:55:10 | 000,026,388 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/03/15 20:35:45 | 000,000,680 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
[2011/08/19 18:57:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/04/25 14:21:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/04/08 21:18:24 | 000,025,600 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/02 21:43:41 | 000,004,662 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2009/04/02 21:19:32 | 000,000,632 | RHS- | C] () -- C:\Users\Lisa\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



#8 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 02:35 PM

Last week the custom OTLscript didn't run.

 

It got a bit further tonight but I don'tthink this is the result we expected:

 

 

-----------------------------------------------------------

Error: Unable to interpret <:OTLFF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not foundO2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not foundO4 - HKLM..\Run: [] File not foundO18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com > in the current context!
Error: Unable to interpret <- No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}IE - HKU\S-1-5-21-864931423-2590267515-2597370598-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/IE - HKU\S-1-5-21-864931423-2590267515-2597370598-1000\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylife> in the current context!
Error: Unable to interpret <app.com/?q={searchTerms}FF - prefs.js..browser.search.defaultenginename: "EasyLife"FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"FF - prefs.js..browser.search.defaultthis.engineName: ""FF - prefs.js..browser.search.defaulturl: "http://search.easylifeapp.com/?q="FF - prefs.js..browser.search.order.1: "EasyLife"FF - prefs.js..browser.search.order.1,S: S", "EasyLife"FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"FF - prefs.js..keyword.URL: "http://search.easylifeapp.com/?q="[2013/01/24 18:45:50 | 000,000,218 | ---- | M] () -- C:\Users\Sarah\Desktop\Easy Life Search APP.URL:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]> in the current context!
 
OTL by OldTimer - Version 3.2.69.0 log created on 02112013_193304
 



#9 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 03:32 PM

OK now step 6? I've lost count: :Run CFScript:
 

This took an age. especially step 48.

 

 

--------------------------------------------------------------------

 

ComboFix 13-02-07.02 - Lisa 11/02/2013  19:40:26.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.2939.1424 [GMT 0:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
Command switches used :: c:\users\Lisa\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-11 to 2013-02-11  )))))))))))))))))))))))))))))))
.
.
2013-02-11 20:21 . 2013-02-11 20:21 -------- d-----w- c:\users\Steve\AppData\Local\temp
2013-02-11 20:21 . 2013-02-11 20:21 -------- d-----w- c:\users\John\AppData\Local\temp
2013-02-11 20:21 . 2013-02-11 20:21 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2013-02-11 20:21 . 2013-02-11 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-11 20:21 . 2013-02-11 20:21 -------- d-----w- c:\users\Christopher\AppData\Local\temp
2013-02-11 18:23 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{429EC92E-695A-4B24-AD45-EAE13D440DBA}\mpengine.dll
2013-02-08 23:00 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-08 22:56 . 2013-01-18 12:17 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6DD348D4-EC6B-4355-83D9-6DC213D40929}\mpengine.dll
2013-02-08 22:45 . 2013-02-08 22:45 -------- d-----w- C:\_OTL
2013-02-08 21:28 . 2013-02-08 21:33 134 ----a-w- c:\windows\DeleteOnReboot.bat
2013-02-08 19:13 . 2013-02-08 19:13 -------- d-----w- c:\users\Lisa\AppData\Roaming\SendSpace
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-11 18:21 . 2012-04-14 18:22 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-11 18:21 . 2011-06-07 19:14 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 01:28 . 2009-10-03 17:36 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 16:56 . 2012-08-04 20:34 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-15 16:56 . 2010-05-09 09:07 473520 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 13:12 . 2012-12-24 20:28 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-24 20:28 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-11-29 21:47 . 2012-11-29 21:48 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1790E8E2-C47E-47AC-8E80-EAE2C715D919}\gapaengine.dll
2012-11-28 14:18 . 2012-12-09 22:10 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-11-28 14:17 . 2012-11-28 14:17 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-11-28 14:17 . 2012-11-28 14:17 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-11-28 14:17 . 2012-11-28 14:17 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-11-28 14:17 . 2012-11-28 14:17 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-11-28 14:17 . 2012-11-28 14:17 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-11-28 14:17 . 2012-11-28 14:17 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-11-28 14:17 . 2012-11-28 14:17 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-11-28 14:17 . 2012-11-28 14:17 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-11-28 14:17 . 2012-11-28 14:17 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-11-28 14:17 . 2012-11-28 14:17 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-11-28 14:17 . 2012-11-28 14:17 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-11-28 14:17 . 2012-11-28 14:17 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-11-28 14:17 . 2012-11-28 14:17 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-11-28 14:17 . 2012-11-28 14:17 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-11-28 14:17 . 2012-11-28 14:17 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-11-28 14:17 . 2012-11-28 14:17 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-11-28 14:17 . 2012-11-28 14:17 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-11-28 14:17 . 2012-11-28 14:17 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-11-28 14:17 . 2012-11-28 14:17 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-11-28 14:17 . 2012-11-28 14:17 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-11-28 14:17 . 2012-11-28 14:17 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-11-28 14:17 . 2012-11-28 14:17 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-11-28 14:17 . 2012-11-28 14:17 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-11-28 14:17 . 2012-11-28 14:17 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-11-28 14:17 . 2012-11-28 14:17 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-11-28 14:17 . 2012-11-28 14:17 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-11-28 14:17 . 2012-11-28 14:17 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-11-28 14:17 . 2012-11-28 14:17 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-11-28 14:17 . 2012-12-09 22:10 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-11-28 14:17 . 2012-12-09 22:10 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-11-28 14:17 . 2008-07-01 14:35 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-11-23 01:35 . 2013-01-09 03:06 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-09 03:05 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09 . 2012-12-13 00:38 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 00:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 00:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 00:39 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 00:39 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 00:39 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37AA2B59-4831-4A05-9B8D-B42774DAB6CE}"= "c:\program files\easyfundraising toolbar\tbcore3.dll" [2012-07-11 2663800]
.
[HKEY_CLASSES_ROOT\clsid\{37aa2b59-4831-4a05-9b8d-b42774dab6ce}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37AA2B59-4831-4A05-9B8D-B42774DAB6CE}"= "c:\program files\easyfundraising toolbar\tbcore3.dll" [2012-07-11 2663800]
.
[HKEY_CLASSES_ROOT\clsid\{37aa2b59-4831-4a05-9b8d-b42774dab6ce}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB03150.TBSB03150]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 68856]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-03 967608]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-11-28 577536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"NDSTray.exe"="NDSTray.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-23 30192]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-03 309688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A]
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
Akamai REG_MULTI_SZ    Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:21]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbff93ecdcdd20.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 13:55]
.
2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.co.uk/
mStart Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/08&hid=2606154032&lg=EN&cc=GB
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-11 20:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????33F????P???x???????????? 
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-11  20:24:23
ComboFix-quarantined-files.txt  2013-02-11 20:24
ComboFix2.txt  2013-02-11 19:13
ComboFix3.txt  2013-02-08 22:23
.
Pre-Run: 58,076,299,264 bytes free
Post-Run: 57,733,832,704 bytes free
.
- - End Of File - - 7E165F46289ADB59B36FFE7CD82677ED
 



#10 SteveBrocks

SteveBrocks
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 11 February 2013 - 03:43 PM

Searching for files containing Easylife on the C: drive appears be be limited to quarentine files.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users