Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot Access Task Manager and Regedit is Missing - Cannot Run DDS Tool in my co


  • This topic is locked This topic is locked
42 replies to this topic

#1 JoshToppe001

JoshToppe001

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 10:37 AM

Hi,

 

I am a noob in this forum and this is my first post and I apologize if I inadvertently violate any posting rules.

 

My problem is that I cannot Access Task Manager and Regedit is Missing and I cannot Run DDS Tool in my computer to comply with the requirements in this forum.

 

 

I use a pretty old laptop - IBM ThinkPad T41 - but I still get things done with it and would like to continue using it for my current needs and requirements. 
 
I am having problems accessing the task manager, and when I run the taskmgr.exe I get the prompt response "Windows cannot find 'taskmgr.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." Alternatively, I tried running regedit.exe and I got this error message - "regedit.exe - Unable to Locate Component - This application has failed to start because ACLUI.dll was not found. Re-installing the application may fix the problem."
 
I have already ran MBAM and Avast Free Antivirus to see if I can solve the problem. Got clean results with Avast but caught several issues while running MBAM. I took the initiative of posting snippets of the 3 MBAM logs that were generated from the 4 MBAM scans I did today for your reference.
 
Unfortunately, I am not able to run the DDS tool in my computer after attempting for several times. I have removed external gadgets attached to the computer and closed all applications before running the DDS tool, and still I get the same results. 
 
Many thanks in advance.
 
 
Windows OS - Windows XP PRO version Sp3-Final
System Details:
 Microsoft Installation 
 Intel ® Pentium ® M
 processor 1.86GHz
 598 MHz, 1.25 GB of RAM
 
 
 
 
MBAM Logs
 
MBAM Log #1
 
 
Registry Data Items Detected: 9
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com/) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://search.certified-toolbar.com?si=41460&st=home&tid=3192) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bad: (http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=) Good: (http://www.google.com/) -> Quarantined and repaired successfully.
 
Folders Detected: 1
C:\Documents and Settings\All Users\Start Menu\Programs\Protected Search (PUP.ProtectedSearch) -> Quarantined and deleted successfully.
 
Files Detected: 1
C:\Documents and Settings\All Users\Start Menu\Programs\Protected Search\Protected Search Settings.lnk (PUP.ProtectedSearch) -> Quarantined and deleted successfully.
 
 
MBAM Log #2
 
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFEAF3D0-307E-4F52-B64A-AF56BABE82B5} (PUP.SearchCom) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFEAF3D0-307E-4F52-B64A-AF56BABE82B5} (PUP.SearchCom) -> Quarantined and deleted successfully.
 
Files Detected: 1
C:\Documents and Settings\sir\Application Data\FBDownloader\revert.dll (Trojan.StartPage.) -> Quarantined and deleted successfully.
 
 
MBAM Log #3
 
Files Detected: 1
C:\System Volume Information\_restore{B3BDB50C-28E5-4279-A00C-25AEBEB48191}\RP521\A0521239.dll (Trojan.StartPage.) -> Quarantined and deleted successfully.
 
 
 

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:05 AM

Posted 27 February 2013 - 04:57 PM

Please run the following:
  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    RGKRScan.png
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    RGKRDelete.png
  • Next click on the ShortcutsFix
    RGKRShortcutsFix.png
  • another report will be created on your desktop.
  • Please post: All RKreport.txt text files located on your desktop.




Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 07:12 PM

Hi CatByte,

 

Many thanks for the SUPER fast response to my request for help.

 

Here are all the RKreport.txt text files located on my desktop.

 

 

 

RKreport[1]_S_02282013_02d0801
 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

 

mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3, v.6335) 32 bits version
Started in : Normal mode
User : sir [Admin rights]
Mode : Scan -- Date : 02/28/2013 08:01:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SSync ("C:\Documents and Settings\sir\Application Data\SSync\SSync.exe") [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-507921405-920026266-854245398-1003[...]\Run : SSync ("C:\Documents and Settings\sir\Application Data\SSync\SSync.exe") [-] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: FUJITSU MHT2060AT +++++
--- User ---
[MBR] 2e1c2d4573540bc1615a15256fc38091
[BSP] a9470de0693c06d9067d11dda5c8de91 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 27692 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 56715120 | Size: 26460 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_02282013_02d0801.txt >>
RKreport[1]_S_02282013_02d0801.txt
 
 
RKreport[2]_D_02282013_02d0803
 
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3, v.6335) 32 bits version
Started in : Normal mode
User : sir [Admin rights]
Mode : Remove -- Date : 02/28/2013 08:03:55
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SSync ("C:\Documents and Settings\sir\Application Data\SSync\SSync.exe") [-] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: FUJITSU MHT2060AT +++++
--- User ---
[MBR] 2e1c2d4573540bc1615a15256fc38091
[BSP] a9470de0693c06d9067d11dda5c8de91 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 27692 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 56715120 | Size: 26460 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_D_02282013_02d0803.txt >>
RKreport[1]_S_02282013_02d0801.txt ; RKreport[2]_D_02282013_02d0803.txt
 
 
 


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:05 AM

Posted 27 February 2013 - 07:17 PM

Please re-run RogueKiller once more and this time press the "HostFix" button

post the new log, then run the following:


Download ComboFix from the following location:
Link

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    CF_RC_notice.png
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    cfRC_screen_2.png
    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 08:05 PM

Hi again,

 

RK Report #3

 

 

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3, v.6335) 32 bits version
Started in : Normal mode
User : sir [Admin rights]
Mode : HOSTSFix -- Date : 02/28/2013 08:30:58
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
 
127.0.0.1       localhost
127.0.0.1 support.apowersoft.com
127.0.0.1 www.apowersoft.com
127.0.0.1 apowersoft.com
 
 
¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1    localhost
 
Finished : << RKreport[3]_H_02282013_02d0830.txt >>
RKreport[1]_S_02282013_02d0801.txt ; RKreport[2]_D_02282013_02d0803.txt ; RKreport[3]_H_02282013_02d0830.txt
 
 
 
I have followed exactly all the instructions for the ComboFix and I think the scanning did not run properly as I cannot find the ComboFix.txt file at C:\


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:05 AM

Posted 27 February 2013 - 08:19 PM

Please try rerunning it again, the log should open up on it's own once it it ready

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 08:56 PM

Hi Thanks for the reply,

 

Followed your instructions and re-ran ComboFix and waited for 30 minutes for the txt file to come up but i still cannot find one at C:\ 

 

The process gets up to the backing up portion and reverts back to the ComboFix window for a few seconds before it stops. Not sure if I am missing something but I have gone through your instructions and I am pretty certain that I have covered everything. 



#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:05 AM

Posted 27 February 2013 - 09:00 PM

it does not sound as if Combofix is running properly on your machine, so we will take a different approach:
(were your security programs disabled totally and were all other windows closed?)

Please do the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    DRIVES
    CREATERESTOREPOINT
    BASESERVICES
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 09:07 PM

Yes, I disabled the MBAM pro and avast and all windows were closed before I ran the ComboFix

 

Doing the OTL process. Be back shortly. Many thanks for your patience.



#10 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 09:45 PM

Hello, 

 

Here are the txt files generated from the OTL scan. Big thanks

 

 

OTL.Txt

 

 

OTL logfile created on: 2/28/2013 10:22:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\sir\Desktop
Windows XP Professional Edition Service Pack 3, v.6335 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.25 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 56.68% Memory free
2.98 Gb Paging File | 2.64 Gb Available in Paging File | 88.40% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.04 Gb Total Space | 6.24 Gb Free Space | 23.06% Space Free | Partition Type: NTFS
Drive D: | 25.84 Gb Total Space | 22.32 Gb Free Space | 86.38% Space Free | Partition Type: NTFS
 
Computer Name: RAUL | User Name: sir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/28 10:09:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sir\Desktop\OTL.exe
PRC - [2013/02/12 12:15:24 | 001,318,120 | ---- | M] (CBS Interactive) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/02/12 12:15:24 | 000,802,536 | ---- | M] (CBS Interactive) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/31 06:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\sir\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/05/08 07:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/03 04:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/28 05:21:19 | 002,068,480 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13022701\algo.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/03 04:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/03 04:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\IDrive\IDriveWebM.exe -- (IDriveWebM)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/27 17:46:48 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/12 12:15:24 | 000,802,536 | ---- | M] (CBS Interactive) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/12/28 19:50:18 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/31 06:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/12 07:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/11/10 04:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/08 07:29:38 | 000,122,880 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\ssmdrv.sys -- (ssmdrv)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\avipbb.sys -- (avipbb)
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\avgntflt.sys -- (avgntflt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2013/02/28 02:00:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/10/31 06:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/31 06:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/31 06:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/31 06:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/31 06:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/31 06:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/31 06:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/24 10:57:54 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/03/24 10:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/19 00:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/11/26 18:02:52 | 000,014,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/08/25 19:39:02 | 000,013,064 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\prwntdrv.sys -- (prwntdrv)
DRV - [2009/03/26 00:35:56 | 000,025,472 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/03/18 00:45:52 | 000,019,584 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\Ckldrv.sys -- (NetworkX)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/06/27 14:42:00 | 000,207,488 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2006/10/13 03:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (TVicPort)
DRV - [2006/08/03 05:09:20 | 000,674,560 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51)
DRV - [2006/05/04 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/03/20 05:01:22 | 000,164,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/03/20 05:00:30 | 000,022,400 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/03/20 04:56:24 | 000,622,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/03/20 04:54:48 | 001,107,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [1996/04/04 03:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarGroup)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfron205
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&st=home&tid=3192
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook: {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarGroup)
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{45DAD08E-C509-4178-AEE9-518E5639A1BC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{93E453E0-AFFD-47DE-982C-AD89E2C900C4}: "URL" = http://t3-3.search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://search.fbdownloader.com/search.php?channel=sfron205&q={searchTerms}
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\sir\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\sir\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\sir\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\sir\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\sir\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
[2013/02/21 15:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sir\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/02/21 15:33:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sir\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2012/07/29 22:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Documents and Settings\sir\Application Data\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
[2012/12/14 04:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Documents and Settings\sir\Application Data\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012/08/15 21:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/29 07:04:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/06 00:07:03 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010/10/08 12:50:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/12 18:40:37 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/06 22:14:32 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.114_0\npqscan.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Documents and Settings\sir\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: avast! WebRep = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/02/28 08:30:58 | 000,000,724 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DownTango Launcher) - {48afc532-7765-4b70-9aed-f1dcd5043485} - C:\Documents and Settings\sir\Application Data\DownTangoFTbToolbar\DownTangoFTbToolbar.dll (Simplytech Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DownTango Launcher) - {48afc532-7765-4b70-9aed-f1dcd5043485} - C:\Documents and Settings\sir\Application Data\DownTangoFTbToolbar\DownTangoFTbToolbar.dll (Simplytech Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (StyleFantasist)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SimilarSites) - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarGroup)
O3 - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (CBS Interactive)
O4 - HKU\.DEFAULT..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-18..\Run: [LClock] C:\Program Files\LClock\LClock.exe ()
O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-507921405-920026266-854245398-1003..\Run: [Akamai NetSession Interface] C:\Documents and Settings\sir\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-507921405-920026266-854245398-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: SimilarSites - {807DF5E0-4EF7-48a8-A405-239F3E29FFA9} - C:\Program Files\SimilarSites\SimilarSites.dll (SimilarGroup)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1361330050067 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBCCCBBC-2778-466C-913E-8C70DC4DFC9F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - (C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll) - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\sir\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\sir\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/08 08:29:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/28 10:09:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sir\Desktop\OTL.exe
[2013/02/28 09:34:08 | 005,036,023 | R--- | C] (Swearware) -- C:\Documents and Settings\sir\Desktop\ComboFix.exe
[2013/02/28 08:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/28 08:36:58 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/02/28 02:00:39 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/28 00:57:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Desktop\RK_Quarantine
[2013/02/28 00:52:10 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\sir\Desktop\dds.com
[2013/02/28 00:31:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/02/27 08:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/02/27 08:10:32 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/02/27 08:10:31 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/02/27 08:10:25 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/02/27 08:10:24 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/02/27 08:10:23 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/02/27 08:10:22 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/02/27 08:10:22 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/02/27 08:10:21 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/02/27 08:09:13 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/02/27 08:09:11 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/02/27 00:05:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\sir\Recent
[2013/02/26 19:59:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Desktop\Unused Desktop Shortcuts
[2013/02/26 11:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/24 14:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PhotoScape
[2013/02/24 14:33:44 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2013/02/24 14:33:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\OpenCandy
[2013/02/24 10:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Registry Easy
[2013/02/24 10:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2013/02/24 10:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/23 16:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\mbar-1.01.0.1020
[2013/02/23 11:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(2)
[2013/02/21 21:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\DivX
[2013/02/21 17:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\GAP Projects
[2013/02/21 16:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\MAGIX downloads
[2013/02/21 16:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\MAGIX
[2013/02/21 16:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\MAGIX_MusicEditor
[2013/02/21 16:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Local Settings\Application Data\Xara
[2013/02/21 16:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\MAGIX
[2013/02/21 16:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2013/02/21 16:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MAGIX
[2013/02/21 16:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2013/02/21 16:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2013/02/21 16:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2013/02/21 10:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\YouTube Downloader Suite
[2013/02/21 10:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\Apowersoft
[2013/02/21 10:44:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Apowersoft
[2013/02/21 10:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\Apowersoft
[2013/02/21 09:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\GAP
[2013/02/20 20:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Desktop\New Folder (4)
[2013/02/20 19:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP Extensions
[2013/02/20 18:49:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Local Settings\Application Data\fontconfig
[2013/02/20 18:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\.gimp-2.8
[2013/02/20 18:49:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Local Settings\Application Data\gegl-0.2
[2013/02/20 18:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/02/20 16:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\processexplore
[2013/02/20 15:49:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Desktop\Software Informer
[2013/02/20 15:43:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\Software Informer
[2013/02/20 14:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QVJGTGljZW5zZUluZm8=
[2013/02/20 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Registry Fix
[2013/02/20 13:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Fix 2012
[2013/02/20 11:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TPFanControl
[2013/02/20 11:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\TPFanControl
[2013/02/20 11:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2013/02/20 08:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\SimilarSites
[2013/02/20 08:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\SimilarSites
[2013/02/20 08:53:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\DataMgr
[2013/02/20 08:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\SSync
[2013/02/20 08:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\SCheck
[2013/02/20 08:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\FBDownloader
[2013/02/20 08:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\Common
[2013/02/20 08:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Start Menu\Programs\SpeedFan
[2013/02/20 08:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\LockHunter
[2013/02/20 08:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LockHunter
[2013/02/20 08:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2013/02/19 22:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/19 20:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ffdshow
[2013/02/19 20:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Gophoto.it
[2013/02/19 20:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Movie2KDownloader.com
[2013/02/19 20:50:11 | 000,000,000 | ---D | C] -- C:\Program Files\hdvidcodec.com
[2013/02/19 20:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Start Menu\Programs\hdvidcodec.com
[2013/02/19 19:18:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Start Menu\Programs\Revo Uninstaller
[2013/02/19 19:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/19 19:01:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/02/19 18:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Local Settings\Application Data\DownTangoFTbToolbar
[2013/02/19 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\DownTangoFTbToolbar
[2013/02/19 18:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\DownTangoFTbToolbar
[2013/02/19 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/02/19 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013/02/19 13:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\Visual Studio 2005
[2013/02/19 11:07:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware(2)
[2013/02/19 10:59:44 | 000,000,000 | ---D | C] -- C:\Program Files\Max Internet Optimizer
[2013/02/17 11:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\My Documents\Assorted Viideos
[2013/02/11 20:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\PhotoFiltre 7
[2013/02/11 20:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Local Settings\Application Data\APN
[2013/02/09 23:03:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sir\Application Data\Apple Computer
[2013/02/09 23:03:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2013/02/09 19:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2013/02/09 19:06:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/02/09 19:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/28 10:23:06 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-920026266-854245398-1003UA.job
[2013/02/28 10:16:52 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/28 10:14:05 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/28 10:14:03 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Protected Search.job
[2013/02/28 10:14:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag_Startup.job
[2013/02/28 10:13:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/28 10:09:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sir\Desktop\OTL.exe
[2013/02/28 10:08:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/28 09:47:47 | 000,089,898 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\combofix.jpg
[2013/02/28 09:46:21 | 000,019,711 | ---- | M] () -- C:\Documents and Settings\sir\Local Settings\Application Data\recently-used.xbel
[2013/02/28 09:44:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/28 09:34:09 | 005,036,023 | R--- | M] (Swearware) -- C:\Documents and Settings\sir\Desktop\ComboFix.exe
[2013/02/28 07:51:08 | 000,816,640 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\RogueKiller.exe
[2013/02/28 03:09:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task fffdce19-d732-48cf-958f-c3f521d6f517.job
[2013/02/28 02:00:39 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/02/28 02:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 9da5cfc4-f78b-4eca-9075-8d8f11defe48.job
[2013/02/28 01:17:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/28 00:52:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\sir\Desktop\dds.com
[2013/02/27 19:45:19 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\Google Chrome.lnk
[2013/02/27 16:52:23 | 000,108,937 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\27chinese.jpg
[2013/02/27 08:10:33 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/02/27 08:10:23 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/27 07:35:04 | 000,000,275 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\(D) Local Disk.lnk
[2013/02/27 00:05:26 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130227_000519.reg
[2013/02/26 23:56:24 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130226_235618.reg
[2013/02/26 20:15:24 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130226_201520.reg
[2013/02/26 19:16:04 | 000,020,264 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130226_191557.reg
[2013/02/26 15:23:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-507921405-920026266-854245398-1003Core.job
[2013/02/26 11:29:02 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/26 11:29:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/24 14:34:22 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/02/24 10:49:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/23 16:12:55 | 013,711,621 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\mbar-1.01.0.1020.zip
[2013/02/22 11:15:39 | 000,154,624 | ---- | M] () -- C:\Documents and Settings\sir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/22 10:03:29 | 000,003,577 | ---- | M] () -- C:\Documents and Settings\sir\frame_000001.xcf
[2013/02/21 21:39:58 | 000,438,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/21 16:11:31 | 000,000,887 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Movie Edit Pro MX Premium Download Version.lnk
[2013/02/21 10:44:05 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\YouTube Downloader Suite.lnk
[2013/02/21 10:44:05 | 000,000,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader Suite.lnk
[2013/02/20 19:05:13 | 000,000,734 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\GIMP 2.lnk
[2013/02/20 15:27:57 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Easy.lnk
[2013/02/20 15:27:57 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\Registry Easy.lnk
[2013/02/20 12:53:34 | 000,000,008 | RHS- | M] () -- C:\Documents and Settings\sir\ntuser.pol
[2013/02/20 11:56:04 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TPFanControl.lnk
[2013/02/20 09:43:26 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\LockHunter.lnk
[2013/02/20 08:52:29 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\SpeedFan.lnk
[2013/02/20 08:52:25 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/02/20 08:52:00 | 002,108,256 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\installspeedfan445.exe
[2013/02/19 22:02:11 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_220205.reg
[2013/02/19 21:51:23 | 000,002,006 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_215118.reg
[2013/02/19 21:49:06 | 000,022,778 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_214900.reg
[2013/02/19 20:27:07 | 000,030,476 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_202702.reg
[2013/02/19 19:59:17 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2013/02/19 19:58:30 | 000,052,206 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_195820.reg
[2013/02/19 19:25:33 | 000,039,036 | ---- | M] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_192521.reg
[2013/02/19 19:18:59 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\sir\Desktop\Revo Uninstaller.lnk
[2013/02/14 08:59:56 | 000,531,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/14 08:59:56 | 000,108,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/28 09:46:21 | 000,019,711 | ---- | C] () -- C:\Documents and Settings\sir\Local Settings\Application Data\recently-used.xbel
[2013/02/28 09:46:20 | 000,089,898 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\combofix.jpg
[2013/02/28 07:50:53 | 000,816,640 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\RogueKiller.exe
[2013/02/28 00:34:47 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/02/27 19:45:19 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\Google Chrome.lnk
[2013/02/27 16:52:17 | 000,108,937 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\27chinese.jpg
[2013/02/27 08:10:33 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/02/27 08:10:23 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/02/27 07:35:04 | 000,000,275 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\(D) Local Disk.lnk
[2013/02/27 00:05:24 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130227_000519.reg
[2013/02/26 23:56:22 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130226_235618.reg
[2013/02/26 20:15:23 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130226_201520.reg
[2013/02/26 19:16:00 | 000,020,264 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130226_191557.reg
[2013/02/26 11:25:58 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/24 14:34:22 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk
[2013/02/23 16:12:54 | 013,711,621 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\mbar-1.01.0.1020.zip
[2013/02/22 10:03:29 | 000,003,577 | ---- | C] () -- C:\Documents and Settings\sir\frame_000001.xcf
[2013/02/21 16:11:31 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MAGIX Movie Edit Pro MX Premium Download Version.lnk
[2013/02/21 10:44:05 | 000,001,015 | ---- | C] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\YouTube Downloader Suite.lnk
[2013/02/21 10:44:05 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader Suite.lnk
[2013/02/20 19:05:13 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\GIMP 2.lnk
[2013/02/20 18:47:22 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GIMP 2.lnk
[2013/02/20 15:27:57 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\Registry Easy.lnk
[2013/02/20 15:27:57 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\Registry Easy.lnk
[2013/02/20 11:56:04 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TPFanControl.lnk
[2013/02/20 09:43:26 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\LockHunter.lnk
[2013/02/20 08:52:29 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\SpeedFan.lnk
[2013/02/20 08:52:16 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2013/02/20 08:51:43 | 002,108,256 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\installspeedfan445.exe
[2013/02/19 22:02:08 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_220205.reg
[2013/02/19 21:51:20 | 000,002,006 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_215118.reg
[2013/02/19 21:49:04 | 000,022,778 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_214900.reg
[2013/02/19 20:53:03 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/02/19 20:27:05 | 000,030,476 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_202702.reg
[2013/02/19 19:58:24 | 000,052,206 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_195820.reg
[2013/02/19 19:25:26 | 000,039,036 | ---- | C] () -- C:\Documents and Settings\sir\My Documents\cc_20130219_192521.reg
[2013/02/19 19:18:58 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\sir\Desktop\Revo Uninstaller.lnk
[2013/02/19 11:09:23 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task fffdce19-d732-48cf-958f-c3f521d6f517.job
[2013/02/19 11:09:18 | 000,000,506 | ---- | C] () -- C:\WINDOWS\tasks\SUPERAntiSpyware Scheduled Task 9da5cfc4-f78b-4eca-9075-8d8f11defe48.job
[2013/01/25 17:51:50 | 000,015,360 | ---- | C] () -- C:\WINDOWS\Launcher.exe
[2012/07/26 17:57:43 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\sir\Local Settings\Application Data\dt.dat
[2012/07/10 19:49:27 | 000,001,199 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/07/08 15:50:21 | 000,000,406 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2012/06/17 17:38:53 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2012/02/15 15:37:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 20:52:36 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\sir\Application Data\gmic_faves
[2012/01/24 10:54:58 | 000,134,118 | ---- | C] () -- C:\WINDOWS\ColorPic Uninstaller.exe
[2011/07/17 15:14:19 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/07/17 15:14:18 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/07/17 15:14:18 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/07/17 15:14:18 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/07/17 15:14:18 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/07/17 15:04:37 | 000,098,696 | ---- | C] () -- C:\WINDOWS\System32\setupprwdrv03.exe
[2011/07/17 15:04:37 | 000,013,064 | ---- | C] () -- C:\WINDOWS\System32\prwntdrv.sys
[2011/02/11 19:35:16 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/01/29 20:01:16 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\sir\Application Data\burnaware.ini
[2010/11/13 16:54:46 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\sir\ntuser.pol
[2010/11/11 00:33:55 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\sir\Local Settings\Application Data\housecall.guid.cache
[2010/10/31 18:18:06 | 000,154,624 | ---- | C] () -- C:\Documents and Settings\sir\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/10/08 08:31:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/05/18 19:03:21 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 20:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 20:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/10/09 04:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/11/11 18:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/06 22:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
[2011/01/20 10:00:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Arovax
[2013/02/27 08:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/02/19 21:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2013/02/19 17:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/05/05 23:14:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/02/19 17:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CPA_VA
[2010/12/16 21:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2010/10/08 11:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2012/12/28 19:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/02/21 16:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2013/02/19 21:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/18 23:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/12/18 23:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2010/11/24 13:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2013/02/20 11:38:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/19 00:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tipard WMV Converter Suite
[2010/10/09 00:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/12/18 23:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2012/07/28 14:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2012/07/25 18:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YTD Video Downloader
[2010/10/09 00:54:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2013/01/31 10:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2010/11/06 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Letlet\Application Data\Desktopicon
[2010/10/27 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Letlet\Application Data\TuneUp Software
[2010/10/08 08:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Letlet\Application Data\uTorrent
[2010/11/26 21:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\aHisoft
[2013/02/21 10:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Apowersoft
[2010/11/08 01:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Auslogics
[2012/06/17 11:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\AVG
[2012/05/05 23:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\AVG2012
[2012/07/31 08:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\blekkotb_019
[2013/02/20 08:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Common
[2013/02/20 08:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\DataMgr
[2010/11/06 08:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Desktopicon
[2013/02/19 18:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\DownTangoFTbToolbar
[2013/02/19 20:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Dropbox
[2010/12/19 05:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\DVDVideoSoft
[2013/02/27 13:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\FBDownloader
[2011/04/18 20:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\FileZilla
[2010/11/06 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Gadgets4Vista
[2011/02/11 19:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\GetRightToGo
[2012/08/24 08:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\gtk-2.0
[2010/11/28 17:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\IDM
[2012/06/17 17:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\IObit
[2013/02/20 08:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\LockHunter
[2013/02/21 16:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\MAGIX
[2010/10/09 01:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\OfficeRecovery
[2013/02/24 14:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\OpenCandy
[2013/02/11 20:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\PhotoFiltre 7
[2013/02/02 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\PhotoScape
[2013/02/19 17:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\PriceGong
[2011/08/28 16:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\QuickScan
[2013/02/20 08:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\SCheck
[2012/07/11 23:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Search Settings
[2011/01/23 07:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\seo-wsb-free
[2013/02/20 08:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\SimilarSites
[2013/02/26 17:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Software Informer
[2012/08/03 23:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Sony
[2013/02/20 08:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\SSync
[2010/10/08 08:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Styler
[2010/10/08 13:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\SystemRequirementsLab
[2010/11/28 18:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Tific
[2013/02/19 20:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\TuneUp Software
[2013/02/26 23:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\uTorrent
[2011/02/11 19:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\VDownloader
[2010/12/11 16:10:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\VitySoft
[2010/10/29 11:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\Xigraffix
[2011/12/22 13:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\YouTube Downloader
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2008/04/14 20:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 19:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2009/02/07 01:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009/02/06 18:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/14 20:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 20:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 20:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: FUJITSU MHT2060AT
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 27.00GB
Starting Offset: 32256
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 26.00GB
Starting Offset: 29038141440
Hidden sectors: 0
 
 
========== Base Services ==========
SRV - [2008/04/14 20:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/05/18 19:02:26 | 000,025,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 20:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 21:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 20:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 20:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/21 01:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 20:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 20:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 20:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 20:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 20:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 20:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 20:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 20:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 20:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/21 00:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 19:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 21:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 20:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 20:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 20:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 20:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 20:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 20:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 20:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 20:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 13:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 20:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 20:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 20:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 20:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 20:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/28 07:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 20:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 20:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 20:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 20:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/05/19 01:57:42 | 000,095,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 20:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 20:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 20:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/05/18 19:07:47 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 14:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
 
< End of report >
 
 
 
 
Extras.Txt
 
 

OTL Extras logfile created on: 2/28/2013 10:22:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\sir\Desktop
Windows XP Professional Edition Service Pack 3, v.6335 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.25 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 56.68% Memory free
2.98 Gb Paging File | 2.64 Gb Available in Paging File | 88.40% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.04 Gb Total Space | 6.24 Gb Free Space | 23.06% Space Free | Partition Type: NTFS
Drive D: | 25.84 Gb Total Space | 22.32 Gb Free Space | 86.38% Space Free | Partition Type: NTFS
 
Computer Name: RAUL | User Name: sir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 
"1119:TCP" = 1119:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\sir\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\sir\Local Settings\Application Data\Akamai\netsession_win.exe:*:Disabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype  -- (Skype Technologies S.A.)
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Apowersoft\YouTube Downloader Suite\YouTube-Downloader-Suite.exe" = C:\Program Files\Apowersoft\YouTube Downloader Suite\YouTube-Downloader-Suite.exe:*:Enabled:YouTube Downloader Suite -- (Apowersoft)
"C:\Program Files\Apowersoft\YouTube Downloader Suite\YouTubeDownloaderSuite.exe" = C:\Program Files\Apowersoft\YouTube Downloader Suite\YouTubeDownloaderSuite.exe:*:Enabled:YouTube Downloader Suite -- (dotnetVM)
"C:\Program Files\Apowersoft\YouTube Downloader Suite\ApowersoftSrv.dll" = C:\Program Files\Apowersoft\YouTube Downloader Suite\ApowersoftSrv.dll:*:Enabled:YouTube Downloader Suite -- ()
"C:\Program Files\Apowersoft\YouTube Downloader Suite\ApowersoftDump.dll" = C:\Program Files\Apowersoft\YouTube Downloader Suite\ApowersoftDump.dll:*:Enabled:YouTube Downloader Suite -- ()
"C:\Documents and Settings\sir\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sir\Application Data\Dropbox\bin\Dropbox.exe:*:Disabled:Dropbox
"C:\Documents and Settings\sir\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\sir\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Disabled:Google Talk Plugin -- (Google)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{3FF2F54D-FA3A-406F-9F9E-6CDD95B9A1A9}_is1" = YouTube Downloader Suite V3.2.3
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{590E3295-A11B-4C9F-9F88-399397EE393D}" = YouTube Downloader Toolbar v6.0
"{5BEBD7F0-5544-3B4C-8D15-7154AA35BEA2}" = Google Talk Plugin
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B2E416-A88D-46D8-9A1F-E6A8B6D952B3}" = MAGIX Movie Edit Pro MX Premium Download Version
"{763B5C51-9F34-4874-ABC6-0274F548F6C8}" = MAGIX Speed burnR (MSI)
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD0F820-3656-4AB3-A7F4-005CAA2D0897}_is1" = RDesc 2.32
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" = 
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BD32D993-45D5-42CD-BE56-0D09E8D74ECD}" = MAGIX Screenshare
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}" = Styler
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Affiliate DC_is1" = Affiliate DC v2.0
"Akamai" = Akamai NetSession Interface Service
"ATI Display Driver" = ATI Display Driver (Omega 3.8.252)
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6" = SoftK56 Data Fax CARP
"conduitEngine" = Conduit Engine
"Driver Magician_is1" = Driver Magician 3.45
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 8.0.1 Home Edition
"EASEUS Partition Recovery_is1" = EASEUS Partition Recovery 5.0.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"FileASSASSIN" = FileASSASSIN
"GIMP Extensions" = GIMP Extensions 2.8.20130215
"GIMP-2_is1" = GIMP 2.8.4
"G'MIC for GIMP_is1" = G'MIC for GIMP version 1.5.4.0
"Google Chrome" = Google Chrome
"IconPackager" = IconPackager
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Standard
"LClock" = LClock
"LockHunter_is1" = LockHunter 2.0 beta 2, 32 bit
"MAGIX_MSI_Videodeluxe18_premium" = MAGIX Movie Edit Pro MX Premium Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"PhotoScape" = PhotoScape
"PowerCmd_is1" = PowerCmd 1.9
"Protected Search_is1" = Protected Search 1.1
"Revo Uninstaller" = Revo Uninstaller 1.94
"RocketDock_is1" = RocketDock 1.3.5
"SimilarSites" = SimilarSites
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"Trusted Software Assistant_is1" = File Type Assistant
"Uninstall_is1" = Uninstall 1.0.0.1
"Unknown Device Identifier_is1" = Unknown Device Identifier 7.00
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WindowBlinds" = WindowBlinds
"WinRAR archiver" = WinRAR archiver
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"PhotoFiltre 7" = PhotoFiltre 7
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/15/2013 9:48:03 AM | Computer Name = RAUL | Source = ESENT | ID = 490
Description = svchost (540) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 2/15/2013 9:48:10 AM | Computer Name = RAUL | Source = ESENT | ID = 490
Description = svchost (540) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 2/15/2013 9:48:14 AM | Computer Name = RAUL | Source = ESENT | ID = 490
Description = svchost (540) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 2/15/2013 9:48:24 AM | Computer Name = RAUL | Source = ESENT | ID = 490
Description = svchost (540) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 2/15/2013 10:59:15 PM | Computer Name = RAUL | Source = ESENT | ID = 490
Description = svchost (448) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 for read / write access failed with system error 32 (0x00000020): "The process 
cannot access the file because it is being used by another process. ".  The open
 file operation will fail with error -1032 (0xfffffbf8).
 
Error - 2/19/2013 6:00:57 AM | Computer Name = RAUL | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
 module advapi32.dll, version 5.1.2600.5755, fault address 0x0000d771.
 
Error - 2/27/2013 12:16:31 PM | Computer Name = RAUL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 2/27/2013 12:16:31 PM | Computer Name = RAUL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 2/27/2013 12:17:32 PM | Computer Name = RAUL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
Error - 2/27/2013 12:17:32 PM | Computer Name = RAUL | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
 and it will not be loaded. This is most likely caused by a faulty registration.
 
[ OSession Events ]
Error - 11/9/2010 5:30:30 AM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 288
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/25/2010 1:48:32 AM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6062
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 10/13/2011 12:49:25 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 603
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 3/6/2012 5:52:46 AM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1617
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 8:58:45 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2697
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 8:59:59 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 57
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 9:01:14 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 34
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 9:02:32 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 9:44:23 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 7/10/2012 10:04:07 PM | Computer Name = UNCLE-7034AFF6E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 49
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2/26/2013 8:55:23 PM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due 
to the following error:   %%1053
 
Error - 2/27/2013 4:39:11 AM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error:   %%2
 
Error - 2/27/2013 4:39:11 AM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
 error:   %%3
 
Error - 2/27/2013 4:39:11 AM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
 error:   %%3
 
Error - 2/27/2013 4:39:30 AM | Computer Name = RAUL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   avgio  avipbb  ssmdrv
 
Error - 2/27/2013 9:47:07 AM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error:   %%2
 
Error - 2/27/2013 10:14:31 PM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The avgntflt service failed to start due to the following error:   %%2
 
Error - 2/27/2013 10:14:31 PM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Scheduler service failed to start due to the following
 error:   %%3
 
Error - 2/27/2013 10:14:31 PM | Computer Name = RAUL | Source = Service Control Manager | ID = 7000
Description = The Avira AntiVir Guard service failed to start due to the following
 error:   %%3
 
Error - 2/27/2013 10:14:50 PM | Computer Name = RAUL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   avgio  avipbb  ssmdrv
 
 
< End of report >
 


#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:05 AM

Posted 27 February 2013 - 10:15 PM

Please run the following:

please download Shortcut Cleaner from the following web page and save it to your Windows desktop.
  • Shortcut Cleaner Download Link
  • Once the file is downloaded, double-click on the ss-cleaner.exe file that should now be on your desktop.
  • If you are using Windows Vista, 7, or 8 you will need to allow it to run when the prompt appears.
  • Shortcut Cleaner will now start and scan your computer for hijacked Windows shortcuts
  • if any are found it will automatically clean them for you.
  • When it is done, it will show you a log that contains a list of shortcuts that were cleaned. (Please copy and paste the contents of that log into your next reply)



    NEXT


    Uninstall the Conduit Toolbar via Add/Remove programs


    NEXT


    Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&st=home&tid=3192
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfron205
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=41460&tid=3192&st=bs&q=
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certified-toolbar.com?si=41460&st=home&tid=3192
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certified-toolbar.com?si=41460&st=home&tid=3192
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook:  - No CLSID value found
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{45DAD08E-C509-4178-AEE9-518E5639A1BC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{93E453E0-AFFD-47DE-982C-AD89E2C900C4}: "URL" = http://t3-3.search.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://search.fbdownloader.com/search.php?channel=sfron205&q={searchTerms}
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKU\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
    O3 - HKU\S-1-5-21-507921405-920026266-854245398-1003\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O4 - HKLM..\Run: []  File not found
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (CBS Interactive)
    [2013/02/20 14:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QVJGTGljZW5zZUluZm8=
    [2013/02/19 17:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
    [2012/07/31 08:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sir\Application Data\blekkotb_019
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log
  • NEXT


    Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • NEXT


    Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply
  • [/list]

Edited by CatByte, 27 February 2013 - 10:17 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 11:17 PM

Hi CatByte,

 

 

 

Done with the ss-cleaner process, uninstalling of the Conduit Toolbar via Add/Remove programs and the Run Fix process at OTL after copy-pasting the text inside the code box.
 
Before proceeding to the succeeding tasks, I just would like to inform you that I got an error message while doing the Run Fix process at OTL -
 
cmd.exe - Entry Point not Found
The procedure entry point Get VDMCurrentDirectories could not be located in the dynamic link library vKERNEL32.dll
 
I will now continue with the remaining tasks unless you have other instructions. 
 
Here are the logs generated after running SS-Cleaner and OTL:
 
 
SS-Cleaner Log:
 
Shortcut Cleaner 1.2.1 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 
Program started at: 02/28/2013 11:47:09 AM.
 
Searching C:\Documents and Settings\sir\Start Menu\
 
Searching C:\Documents and Settings\All Users\Start Menu\
 
Searching C:\Documents and Settings\sir\Application Data\Microsoft\Internet Explorer\Quick Launch\
 
Searching C:\Documents and Settings\All Users\Desktop\
 
Searching C:\Documents and Settings\sir\Desktop\
 
 
0 bad shortcuts found.
 
Program finished at: 02/28/2013 11:47:12 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
 
 
 
Run-Fix/OTL Log:
 
All processes killed
========== OTL ==========
HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-507921405-920026266-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{45DAD08E-C509-4178-AEE9-518E5639A1BC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45DAD08E-C509-4178-AEE9-518E5639A1BC}\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{93E453E0-AFFD-47DE-982C-AD89E2C900C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93E453E0-AFFD-47DE-982C-AD89E2C900C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
HKU\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8769adce-dba5-48e9-afb5-67b12cdf2e61} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-920026266-854245398-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
C:\WINDOWS\System32\QVJGTGljZW5zZUluZm8= folder moved successfully.
C:\Documents and Settings\All Users\Application Data\blekko toolbars folder moved successfully.
C:\Documents and Settings\sir\Application Data\blekkotb_019 folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
No captured output from command...
C:\Documents and Settings\sir\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Letlet
->Temp folder emptied: 170273669 bytes
->Temporary Internet Files folder emptied: 1187674 bytes
->Java cache emptied: 140451 bytes
->Google Chrome cache emptied: 223678960 bytes
->Flash cache emptied: 79706 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: sir
->Temp folder emptied: 33956354 bytes
->Temporary Internet Files folder emptied: 3345068 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 7520821 bytes
->Flash cache emptied: 664 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8951180 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 421671970 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 24329349 bytes
RecycleBin emptied: 1022 bytes
 
Total Files Cleaned = 856.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02282013_115459
 
Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_674.dat not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...


#13 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 27 February 2013 - 11:38 PM

Hi CatByte,

 

I was not able to run the JRT tool - got the same error message - 

 

 

cmd.exe - Entry Point not Found
The procedure entry point Get VDMCurrentDirectories could not be located in the dynamic link library vKERNEL32.dll
 
Hereunder is the log generated after running AdwCleaner. BIG thanks
 
 
 
 
# AdwCleaner v2.113 - Logfile created 02/28/2013 at 12:25:07
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3, v.6335 (32 bits)
# User : sir - RAUL
# Boot Mode : Normal
# Running from : C:\Documents and Settings\sir\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Application Updater
 
***** [Files / Folders] *****
 
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\WINDOWS\Tasks\Protected Search.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\sir\Application Data\DataMgr
Folder Deleted : C:\Documents and Settings\sir\Application Data\Desktopicon
Folder Deleted : C:\Documents and Settings\sir\Application Data\DownTangoFTbToolbar
Folder Deleted : C:\Documents and Settings\sir\Application Data\fbDownloader
Folder Deleted : C:\Documents and Settings\sir\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\sir\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\sir\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\sir\Application Data\SimilarSites
Folder Deleted : C:\Documents and Settings\sir\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\sir\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\sir\Local Settings\Application Data\DownTangoFTbToolbar
Folder Deleted : C:\Documents and Settings\sir\Local Settings\Application Data\NCH
Folder Deleted : C:\Documents and Settings\sir\Local Settings\Application Data\simplytech
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\DownTangoFTbToolbar
Folder Deleted : C:\Program Files\Protected Search
Folder Deleted : C:\Program Files\SimilarSites
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\GreenTree Applications
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2DB4FE6-8409-45CE-8010-189A7B5CCE86}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKCU\Software\NCH
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band
Key Deleted : HKLM\SOFTWARE\Classes\wtb.Band.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Key Deleted : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Key Deleted : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE69C007-C452-4D3E-86D2-1730DF8BC871}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{807DF5E0-4EF7-48A8-A405-239F3E29FFA9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0DC5E96F-BD02-4768-B8D3-0812A92165E4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Protected Search_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SimilarSites
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protected Search_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SimilarSites
Key Deleted : HKLM\Software\NCH
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SimilarSites
Key Deleted : HKLM\Software\VDownloader\OpenCandy
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FE69C007-C452-4D3E-86D2-1730DF8BC871}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.97
 
File : C:\Documents and Settings\sir\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [9453 octets] - [28/02/2013 12:25:07]
 
########## EOF - C:\AdwCleaner[S1].txt - [9513 octets] ##########
 


#14 JoshToppe001

JoshToppe001
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:05 PM

Posted 28 February 2013 - 01:18 AM

BTW, I have already noticed marked improvement in the speed by which I can access my Chrome browser. By this alone, I am already extremely thankful for the help you have so far provided.  :)



#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:05 AM

Posted 28 February 2013 - 11:00 AM

please try running combofix once more.

Delete the copy you have and download a fresh copy, make sure your antivirus is disabled while you download the program.

If it still wont run in normal mode, try it in safe mode


give it lots of time to run

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users