Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant ad.yieldmanager popups on left or right side of window


  • This topic is locked This topic is locked
63 replies to this topic

#1 tkmops

tkmops

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 12 June 2013 - 01:50 PM

Mod Edit: Moved to "Virus, Trojan, Spyware, and Malware Removal Logs" forum ~~boopme


Hi,
Your site was reccommended to me by another site, maybe you gurus can help me. I found another post(http://www.bleepingcomputer.com/forums/t/469656/constant-adyieldmanager-popups-on-left-or-right-side-of-window/)  with almost the exact same issue that I'm having, and I did what that post said: 
 
Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
-AdwCleaner-
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
--RogueKiller--
 
Download & SAVE to your Desktop RogueKiller or from here 
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller
 
I just did all those...here's the logs(RK made three logs):
Checkup log:
Results of screen317's Security Check version 0.99.64  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Trend Micro Titanium   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Out of date HijackThis  installed!
 HijackThis 2.0.2    
 CCleaner     
 River Past Video Cleaner  
 Java 7 Update 10  
 Java™ SE Runtime Environment 6 Update 1 
 Java version out of Date!
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.7 Adobe Reader out of Date!
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````
 Windows Defender MSASCui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 
Adwcleaner log:
# AdwCleaner v2.302 - Logfile created 06/12/2013 at 10:24:44
# Updated 06/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Tod - TOD-PC
# Boot Mode : Normal
# Running from : Q:\My download files\Bleeping Computer\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.19418
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\prefs.js
 
C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\user.js ... Deleted !
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [4762 octets] - [12/06/2013 10:24:44]
 
########## EOF - C:\AdwCleaner[S1].txt - [4822 octets] ##########
 
RougeKiller logs:
Log 1:
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Tod [Admin rights]
Mode : Scan -- Date : 06/12/2013 11:04:39
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x82400170 -> HOOKED (Unknown @ 0x880569F4)
SSDT[67] : NtCreateMutant @ 0x824319A3 -> HOOKED (Unknown @ 0x88052674)
SSDT[72] : NtCreateProcess @ 0x824A2F95 -> HOOKED (Unknown @ 0x87F9895C)
SSDT[73] : NtCreateProcessEx @ 0x824A2FE0 -> HOOKED (Unknown @ 0x88052D64)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823D1349 -> HOOKED (Unknown @ 0x8805263C)
SSDT[78] : NtCreateThread @ 0x824A2DC8 -> HOOKED (Unknown @ 0x8805271C)
SSDT[123] : NtDeleteKey @ 0x823C3749 -> HOOKED (Unknown @ 0x88056F9C)
SSDT[126] : NtDeleteValueKey @ 0x823BECEA -> HOOKED (Unknown @ 0x88052124)
SSDT[129] : NtDuplicateObject @ 0x82409581 -> HOOKED (Unknown @ 0x88052604)
SSDT[165] : NtLoadDriver @ 0x8237CE12 -> HOOKED (Unknown @ 0x880526AC)
SSDT[194] : NtOpenProcess @ 0x8243213F -> HOOKED (Unknown @ 0x8806233C)
SSDT[197] : NtOpenSection @ 0x82422794 -> HOOKED (Unknown @ 0x88052064)
SSDT[201] : NtOpenThread @ 0x8242D63B -> HOOKED (Unknown @ 0x8800FADC)
SSDT[267] : NtRenameKey @ 0x8246588C -> HOOKED (Unknown @ 0x8805200C)
SSDT[280] : NtRestoreKey @ 0x82463F92 -> HOOKED (Unknown @ 0x8805215C)
SSDT[317] : NtSetSystemInformation @ 0x823F7F18 -> HOOKED (Unknown @ 0x8806D00C)
SSDT[324] : NtSetValueKey @ 0x823EF3FF -> HOOKED (Unknown @ 0x88056FD4)
SSDT[334] : NtTerminateProcess @ 0x82402173 -> HOOKED (Unknown @ 0x8800FAA4)
SSDT[335] : NtTerminateThread @ 0x8242D670 -> HOOKED (Unknown @ 0x88056A2C)
SSDT[358] : NtWriteVirtualMemory @ 0x8241EA2F -> HOOKED (Unknown @ 0x88052754)
SSDT[382] : NtCreateThreadEx @ 0x8242D125 -> HOOKED (Unknown @ 0x880526E4)
SSDT[383] : NtCreateUserProcess @ 0x823DAC47 -> HOOKED (Unknown @ 0x88062374)
S_SSDT[572] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x9E36A3FC)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9E36A434)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a06e5029a861aaeebed44b655a51cb1d
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 372485 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 762849360 | Size: 9066 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[1]_S_06122013_02d1104.txt >>
RKreport[1]_S_06122013_02d1104.txt
 
 
Log 2:
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Tod [Admin rights]
Mode : Remove -- Date : 06/12/2013 11:07:25
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x82400170 -> HOOKED (Unknown @ 0x880569F4)
SSDT[67] : NtCreateMutant @ 0x824319A3 -> HOOKED (Unknown @ 0x88052674)
SSDT[72] : NtCreateProcess @ 0x824A2F95 -> HOOKED (Unknown @ 0x87F9895C)
SSDT[73] : NtCreateProcessEx @ 0x824A2FE0 -> HOOKED (Unknown @ 0x88052D64)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823D1349 -> HOOKED (Unknown @ 0x8805263C)
SSDT[78] : NtCreateThread @ 0x824A2DC8 -> HOOKED (Unknown @ 0x8805271C)
SSDT[123] : NtDeleteKey @ 0x823C3749 -> HOOKED (Unknown @ 0x88056F9C)
SSDT[126] : NtDeleteValueKey @ 0x823BECEA -> HOOKED (Unknown @ 0x88052124)
SSDT[129] : NtDuplicateObject @ 0x82409581 -> HOOKED (Unknown @ 0x88052604)
SSDT[165] : NtLoadDriver @ 0x8237CE12 -> HOOKED (Unknown @ 0x880526AC)
SSDT[194] : NtOpenProcess @ 0x8243213F -> HOOKED (Unknown @ 0x8806233C)
SSDT[197] : NtOpenSection @ 0x82422794 -> HOOKED (Unknown @ 0x88052064)
SSDT[201] : NtOpenThread @ 0x8242D63B -> HOOKED (Unknown @ 0x8800FADC)
SSDT[267] : NtRenameKey @ 0x8246588C -> HOOKED (Unknown @ 0x8805200C)
SSDT[280] : NtRestoreKey @ 0x82463F92 -> HOOKED (Unknown @ 0x8805215C)
SSDT[317] : NtSetSystemInformation @ 0x823F7F18 -> HOOKED (Unknown @ 0x8806D00C)
SSDT[324] : NtSetValueKey @ 0x823EF3FF -> HOOKED (Unknown @ 0x88056FD4)
SSDT[334] : NtTerminateProcess @ 0x82402173 -> HOOKED (Unknown @ 0x8800FAA4)
SSDT[335] : NtTerminateThread @ 0x8242D670 -> HOOKED (Unknown @ 0x88056A2C)
SSDT[358] : NtWriteVirtualMemory @ 0x8241EA2F -> HOOKED (Unknown @ 0x88052754)
SSDT[382] : NtCreateThreadEx @ 0x8242D125 -> HOOKED (Unknown @ 0x880526E4)
SSDT[383] : NtCreateUserProcess @ 0x823DAC47 -> HOOKED (Unknown @ 0x88062374)
S_SSDT[572] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x9E36A3FC)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9E36A434)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a06e5029a861aaeebed44b655a51cb1d
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 372485 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 762849360 | Size: 9066 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[2]_D_06122013_02d1107.txt >>
RKreport[1]_S_06122013_02d1104.txt ; RKreport[2]_D_06122013_02d1107.txt
 
 
Log 3:
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Tod [Admin rights]
Mode : Scan -- Date : 06/12/2013 11:12:14
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x82400170 -> HOOKED (Unknown @ 0x880569F4)
SSDT[67] : NtCreateMutant @ 0x824319A3 -> HOOKED (Unknown @ 0x88052674)
SSDT[72] : NtCreateProcess @ 0x824A2F95 -> HOOKED (Unknown @ 0x87F9895C)
SSDT[73] : NtCreateProcessEx @ 0x824A2FE0 -> HOOKED (Unknown @ 0x88052D64)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x823D1349 -> HOOKED (Unknown @ 0x8805263C)
SSDT[78] : NtCreateThread @ 0x824A2DC8 -> HOOKED (Unknown @ 0x8805271C)
SSDT[123] : NtDeleteKey @ 0x823C3749 -> HOOKED (Unknown @ 0x88056F9C)
SSDT[126] : NtDeleteValueKey @ 0x823BECEA -> HOOKED (Unknown @ 0x88052124)
SSDT[129] : NtDuplicateObject @ 0x82409581 -> HOOKED (Unknown @ 0x88052604)
SSDT[165] : NtLoadDriver @ 0x8237CE12 -> HOOKED (Unknown @ 0x880526AC)
SSDT[194] : NtOpenProcess @ 0x8243213F -> HOOKED (Unknown @ 0x8806233C)
SSDT[197] : NtOpenSection @ 0x82422794 -> HOOKED (Unknown @ 0x88052064)
SSDT[201] : NtOpenThread @ 0x8242D63B -> HOOKED (Unknown @ 0x8800FADC)
SSDT[267] : NtRenameKey @ 0x8246588C -> HOOKED (Unknown @ 0x8805200C)
SSDT[280] : NtRestoreKey @ 0x82463F92 -> HOOKED (Unknown @ 0x8805215C)
SSDT[317] : NtSetSystemInformation @ 0x823F7F18 -> HOOKED (Unknown @ 0x8806D00C)
SSDT[324] : NtSetValueKey @ 0x823EF3FF -> HOOKED (Unknown @ 0x88056FD4)
SSDT[334] : NtTerminateProcess @ 0x82402173 -> HOOKED (Unknown @ 0x8800FAA4)
SSDT[335] : NtTerminateThread @ 0x8242D670 -> HOOKED (Unknown @ 0x88056A2C)
SSDT[358] : NtWriteVirtualMemory @ 0x8241EA2F -> HOOKED (Unknown @ 0x88052754)
SSDT[382] : NtCreateThreadEx @ 0x8242D125 -> HOOKED (Unknown @ 0x880526E4)
SSDT[383] : NtCreateUserProcess @ 0x823DAC47 -> HOOKED (Unknown @ 0x88062374)
S_SSDT[572] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x9E36A3FC)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x9E36A434)
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1  localhost
::1  localhost #[IPv6]
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  csh.actiondesk.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] a06e5029a861aaeebed44b655a51cb1d
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 372485 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 762849360 | Size: 9066 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
 
Finished : << RKreport[3]_S_06122013_02d1112.txt >>
RKreport[1]_S_06122013_02d1104.txt ; RKreport[2]_D_06122013_02d1107.txt ; RKreport[3]_S_06122013_02d1112.txt
 
 
The RougeKiller instructions weren't all that clear on if I was to run 'Delete' on each tab, or just the one that was hi-lighted(Registry). I just did the Registry...it replaced 3 entries. The Hosts tab had 18 URL's, and the Driver tab had some unknown modules and paths, but I didn't click Delete for those...should I have?
 
RK also made a 'RK_Quarantine' folder on my desktop with 6 files in it. 'Advanced_Start_Show0.reg', ' Eula.txt', 'NewStartPanel_{20D04FE0-0.reg', 'NewStartPanel_{59031a47-0.reg', 'PhysicalDrive0_User.dat', 'QuarantineReport.txt'. The ''QuarantineReport.txt' just lists 3 time stamps.
 
Let me know if you need anything else.
 
Thanks!


Edited by boopme, 12 June 2013 - 04:08 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 12 June 2013 - 09:01 PM


Hello tkmops

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 13 June 2013 - 12:19 PM

Gringo,
Thanks for the swift response. Here's the ComboFix log:
 
ComboFix 13-06-12.02 - Tod 06/13/2013   8:53.4.2 - x86
Running from: c:\users\Tod\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Titanium *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\index.htm
c:\users\Tod\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
c:\users\Tod\AppData\Roaming\inst.exe
c:\users\Tod\AppData\Roaming\Microsoft\~DFK14926f7.tmp
c:\users\Tod\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Tod\AppData\Roaming\Microsoft\bass.dll
c:\users\Tod\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Tod\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Tod\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Tod\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Tod\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Tod\AppData\Roaming\mIRC\logs\status.log
c:\windows\system\msvbvm60.dll
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\service
c:\windows\system32\service\01122009_TIS17_SfFniAU.log
c:\windows\system32\service\02012010_TIS17_SfFniAU.log
c:\windows\system32\service\05122009_TIS17_SfFniAU.log
c:\windows\system32\service\10122009_TIS17_SfFniAU.log
c:\windows\system32\service\12122009_TIS17_SfFniAU.log
c:\windows\system32\service\16122009_TIS17_SfFniAU.log
c:\windows\system32\service\22122009_TIS17_SfFniAU.log
c:\windows\system32\service\24122009_TIS17_SfFniAU.log
c:\windows\system32\service\25122009_TIS17_SfFniAU.log
c:\windows\system32\service\28112009_TIS17_SfFniAU.log
c:\windows\system32\service\29102010_TIS17_SfFniAU.log
c:\windows\system32\service\29122009_TIS17_SfFniAU.log
c:\windows\system32\service\30122009_TIS17_SfFniAU.log
H:\Autorun.inf
H:\Setup.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-13 to 2013-06-13  )))))))))))))))))))))))))))))))
.
.
2013-06-13 16:00 . 2013-06-13 16:07 -------- d-----w- c:\users\Tod\AppData\Local\temp
2013-06-13 16:00 . 2013-06-13 16:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-06-13 16:00 . 2013-06-13 16:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-06-13 16:00 . 2013-06-13 16:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 08:53 . 2013-06-13 09:34 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{739A1294-1807-424A-B701-35A01840C467}\offreg.dll
2013-06-11 08:33 . 2013-05-14 08:49 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{739A1294-1807-424A-B701-35A01840C467}\mpengine.dll
2013-06-11 02:52 . 2013-06-11 02:55 -------- d-----w- c:\program files\Startup Optimizer
2013-06-03 01:48 . 2013-06-03 01:48 -------- d-----w- c:\users\Tod\AppData\Local\VS Revo Group
2013-06-03 01:48 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-06-03 01:48 . 2013-06-03 01:48 -------- d-----w- c:\program files\VS Revo Group
2013-06-02 20:18 . 2013-06-02 20:19 -------- d-----w- c:\users\Tod\.idlerc
2013-05-19 05:03 . 2013-05-27 01:33 -------- d-----w- c:\users\Standard
2013-05-18 23:39 . 2013-05-18 23:39 25600 ----a-r- c:\users\Tod\AppData\Roaming\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe
2013-05-18 23:38 . 2013-05-18 23:39 -------- d-----w- C:\Python26
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 10:51 . 2012-04-02 23:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 10:51 . 2011-05-17 03:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 09:06 . 2009-10-03 04:35 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-01 09:40 . 2013-04-01 09:40 94208 ----a-w- c:\windows\system32\udefrag.exe
2013-04-01 09:40 . 2013-04-01 09:40 14336 ----a-w- c:\windows\system32\hibernate4win.exe
2013-04-01 09:40 . 2013-04-01 09:40 13824 ----a-w- c:\windows\system32\bootexctrl.exe
2013-04-01 09:40 . 2013-04-01 09:40 33792 ----a-w- c:\windows\system32\wgx.dll
2013-04-01 09:40 . 2013-04-01 09:40 125440 ----a-w- c:\windows\system32\lua5.1a.dll
2013-04-01 09:39 . 2013-04-01 09:39 416256 ----a-w- c:\windows\system32\defrag_native.exe
2013-04-01 09:39 . 2013-04-01 09:39 69120 ----a-w- c:\windows\system32\udefrag.dll
2013-04-01 09:39 . 2013-04-01 09:39 343552 ----a-w- c:\windows\system32\zenwinx.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-25 1374864]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-04 132920]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk /r \??\G:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Tod^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JDownloader.lnk]
backup=c:\windows\pss\JDownloader.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-08-26 09:18 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 04:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 16:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 19:41 196608 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 13:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-28 00:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 18:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 21:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-07-06 21:22 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 09:56 54936 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-03 13:15 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-05 03:27 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:51]
.
2012-04-02 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df.exe [2013-04-19 12:43]
.
2013-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-07 04:05]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd620d10d0ceb2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 01:35]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 01:35]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210141267-392818972-1597502250-1000Core.job
- c:\users\Tod\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-03 01:09]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210141267-392818972-1597502250-1000UA.job
- c:\users\Tod\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-03 01:09]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
IE: Download all by NetXfer - c:\program files\Xi\NetXfer\NXAddList.html
IE: Download by NetXfer - c:\program files\Xi\NetXfer\NXAddLink.html
Trusted Zone: live.com\onecare
TCP: DhcpNameServer = 192.168.15.1
.
- - - - ORPHANS REMOVED - - - -
.
c:\users\Tod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Computer - Shortcut.lnk - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-HijackThis - i:\my download files\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-13 09:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4210141267-392818972-1597502250-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*(Π4]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-4210141267-392818972-1597502250-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*(Π4\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(556)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\program files\Trend Micro\AMSP\AMSP_LogServer.exe
c:\windows\RtHDVCpl.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2013-06-13  09:18:57 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-13 16:18
ComboFix2.txt  2009-07-18 17:51
ComboFix3.txt  2009-07-18 17:28
.
Pre-Run: 280,850,124,800 bytes free
Post-Run: 280,901,513,216 bytes free
.
- - End Of File - - 102F515D954509DB7BB576CBB0056800
8913823FF508CCF109DB74B636C301DA
 
I did have a minor issue In control panel, when I click on 'Change Startup Proggrams', a box with 'Application failed to initalize:0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer, or search Help and support for how to start a service manually.'
But, at the top left of the box it says 'Windows Defender'. When I try to go to Windows Defender, I get the same error msg. I was able start the service in 'Services', and change it from 'Manual' start up to automatic. And I no longer get this error msg. 
 
I've spot-checked around my PC, everything seems to be working OK, except I still have the problem of 'Constant ad.yieldmanager popups on left or right side of window'. Is there anything else you need from me?
Thanks for your help!


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 13 June 2013 - 07:38 PM



Lets run this and see if it will shed some light

Please download http://www.bleepingcomputer.com/download/minitoolbox/dl/65/ MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS

Report IE Proxy Settings

Reset IE Proxy Settings

Report FF Proxy Settings

Reset FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices

List Users, Partitions and Memory size.

List Minidump Files



Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 14 June 2013 - 04:19 PM

OK, ran the MiniToolBox, here's the log:

MiniToolBox by Farbar  Version:21-04-2013
Ran by Tod (administrator) on 14-06-2013 at 14:15:31
Running from "Q:\My download files\MiniToolBox"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Tod-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : commspeed.net
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : commspeed.net
   Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet 
   Physical Address. . . . . . . . . : 00-1F-C6-6F-18-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e828:f4bc:4597:3bd7%8(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 14, 2013 8:41:42 AM
   Lease Expires . . . . . . . . . . : Saturday, June 15, 2013 8:41:42 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 201333756
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-65-B5-60-00-1F-C6-6F-18-41
   DNS Servers . . . . . . . . . . . : 192.168.15.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 7:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:304e:2196:b532:3e28(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::304e:2196:b532:3e28%9(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : commspeed.net
   Description . . . . . . . . . . . : isatap.commspeed.net
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  mywimax
Address:  192.168.15.1
 
Name:    google.com
Addresses:  2404:6800:4005:c00::71
 74.125.128.139
 74.125.128.101
 74.125.128.113
 74.125.128.100
 74.125.128.138
 74.125.128.102
 
 
 
Pinging google.com [74.125.128.102] with 32 bytes of data:
 
Reply from 74.125.128.102: bytes=32 time=289ms TTL=43
 
Reply from 74.125.128.102: bytes=32 time=238ms TTL=43
 
 
 
Ping statistics for 74.125.128.102:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 238ms, Maximum = 289ms, Average = 263ms
 
Server:  mywimax
Address:  192.168.15.1
 
Name:    yahoo.com
Addresses:  98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
Reply from 206.190.36.45: bytes=32 time=126ms TTL=51
 
Reply from 206.190.36.45: bytes=32 time=141ms TTL=51
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 126ms, Maximum = 141ms, Average = 133ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
  8 ...00 1f c6 6f 18 41 ...... NVIDIA nForce 10/100 Mbps Ethernet 
  1 ........................... Software Loopback Interface 1
  9 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 13 ...00 00 00 00 00 00 00 e0  isatap.commspeed.net
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.100     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.100    276
    192.168.1.100  255.255.255.255         On-link     192.168.1.100    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.100    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.100    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.100    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9     18 ::/0                     On-link
  1    306 ::1/128                  On-link
  9     18 2001::/32                On-link
  9    266 2001:0:9d38:953c:304e:2196:b532:3e28/128
                                    On-link
  8    276 fe80::/64                On-link
  9    266 fe80::/64                On-link
  9    266 fe80::304e:2196:b532:3e28/128
                                    On-link
  8    276 fe80::e828:f4bc:4597:3bd7/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    266 ff00::/8                 On-link
  8    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:55 AM) (Source: Windows Search Service) (User: )
Description: The gatherer is unable to read the registry DocIdMapFile.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The system cannot find the file specified.   (0x80070002)
 
Error: (06/14/2013 01:47:43 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 01:47:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:44:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:43:43 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {67e4a431-45c0-46b9-8c36-69eaf0de226c}
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+) (User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+) (User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+) (User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
 
System errors:
=============
Error: (06/14/2013 08:46:16 AM) (Source: DCOM) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding5{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
 
Error: (06/14/2013 08:45:23 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (06/14/2013 08:45:23 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (06/14/2013 08:43:19 AM) (Source: Service Control Manager) (User: )
Description: Windows Search1300001Restart the service
 
Error: (06/14/2013 08:43:19 AM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (06/14/2013 08:42:26 AM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)
 
Error: (06/14/2013 08:42:26 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (06/14/2013 08:41:55 AM) (Source: DCOM) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exe -Embedding5{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
 
Error: (06/14/2013 08:41:42 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:45:25 AM on 6/14/2013 was unexpected.
 
Error: (06/14/2013 01:01:08 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
Microsoft Office Sessions:
=========================
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:55 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The system cannot find the file specified.   (0x80070002)
DocIdMapFile
 
Error: (06/14/2013 01:47:43 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 01:47:39 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:44:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:43:43 PM) (Source: VSS)(User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {67e4a431-45c0-46b9-8c36-69eaf0de226c}
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+)(User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+)(User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+)(User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-27 18:21:19.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-27 18:20:27.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-27 18:19:33.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-27 18:18:14.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-01 17:53:50.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-10 14:18:11.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-09 09:32:21.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-06 17:34:34.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-05 10:55:42.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-04 18:22:30.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 1.8.2)
32 Bit HP CIO Components Installer (Version: 2.1.4)
7-Zip 9.20
AC3Filter 1.61b (Version: 1.61b)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advanced File Organizer 3.01 (Version: 3.01)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Audacity 2.0
Auto Gordian Knot 2.45 (Version: 2.45)
AVGo Media Recorder 1.10
AviSynth 2.5
BufferChm (Version: 110.0.180.000)
C6300 (Version: 110.0.218.000)
C6300_Help (Version: 110.0.218.000)
Canon Inkjet Printer Driver Add-On Module
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (Version: 4.02)
CD Audio Reader Filter (remove only)
Core Temp 1.0 RC2 (Version: 1.0)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink BD_3D Advisor 2.0 (Version: 2.0.4919)
CyberLink PowerDVD 10 (Version: 10.0.2113)
CyberLink PowerDVD 9 (Version: 9.0.1501)
Defraggler (Version: 2.14)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DirectVobSub (remove only)
DiskCheckup V2.1 (Version: 2.1)
DocProc (Version: 11.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DScaler 5 Mpeg Decoders
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 7.0.8.2 (17/07/2010)
Easy Thumbnails (Remove only) (Version: 3.0)
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Free Ape Player 1.5.1
Free Opener (Version: 1.0)
Free Window Registry Repair
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Talk Plugin (Version: 4.0.1.13525)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
GPBaseService (Version: 110.0.180.000)
Haali Media Splitter
HandBrake 0.9.5 (Version: 0.9.5)
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.2.0.2296)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 11.0 (Version: 11.0)
HP Easy Setup - Frontend (Version: 5.2.0.2304)
HP Imaging Device Functions 11.0 (Version: 11.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4 (Version: 11.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Smart Web Printing (Version: 4.0)
HP Solution Center 11.0 (Version: 11.0)
HP Total Care Advisor (Version: 1.2.13)
HP Update (Version: 4.000.012.001)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 110.0.180.000)
HPSSupply (Version: 110.0.180.000)
IrfanView (remove only) (Version: 4.28)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JDownloader
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
KVIrc
LAME v3.99.3 (for Windows)
LightScribe  1.6.45.1 (Version: 1.6.45.1)
LView Pro Full Version
Magic M4A to MP3 Converter 3.1
MakeMKV v1.4.9_beta (Version: v1.4.9_beta)
MarketResearch (Version: 110.0.180.000)
Media Player Classic
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Chat 2.5
Microsoft Office Home and Student 60 day trial
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
MKV TO AVI CONVERTER version 3.1
mkv2vob (Version: 2.1.2)
MKVToolNix 5.8.0 (Version: 5.8.0)
MONOGRAM AMR Splitter/Decoder (remove only)
Movkit Batch Video Converter 2.5
Mozilla Maintenance Service (Version: 18.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPCMPQ1804)
Nero 7 Essentials (Version: 7.03.1357)
neroxml (Version: 1.0.0)
Network (Version: 110.0.180.000)
NetWorx 5.2.2
NetXfer 2.84.456
NetXfer 2.92.540
NVIDIA 3D Vision Driver 306.97 (Version: 306.97)
NVIDIA Control Panel 306.97 (Version: 306.97)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 306.97 (Version: 306.97)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0697)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OCR Software by I.R.I.S. 11.0 (Version: 11.0)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PanoStandAlone (Version: 110.0.180.000)
PFPortChecker 1.0.36 (Version: 1.0.36)
PMB (Version: 5.5.02.12220)
PS_AIO_04_C6300_ProductContext (Version: 110.0.218.000)
PS_AIO_04_C6300_Software (Version: 110.0.218.000)
PS_AIO_04_C6300_Software_Min (Version: 110.0.218.000)
PSSWCORE (Version: 2.03.0000)
PVSonyDll (Version: 1.00.0001)
Python 2.5 (Version: 2.5.150)
Python 2.6 (Version: 2.6.150)
QuickTime (Version: 7.68.75.0)
QuickTime 3.0
RealMedia (remove only)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
River Past Video Cleaner (Version: 7.6.6)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.572)
Scan (Version: 11.0.0.0)
Shop for HP Supplies (Version: 11.0)
SHOUTcast Source (remove only)
SmartWebPrinting (Version: 110.0.182.000)
Snapfish Picture Mover (Version: 1.9.0.16)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 110.0.180.000)
SolveigMM Video Splitter (Version: 2.1.905.18)
Startup Optimizer 1.6
Status (Version: 110.0.180.000)
Stereoscopic Player (Version: 1.6.6)
Toolbar Uninstaller 1.0.0.1
Toolbox (Version: 110.0.180.000)
TrayApp (Version: 110.0.180.000)
Trend Micro Titanium (Version: 6.0)
Trend Micro Titanium (Version: 6.00)
Ultra Defragmenter (Version: 6.0.1)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VideoToolkit01 (Version: 110.0.171.000)
VLC media player 2.0.4 (Version: 2.0.4)
VobSub v2.23 (Remove Only)
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 110.0.180.000)
Windows Installer Clean Up (Version: 3.00.00.0000)
WinPcap 4.0.2 (Version: 4.0.0.1040)
XviD4PSP 5.0 (Version: 5.0.37.8 r132)
Yahoo! Search Protection
Yahoo! Software Update
Zoom Player (remove only)
ZSoft Uninstaller 2.4.1 (Version: 2.4.1)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 58%
Total physical RAM: 3069.82 MB
Available physical RAM: 1286.17 MB
Total Pagefile: 9117.89 MB
Available Pagefile: 7037.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.86 MB
 
========================= Partitions: =====================================
 
1 Drive c: (HP C) (Fixed) (Total:363.75 GB) (Free:263.14 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:0.99 GB) NTFS
5 Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:38.66 GB) NTFS
7 Drive k: (My Book) (Fixed) (Total:1862.98 GB) (Free:490.86 GB) NTFS
12 Drive p: () (Fixed) (Total:931.51 GB) (Free:82.27 GB) NTFS
13 Drive q: (My Book) (Fixed) (Total:1862.98 GB) (Free:678.6 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\TOD-PC
 
Administrator            Guest                    Standard                 
Tod                      UpdatusUser              
 
========================= Minidump Files ==================================
 
No minidump file found
 
 
**** End of log ****


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 14 June 2013 - 06:01 PM


Hello tkmops



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 15 June 2013 - 05:04 PM

My Trend Anti-Virus blocked the running of 'FRST.exe'...is it safe to unblock?



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 15 June 2013 - 06:09 PM

yes it is safe to unblock

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 15 June 2013 - 09:45 PM

Ran the Farbar Recovery Scan Tool, and it came up with 'Your version of FRST is outdated, you should download the latest version. I clicked 'YES', and IE opened up(I normally don't use IE, I use Chrome) to Bleepingcoumputer.com with no download link in sight. 
 
Then an error box popped up:
Autolt Error:Line 7605 (File "Q:\My download files\BleepingComputer\Fabar Recovery Scan Tool\FRST.exe):Error:The requested action with this object has failed.
 
When I searched Bleepingcomputer.com for the  Farbar Recovery Scan Tool download, I couldn't find it, I searched elsewhere and downloaded a new version, and ran it.
 
Here's the log:
 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-06-2013
Ran by Tod (administrator) on 15-06-2013 19:22:43
Running from Q:\My download files\Bleeping Computer\Farbar Recovery Scan Tool
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Could not list processes ===============
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1374864 2012-07-25] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [132920 2013-02-04] (Trend Micro Inc.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [81920 2008-03-13] (Hewlett-Packard)
HKLM\...\Run: [StereoLinksInstall] "C:\Program Files\NVIDIA Corporation\3D Vision\nvstlink.exe" /install1 [1041696 2013-01-18] (NVIDIA Corporation)
HKLM\...\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe [44168 2007-04-03] (soft thinks)
HKCU\...\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-03] (Yahoo! Inc)
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [152872 2008-01-22] (Nero AG)
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1233920 2009-04-10] (Microsoft Corporation)
HKCU\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [399736 2011-03-28] (BitTorrent, Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-06-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-06-01] (Hewlett-Packard)
HKU\Standard\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [ 2007-06-01] (Hewlett-Packard)
BootExecute: autocheck autochk /r \??\G:autocheck autochk * 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {460E6B86-2606-429B-87A4-5107A32EC275} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
HKCU SearchScopes: DefaultScope {8EC798F3-BDA5-4C4F-BC6E-1B3ECE6E0C74} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {0ADBBCD7-2207-4AF6-B30E-FB5DCE5F6F25} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {460E6B86-2606-429B-87A4-5107A32EC275} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {8EC798F3-BDA5-4C4F-BC6E-1B3ECE6E0C74} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {92F9FBB1-8669-435D-BB1E-3245661BA2F9} URL = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKCU - {B2633AD7-AB19-4EE9-A445-14651320F419} URL = http://delicious.com/search?p={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
BHO: TSToolbarBHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: NXIECatcher Class - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
BHO: No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKLM - NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
Toolbar: HKLM - &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll (SoftPerfect Research)
Toolbar: HKLM - Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
 
FireFox:
========
FF ProfilePath: C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\firefox-support@vworldc.com
FF Extension: Ghostery - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\firefox@ghostery.com
FF Extension: HTTPS-Everywhere - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\https-everywhere@eff.org
FF Extension: TACO with Abine - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\optout@dubfire.net
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Flash and Video Download - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: User Agent Switcher - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF Extension: No Name - C:\Users\Tod\AppData\Roaming\Mozilla\Firefox\Profiles\ae00byqf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
 
Chrome: 
=======
CHR RestoreOnStartup: "hxxp://google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Trend Micro Titanium) - C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.0.0.1318_0\npToolbarChrome.dll (Trend Micro Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (HTTPS Everywhere) - C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.6.4_0
CHR Extension: (TrendMicro Toolbar) - C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.0.0.1318_0
CHR Extension: (NotScripts) - C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0
 
========================== Services (Whitelisted) =================
 
S2 gupdate1ca2f5b7fbc85a7; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-09-06] (Google Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-11-22] (Malwarebytes Corporation)
S3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [27136 2009-09-30] (NCH Swift Sound)
S3 NPF; C:\Windows\System32\drivers\npf.sys [34064 2007-11-06] (CACE Technologies)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [96248 2012-12-21] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [258976 2012-12-21] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC32.sys [38328 2012-08-24] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [83256 2012-12-07] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76648 2012-12-21] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171064 2012-07-05] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92304 2012-05-02] (Trend Micro Inc.)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-08-26] (CyberLink Corp.)
S3 ALSysIO; \??\C:\Users\Tod\AppData\Local\Temp\ALSysIO.sys [x]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 TMAgent; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-15 19:22 - 2013-06-15 19:22 - 00000000 ____D C:\FRST
2013-06-15 15:23 - 2013-06-15 15:23 - 00001349 ____A C:\Users\Tod\Desktop\CommSpeed Torrent daily useage totals.rtf - Shortcut.lnk
2013-06-14 19:17 - 2013-06-14 19:17 - 00000000 ____A C:\Windows\setuperr.log
2013-06-14 19:17 - 2013-06-14 19:17 - 00000000 ____A C:\Windows\setupact.log
2013-06-14 12:22 - 2013-06-14 12:22 - 00000657 ____A C:\Users\Tod\Desktop\Scam phone numbers.rtf - Shortcut.lnk
2013-06-13 09:19 - 2013-06-13 09:19 - 00015669 ____A C:\ComboFix.txt
2013-06-13 08:50 - 2010-11-07 10:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-13 08:36 - 2013-06-13 08:36 - 00000505 ____A C:\Users\Tod\Desktop\StartUp Programs - Shortcut.lnk
2013-06-12 10:24 - 2013-06-12 10:25 - 00004891 ____A C:\AdwCleaner[S1].txt
2013-06-10 19:52 - 2013-06-10 19:55 - 00000000 ____D C:\Program Files\Startup Optimizer
2013-06-10 19:52 - 2013-06-10 19:52 - 00000801 ____A C:\Users\UpdatusUser\Desktop\Startup Optimizer.lnk
2013-06-10 19:52 - 2013-06-10 19:52 - 00000801 ____A C:\Users\Standard\Desktop\Startup Optimizer.lnk
2013-06-10 19:51 - 2013-06-10 19:52 - 01147120 ____A (Cyberlion Solutions Inc.                                    ) C:\Users\Tod\Downloads\StartOpt.exe
2013-06-02 18:48 - 2013-06-02 18:48 - 00000000 ____D C:\Users\Tod\AppData\Local\VS Revo Group
2013-06-02 18:48 - 2013-06-02 18:48 - 00000000 ____D C:\Program Files\VS Revo Group
2013-06-02 18:48 - 2009-12-30 11:21 - 00027192 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2013-06-02 13:18 - 2013-06-02 13:19 - 00000000 ____D C:\Users\Tod\.idlerc
2013-06-02 11:54 - 2013-06-02 11:54 - 00001438 ____A C:\Users\Tod\Documents\adults only portal .htm
2013-05-30 22:48 - 2013-05-30 22:52 - 21289608 ____A (Mozilla) C:\Users\Tod\Downloads\Firefox Setup 21.0.exe
2013-05-20 13:44 - 2013-05-20 13:44 - 00000666 ____A C:\Users\Tod\Desktop\thomas lease addendum.rtf - Shortcut.lnk
2013-05-18 22:05 - 2013-05-18 22:05 - 00001151 ____A C:\Users\Standard\Desktop\Trend Micro Titanium.lnk
2013-05-18 22:03 - 2013-05-26 18:33 - 00000000 ____D C:\users\Standard
2013-05-18 22:03 - 2013-05-18 22:03 - 00000020 __ASH C:\Users\Standard\ntuser.ini
2013-05-18 22:03 - 2013-05-18 22:03 - 00000000 ____D C:\Users\Standard\AppData\Local\VirtualStore
2013-05-18 22:03 - 2013-03-22 06:02 - 00000000 ____D C:\Users\Standard\AppData\LocalGoogle
2013-05-18 22:03 - 2013-03-22 06:02 - 00000000 ____D C:\Users\Standard\AppData\Local\Google
2013-05-18 16:38 - 2013-05-18 16:39 - 00000000 ____D C:\Python26
2013-05-16 16:16 - 2013-05-05 22:24 - 06013440 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 16:16 - 2013-05-05 12:58 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 16:16 - 2013-04-15 07:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-16 16:16 - 2013-04-13 03:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-16 16:16 - 2013-04-08 18:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-16 16:16 - 2013-04-04 03:10 - 01212928 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 16:16 - 2013-04-04 03:10 - 00916480 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 16:16 - 2013-04-04 03:10 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 16:16 - 2013-04-04 03:08 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-05-16 16:16 - 2013-04-04 03:06 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2013-05-16 16:16 - 2013-04-04 03:05 - 00630272 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 16:16 - 2013-04-04 03:05 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 16:16 - 2013-04-04 03:05 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 02004992 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 16:16 - 2013-04-04 03:04 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-05-16 16:16 - 2013-04-04 03:04 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 16:16 - 2013-04-04 01:23 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-05-16 16:16 - 2013-04-03 23:43 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 16:16 - 2013-04-03 23:42 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-16 16:16 - 2013-04-03 23:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
 
==================== One Month Modified Files and Folders ========
 
2013-06-15 19:25 - 2009-04-01 21:03 - 00000000 ____D C:\Users\Tod\AppData\Roaming\uTorrent
2013-06-15 19:23 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\tracing
2013-06-15 19:22 - 2013-06-15 19:22 - 00000000 ____D C:\FRST
2013-06-15 19:22 - 2012-07-14 15:07 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd620d10d0ceb2.job
2013-06-15 19:22 - 2009-09-06 18:38 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-15 19:18 - 2009-12-02 18:09 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210141267-392818972-1597502250-1000UA.job
2013-06-15 19:02 - 2006-11-02 05:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-15 19:02 - 2006-11-02 05:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-15 18:51 - 2012-04-02 16:20 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-15 17:41 - 2009-04-01 16:48 - 02018361 ____A C:\Windows\WindowsUpdate.log
2013-06-15 15:23 - 2013-06-15 15:23 - 00001349 ____A C:\Users\Tod\Desktop\CommSpeed Torrent daily useage totals.rtf - Shortcut.lnk
2013-06-15 10:50 - 2009-09-06 18:19 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2013-06-15 02:18 - 2009-12-02 18:09 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4210141267-392818972-1597502250-1000Core.job
2013-06-14 22:35 - 2009-07-25 08:57 - 00000000 ____D C:\Users\Tod\AppData\Roaming\vlc
2013-06-14 22:25 - 2009-07-17 09:11 - 00000052 ____A C:\Windows\System32\DOErrors.log
2013-06-14 22:15 - 2006-11-02 03:33 - 00736622 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 21:41 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-14 19:29 - 2009-04-01 18:20 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-14 19:28 - 2010-03-14 09:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-06-14 19:17 - 2013-06-14 19:17 - 00000000 ____A C:\Windows\setuperr.log
2013-06-14 19:17 - 2013-06-14 19:17 - 00000000 ____A C:\Windows\setupact.log
2013-06-14 18:59 - 2007-08-22 10:44 - 00000000 ____D C:\Windows\SMINST
2013-06-14 18:57 - 2009-11-04 14:40 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-06-14 18:56 - 2006-11-02 06:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-14 12:22 - 2013-06-14 12:22 - 00000657 ____A C:\Users\Tod\Desktop\Scam phone numbers.rtf - Shortcut.lnk
2013-06-14 11:26 - 2009-04-18 20:45 - 00038460 ____A C:\Users\Tod\AppData\Roaming\wklnhst.dat
2013-06-13 20:34 - 2009-12-19 11:43 - 00000000 ____D C:\Program Files\CCleaner
2013-06-13 15:54 - 2009-04-01 17:23 - 00056832 ____A C:\Users\Tod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-13 09:25 - 2006-11-02 06:01 - 00032610 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 09:19 - 2013-06-13 09:19 - 00015669 ____A C:\ComboFix.txt
2013-06-13 09:19 - 2009-07-13 00:20 - 00000000 ___AD C:\Qoobox
2013-06-13 09:19 - 2006-11-02 04:18 - 00000000 ___RD C:\users\Public
2013-06-13 09:14 - 2009-07-13 00:24 - 00000000 ____D C:\Windows\ERDNT
2013-06-13 09:06 - 2006-11-02 03:23 - 00000215 ____A C:\Windows\system.ini
2013-06-13 09:01 - 2006-11-02 03:22 - 51118080 ____A C:\Windows\System32\config\software.bak
2013-06-13 09:01 - 2006-11-02 03:22 - 36962304 ____A C:\Windows\System32\config\COMPON~3.bak
2013-06-13 09:01 - 2006-11-02 03:22 - 21233664 ____A C:\Windows\System32\config\system.bak
2013-06-13 09:01 - 2006-11-02 03:22 - 03670016 ____A C:\Windows\System32\config\default.bak
2013-06-13 09:01 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\security.bak
2013-06-13 09:01 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\sam.bak
2013-06-13 08:58 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system
2013-06-13 08:36 - 2013-06-13 08:36 - 00000505 ____A C:\Users\Tod\Desktop\StartUp Programs - Shortcut.lnk
2013-06-12 10:25 - 2013-06-12 10:24 - 00004891 ____A C:\AdwCleaner[S1].txt
2013-06-12 03:51 - 2012-04-02 16:20 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 03:51 - 2011-05-16 20:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-10 19:55 - 2013-06-10 19:52 - 00000000 ____D C:\Program Files\Startup Optimizer
2013-06-10 19:52 - 2013-06-10 19:52 - 00000801 ____A C:\Users\UpdatusUser\Desktop\Startup Optimizer.lnk
2013-06-10 19:52 - 2013-06-10 19:52 - 00000801 ____A C:\Users\Standard\Desktop\Startup Optimizer.lnk
2013-06-10 19:52 - 2013-06-10 19:51 - 01147120 ____A (Cyberlion Solutions Inc.                                    ) C:\Users\Tod\Downloads\StartOpt.exe
2013-06-06 17:20 - 2009-12-03 22:45 - 00000000 ____D C:\Users\Tod\AppData\Roaming\Mozilla
2013-06-03 22:38 - 2009-09-06 18:35 - 00000000 ____D C:\Users\Tod\AppData\Local\Google
2013-06-03 22:37 - 2009-09-06 18:19 - 00000000 ____D C:\Program Files\Google
2013-06-03 22:11 - 2010-06-15 03:18 - 00000000 ____D C:\Users\Tod\AppData\Roaming\Abine
2013-06-02 18:48 - 2013-06-02 18:48 - 00000000 ____D C:\Users\Tod\AppData\Local\VS Revo Group
2013-06-02 18:48 - 2013-06-02 18:48 - 00000000 ____D C:\Program Files\VS Revo Group
2013-06-02 13:19 - 2013-06-02 13:18 - 00000000 ____D C:\Users\Tod\.idlerc
2013-06-02 13:18 - 2009-04-01 16:59 - 00000000 ____D C:\users\Tod
2013-06-02 11:54 - 2013-06-02 11:54 - 00001438 ____A C:\Users\Tod\Documents\adults only portal .htm
2013-06-01 13:38 - 2006-11-02 05:47 - 00333544 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-31 06:31 - 2011-08-05 23:26 - 00000000 ____D C:\Users\Tod\.gimp-2.6
2013-05-31 06:28 - 2011-08-05 23:35 - 00000000 ____D C:\Users\Tod\AppData\Roaming\gtk-2.0
2013-05-30 22:52 - 2013-05-30 22:48 - 21289608 ____A (Mozilla) C:\Users\Tod\Downloads\Firefox Setup 21.0.exe
2013-05-26 18:33 - 2013-05-18 22:03 - 00000000 ____D C:\users\Standard
2013-05-26 18:33 - 2011-04-07 12:59 - 00000000 ____D C:\Users\Tod\AppData\Roaming\IrfanView
2013-05-26 18:33 - 2009-06-06 15:34 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-05-26 18:33 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-26 18:33 - 2006-11-02 03:22 - 51118080 ____A C:\Windows\System32\config\software_previous
2013-05-26 18:33 - 2006-11-02 03:22 - 21233664 ____A C:\Windows\System32\config\system_previous
2013-05-26 18:32 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\registration
2013-05-26 18:25 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-05-26 18:25 - 2006-11-02 03:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-05-26 17:20 - 2006-11-02 03:22 - 36962304 ____A C:\Windows\System32\config\components_previous
2013-05-26 17:19 - 2006-11-02 03:22 - 03670016 ____A C:\Windows\System32\config\default_previous
2013-05-25 20:26 - 2010-11-20 11:18 - 00000000 ____D C:\Program Files\JDownloader
2013-05-23 18:08 - 2007-08-22 10:30 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-22 17:27 - 2009-08-26 00:48 - 00000000 ____D C:\Users\Tod\AppData\Roaming\Media Player Classic
2013-05-20 13:44 - 2013-05-20 13:44 - 00000666 ____A C:\Users\Tod\Desktop\thomas lease addendum.rtf - Shortcut.lnk
2013-05-18 22:05 - 2013-05-18 22:05 - 00001151 ____A C:\Users\Standard\Desktop\Trend Micro Titanium.lnk
2013-05-18 22:03 - 2013-05-18 22:03 - 00000020 __ASH C:\Users\Standard\ntuser.ini
2013-05-18 22:03 - 2013-05-18 22:03 - 00000000 ____D C:\Users\Standard\AppData\Local\VirtualStore
2013-05-18 16:39 - 2013-05-18 16:38 - 00000000 ____D C:\Python26
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-15 19:14
 
==================== End Of Log ============================
 
Here's the Additional log:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-06-2013
Ran by Tod at 2013-06-15 19:25:31 Run:
Running from Q:\My download files\Bleeping Computer\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
µTorrent (Version: 1.8.2)
32 Bit HP CIO Components Installer (Version: 2.1.4)
7-Zip 9.20
AC3Filter 1.61b (Version: 1.61b)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advanced File Organizer 3.01 (Version: 3.01)
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Audacity 2.0
Auto Gordian Knot 2.45 (Version: 2.45)
AVGo Media Recorder 1.10
AviSynth 2.5
BufferChm (Version: 110.0.180.000)
C6300 (Version: 110.0.218.000)
C6300_Help (Version: 110.0.218.000)
Canon Inkjet Printer Driver Add-On Module
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (Version: 4.02)
CD Audio Reader Filter (remove only)
Core Temp 1.0 RC2 (Version: 1.0)
CustomerResearchQFolder (Version: 1.00.0000)
CyberLink BD_3D Advisor 2.0 (Version: 2.0.4919)
CyberLink PowerDVD 10 (Version: 10.0.2113)
CyberLink PowerDVD 9 (Version: 9.0.1501)
Defraggler (Version: 2.14)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DirectVobSub (remove only)
DiskCheckup V2.1 (Version: 2.1)
DocProc (Version: 11.0.0.0)
DocProcQFolder (Version: 1.00.0000)
DScaler 5 Mpeg Decoders
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 7.0.8.2 (17/07/2010)
Easy Thumbnails (Remove only) (Version: 3.0)
Enhanced Multimedia Keyboard Solution
eSupportQFolder (Version: 1.00.0000)
ffdshow [rev 2527] [2008-12-19] (Version: 1.0)
Free Ape Player 1.5.1
Free Opener (Version: 1.0)
Free Window Registry Repair
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Talk Plugin (Version: 4.0.1.13525)
Google Update Helper (Version: 1.3.21.145)
Google Updater (Version: 2.4.2432.1652)
GPBaseService (Version: 110.0.180.000)
Haali Media Splitter
HandBrake 0.9.5 (Version: 0.9.5)
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.2.0.2296)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 11.0 (Version: 11.0)
HP Easy Setup - Frontend (Version: 5.2.0.2304)
HP Imaging Device Functions 11.0 (Version: 11.0)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4 (Version: 11.0)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Photosmart Essential 3.0 (Version: 3.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Smart Web Printing (Version: 4.0)
HP Solution Center 11.0 (Version: 11.0)
HP Total Care Advisor (Version: 1.2.13)
HP Update (Version: 4.000.012.001)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 110.0.180.000)
HPSSupply (Version: 110.0.180.000)
IrfanView (remove only) (Version: 4.28)
Java 7 Update 10 (Version: 7.0.100)
Java Auto Updater (Version: 2.1.9.0)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
JDownloader
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
KVIrc
LAME v3.99.3 (for Windows)
LightScribe  1.6.45.1 (Version: 1.6.45.1)
LView Pro Full Version
Magic M4A to MP3 Converter 3.1
MakeMKV v1.4.9_beta (Version: v1.4.9_beta)
MarketResearch (Version: 110.0.180.000)
Media Player Classic
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Chat 2.5
Microsoft Office Home and Student 60 day trial
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
MKV TO AVI CONVERTER version 3.1
mkv2vob (Version: 2.1.2)
MKVToolNix 5.8.0 (Version: 5.8.0)
MONOGRAM AMR Splitter/Decoder (remove only)
Movkit Batch Video Converter 2.5
Mozilla Maintenance Service (Version: 18.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPCMPQ1804)
Nero 7 Essentials (Version: 7.03.1357)
neroxml (Version: 1.0.0)
Network (Version: 110.0.180.000)
NetWorx 5.2.2
NetXfer 2.84.456
NetXfer 2.92.540
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OCR Software by I.R.I.S. 11.0 (Version: 11.0)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PanoStandAlone (Version: 110.0.180.000)
PFPortChecker 1.0.36 (Version: 1.0.36)
PMB (Version: 5.5.02.12220)
PS_AIO_04_C6300_ProductContext (Version: 110.0.218.000)
PS_AIO_04_C6300_Software (Version: 110.0.218.000)
PS_AIO_04_C6300_Software_Min (Version: 110.0.218.000)
PSSWCORE (Version: 2.03.0000)
PVSonyDll (Version: 1.00.0001)
Python 2.5 (Version: 2.5.150)
Python 2.6 (Version: 2.6.150)
QuickTime (Version: 7.68.75.0)
QuickTime 3.0
RealMedia (remove only)
Realtek High Definition Audio Driver (Version: 6.0.1.5789)
Revo Uninstaller Pro 2.5.9 (Version: 2.5.9)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
River Past Video Cleaner (Version: 7.6.6)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.572)
Scan (Version: 11.0.0.0)
Shop for HP Supplies (Version: 11.0)
SHOUTcast Source (remove only)
SmartWebPrinting (Version: 110.0.182.000)
Snapfish Picture Mover (Version: 1.9.0.16)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 110.0.180.000)
SolveigMM Video Splitter (Version: 2.1.905.18)
Startup Optimizer 1.6
Status (Version: 110.0.180.000)
Stereoscopic Player (Version: 1.6.6)
Toolbar Uninstaller 1.0.0.1
Toolbox (Version: 110.0.180.000)
TrayApp (Version: 110.0.180.000)
Trend Micro Titanium (Version: 6.0)
Trend Micro Titanium (Version: 6.00)
Ultra Defragmenter (Version: 6.0.1)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VideoToolkit01 (Version: 110.0.171.000)
VLC media player 2.0.4 (Version: 2.0.4)
VobSub v2.23 (Remove Only)
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 110.0.180.000)
Windows Installer Clean Up (Version: 3.00.00.0000)
WinPcap 4.0.2 (Version: 4.0.0.1040)
XviD4PSP 5.0 (Version: 5.0.37.8 r132)
Yahoo! Search Protection
Yahoo! Software Update
Zoom Player (remove only)
ZSoft Uninstaller 2.4.1 (Version: 2.4.1)
 
==================== Restore Points  =========================
 
Could not list Restore Points.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2013 07:13:42 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 07:13:04 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:55 AM) (Source: Windows Search Service) (User: )
Description: The gatherer is unable to read the registry DocIdMapFile.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The system cannot find the file specified.   (0x80070002)
 
Error: (06/14/2013 01:47:43 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 01:47:39 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:44:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:43:43 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {67e4a431-45c0-46b9-8c36-69eaf0de226c}
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+) (User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
 
System errors:
=============
Error: (06/15/2013 07:22:44 PM) (Source: DCOM) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding5{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
 
Error: (06/15/2013 04:03:21 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume H: were aborted because the shadow copy storage failed to grow.
 
Error: (06/14/2013 11:54:05 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/14/2013 07:25:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x800705b4NVIDIA driver update for NVIDIA GeForce 9600 GT{3C9ADB43-2329-4E61-99E3-03AECF77029B}200
 
Error: (06/14/2013 07:01:58 PM) (Source: DCOM) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding5{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}
 
Error: (06/14/2013 07:01:08 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
 
Error: (06/14/2013 07:01:08 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
 
Error: (06/14/2013 06:59:05 PM) (Source: Service Control Manager) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (06/14/2013 06:58:06 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
 
Error: (06/14/2013 06:57:38 PM) (Source: DCOM) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exe -Embedding5{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
 
 
Microsoft Office Sessions:
=========================
Error: (06/14/2013 07:13:42 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 07:13:04 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:58 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index.   (0x80040d03)
 
Error: (06/14/2013 08:41:55 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The system cannot find the file specified.   (0x80070002)
DocIdMapFile
 
Error: (06/14/2013 01:47:43 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/14/2013 01:47:39 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:44:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
TraverseDir : Unable to FindFirstFile.
 
System Error:
Access is denied.
 
Error: (06/13/2013 08:43:43 PM) (Source: VSS)(User: )
Description: 0x80070005
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {67e4a431-45c0-46b9-8c36-69eaf0de226c}
 
Error: (06/13/2013 08:20:41 AM) (Source: COM+)(User: )
Description: Process Name: dllhost.exe
Error Code = 0x80041015 : 
COM+ Services Internals Information:
File: d:\rtm\com\complus\src\comcat\regdb\regdbapi\regdbapi.cpp, Line: 432
Comsvcs.dll file version:  not loaded
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-04-27 18:21:19.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-27 18:20:27.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-27 18:19:33.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-27 18:18:14.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-04-01 17:53:50.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-10 14:18:11.560
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-09 09:32:21.741
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-06 17:34:34.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-05 10:55:42.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-03-04 18:22:30.502
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\dxgi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 70%
Total physical RAM: 3069.82 MB
Available physical RAM: 919.92 MB
Total Pagefile: 9137.85 MB
Available Pagefile: 5694.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.78 MB
 
==================== Drives ================================
 
Drive c: (HP C) (Fixed) (Total:363.75 GB) (Free:269.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:110.69 GB) NTFS
Drive k: (My Book) (Fixed) (Total:1862.98 GB) (Free:497.76 GB) NTFS
Drive p: () (Fixed) (Total:931.51 GB) (Free:75.56 GB) NTFS
Drive q: (My Book) (Fixed) (Total:1862.98 GB) (Free:635.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 373 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00064002)
Partition 1: (Not Active) - (Size=-198659014656) - (Type=07 NTFS)
 
========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=-198626967040) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 932 GB) (Disk ID: BE771E4C)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 15 June 2013 - 10:07 PM

Hello


In which browser are you getting these popups?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 15 June 2013 - 10:46 PM

I normally use Chrome, but they happen in IE and Firefox also. 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 15 June 2013 - 10:57 PM


Hello tkmops

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.
  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.
restart the computer and check firefox for me now

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 16 June 2013 - 01:01 PM

Gringo,
 
OK, Started Firefox, it wanted me to upgrade to the V21, which I did, then rebooted, Firefox is still having the same issues, as well as IE and Chrome. 
 
I've also noticed that there are 'broken picture place-holder' icons(where a picture should be) on a few sites, and that the sites don't seem to be fully loading....I'm not able to navigate beyound the first page. I've contacted these sites, and they say that their sites are fine, there's no problem on their side.  I could take a screen-print of what I see, but since you don't allow attachments, I don't know how to show it to you.
 
Thanks for all your help so far!!!

:clapping:  :guitar:  :bounce:



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:19 PM

Posted 16 June 2013 - 06:06 PM



Hello tkmops

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tkmops

tkmops
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 16 June 2013 - 09:08 PM

Thanks for the swift response! Here's the OTL log:

OTL logfile created on: 6/16/2013 6:54:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = Q:\My download files\Bleeping Computer\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19437)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.68% Memory free
8.91 Gb Paging File | 6.30 Gb Available in Paging File | 70.75% Paging File free
Paging file location(s): c:\pagefile.sys 6144 8192 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 363.75 Gb Total Space | 272.02 Gb Free Space | 74.78% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 1.28 Gb Free Space | 14.48% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 118.23 Gb Free Space | 6.35% Space Free | Partition Type: NTFS
Drive K: | 1862.98 Gb Total Space | 499.44 Gb Free Space | 26.81% Space Free | Partition Type: NTFS
Drive P: | 931.51 Gb Total Space | 90.44 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive Q: | 1862.98 Gb Total Space | 635.02 Gb Free Space | 34.09% Space Free | Partition Type: NTFS
 
Computer Name: TOD-PC | User Name: Tod | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - Q:\My download files\Bleeping Computer\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Handbrake\Handbrake.exe (HandBrake)
PRC - C:\Program Files\Handbrake\HandBrakeCLI.exe ()
PRC - C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files\KVIrc\kvirc.exe ()
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\WINDOWS\System32\calc.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9eaee4d23dd3ddfafd199b70b21bf781\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2a0bdb3ab5d40efcf07ac933e3b9c8e4\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Trend Micro\Titanium\UIFramework\boost_date_time-vc80-mt-1_49.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll ()
MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll ()
MOD - C:\Users\Tod\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\SystemInfo.dll ()
MOD - C:\Users\Tod\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\CoreTempReader.dll ()
MOD - C:\Users\Tod\AppData\Local\Microsoft\Windows Sidebar\Gadgets\CoreTempGadget2.7.gadget\GetCoreTempInfoNET.dll ()
MOD - C:\Program Files\Handbrake\HandBrakeCLI.exe ()
MOD - C:\Program Files\KVIrc\modules\libkvitrayicon.dll ()
MOD - C:\Program Files\KVIrc\modules\libkvioptions.dll ()
MOD - C:\Program Files\KVIrc\modules\libkvihttp.dll ()
MOD - C:\Program Files\KVIrc\modules\libkvichannelsjoin.dll ()
MOD - C:\Program Files\KVIrc\kvirc.exe ()
MOD - C:\Program Files\KVIrc\libkvilib.dll ()
MOD - C:\Program Files\KVIrc\QtCore4.dll ()
MOD - C:\Program Files\KVIrc\qt-plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\KVIrc\qt-plugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files\KVIrc\qt-plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files\KVIrc\qt-plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\KVIrc\qt-plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\KVIrc\QtGui4.dll ()
MOD - C:\Program Files\KVIrc\libstdc++-6.dll ()
MOD - C:\Program Files\KVIrc\libz-1.dll ()
MOD - C:\Program Files\KVIrc\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\KVIrc\mingwm10.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ALSysIO) -- C:\Users\Tod\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tmcomm) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\WINDOWS\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (tmeevw) -- C:\WINDOWS\System32\drivers\tmeevw.sys (Trend Micro Inc.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (TMEBC) -- C:\WINDOWS\System32\drivers\TMEBC32.sys (Trend Micro Inc.)
DRV - (tmnciesc) -- C:\WINDOWS\System32\drivers\tmnciesc.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\WINDOWS\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (Revoflt) -- C:\WINDOWS\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (NCHSSVAD) -- C:\WINDOWS\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (HSXHWBS2) -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (WDC_SAM) -- C:\WINDOWS\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NPF) -- C:\WINDOWS\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor32) -- C:\WINDOWS\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\WINDOWS\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{38A1515A-9F19-45AD-976D-72BB0029D5AF}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{460E6B86-2606-429B-87A4-5107A32EC275}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes,DefaultScope = {8EC798F3-BDA5-4C4F-BC6E-1B3ECE6E0C74}
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{0ADBBCD7-2207-4AF6-B30E-FB5DCE5F6F25}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{38A1515A-9F19-45AD-976D-72BB0029D5AF}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{460E6B86-2606-429B-87A4-5107A32EC275}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{8EC798F3-BDA5-4C4F-BC6E-1B3ECE6E0C74}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{92F9FBB1-8669-435D-BB1E-3245661BA2F9}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\SearchScopes\{B2633AD7-AB19-4EE9-A445-14651320F419}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-4210141267-392818972-1597502250-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tod\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tod\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/06 15:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1130\7.5.1130\firefoxextension [2013/05/26 17:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2012/11/29 20:40:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/05/26 17:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/06 15:38:14 | 000,000,000 | ---D | M]
 
[2009/12/03 22:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tod\AppData\Roaming\Mozilla\Extensions
[2013/06/15 22:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/15 22:41:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Trend Micro Titanium (Enabled) = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.0.0.1318_0\npToolbarChrome.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Tod\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: HTTPS Everywhere = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.6.4_0\
CHR - Extension: TrendMicro Toolbar = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\6.0.0.1318_0\
CHR - Extension: NotScripts = C:\Users\Tod\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\
 
O1 HOSTS File: ([2013/06/13 09:05:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-4210141267-392818972-1597502250-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-4210141267-392818972-1597502250-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-4210141267-392818972-1597502250-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-4210141267-392818972-1597502250-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-4210141267-392818972-1597502250-1000\..Trusted Domains: live.com ([onecare] http in Trusted sites)
O15 - HKU\S-1-5-21-4210141267-392818972-1597502250-1001\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD02E0A0-1DB4-4E5F-B21F-C0219FF31314}: DhcpNameServer = 192.168.15.1
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1130\7.5.1130\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.5.1331\6.8.1094\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: Q:\Pictures\A1 Background pix 210\3X wallpapers\Chloe M\Chloe Med-CU\chloe M Hugo 3X.bmp
O24 - Desktop BackupWallPaper: Q:\Pictures\A1 Background pix 210\3X wallpapers\Chloe M\Chloe Med-CU\chloe M Hugo 3X.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/22 10:30:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\G:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/15 22:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/15 19:22:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/14 19:10:29 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/06/14 19:10:28 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/06/14 19:09:40 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/06/14 19:09:36 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/06/14 19:09:29 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/06/14 19:09:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/06/14 19:09:10 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/06/14 19:09:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/06/14 19:09:09 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/06/14 19:09:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/06/14 19:09:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/06/14 19:09:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/06/14 19:09:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/06/14 19:09:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/06/14 19:09:08 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/06/14 19:09:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/06/14 19:09:07 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/06/14 19:09:07 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/06/14 19:09:07 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/06/14 19:09:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/06/14 19:09:07 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/06/14 19:09:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/06/14 19:09:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/06/14 19:09:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013/06/13 09:19:22 | 000,000,000 | ---D | C] -- C:\Users\Tod\AppData\Local\temp
[2013/06/13 09:06:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/06/10 19:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Optimizer
[2013/06/10 19:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\Startup Optimizer
[2013/06/03 22:37:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/02 18:48:57 | 000,000,000 | ---D | C] -- C:\Users\Tod\AppData\Local\VS Revo Group
[2013/06/02 18:48:33 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/06/02 18:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/06/02 18:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/06/02 13:18:15 | 000,000,000 | ---D | C] -- C:\Users\Tod\.idlerc
[2013/05/18 16:39:38 | 000,000,000 | ---D | C] -- C:\Users\Tod\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.6
[2013/05/18 16:38:55 | 000,000,000 | ---D | C] -- C:\Python26
[2010/07/24 19:47:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Tod\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/16 18:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/16 18:47:30 | 000,000,847 | ---- | M] () -- C:\Users\Tod\Desktop\Bleeping  computer OTL scan.rtf
[2013/06/16 18:45:29 | 000,000,820 | ---- | M] () -- C:\Users\Tod\Desktop\Document.rtf
[2013/06/16 18:23:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/16 18:23:23 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/16 18:22:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/16 18:18:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210141267-392818972-1597502250-1000UA.job
[2013/06/16 13:11:53 | 000,627,786 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/16 13:11:53 | 000,111,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/16 10:50:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/06/16 10:30:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd620d10d0ceb2.job
[2013/06/16 10:23:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/06/16 10:23:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/16 10:22:48 | 3219,677,184 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/16 02:18:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4210141267-392818972-1597502250-1000Core.job
[2013/06/15 22:41:55 | 000,000,874 | ---- | M] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/15 20:41:32 | 000,000,259 | ---- | M] () -- C:\Users\Tod\Desktop\fffDocument.rtf
[2013/06/15 15:23:51 | 000,001,349 | ---- | M] () -- C:\Users\Tod\Desktop\CommSpeed Torrent daily useage totals.rtf - Shortcut.lnk
[2013/06/14 12:22:29 | 000,000,657 | ---- | M] () -- C:\Users\Tod\Desktop\Scam phone numbers.rtf - Shortcut.lnk
[2013/06/14 11:26:25 | 000,038,460 | ---- | M] () -- C:\Users\Tod\AppData\Roaming\wklnhst.dat
[2013/06/13 15:54:52 | 000,056,832 | ---- | M] () -- C:\Users\Tod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/13 09:05:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/06/13 08:36:04 | 000,000,505 | ---- | M] () -- C:\Users\Tod\Desktop\StartUp Programs - Shortcut.lnk
[2013/06/12 03:51:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/06/12 03:51:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/04 08:52:48 | 000,001,999 | ---- | M] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/02 18:48:36 | 000,001,093 | ---- | M] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/06/02 11:54:27 | 000,001,438 | ---- | M] () -- C:\Users\Tod\Documents\adults only portal .htm
[2013/06/01 13:38:22 | 000,333,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/31 21:21:54 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\etc\default Hosts
[2013/05/20 13:44:30 | 000,000,666 | ---- | M] () -- C:\Users\Tod\Desktop\thomas lease addendum.rtf - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/16 18:47:21 | 000,000,847 | ---- | C] () -- C:\Users\Tod\Desktop\Bleeping  computer OTL scan.rtf
[2013/06/16 10:55:31 | 000,000,820 | ---- | C] () -- C:\Users\Tod\Desktop\Document.rtf
[2013/06/15 22:24:37 | 000,000,874 | ---- | C] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/15 15:23:39 | 000,001,349 | ---- | C] () -- C:\Users\Tod\Desktop\CommSpeed Torrent daily useage totals.rtf - Shortcut.lnk
[2013/06/14 12:22:29 | 000,000,657 | ---- | C] () -- C:\Users\Tod\Desktop\Scam phone numbers.rtf - Shortcut.lnk
[2013/06/13 08:50:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/13 08:36:04 | 000,000,505 | ---- | C] () -- C:\Users\Tod\Desktop\StartUp Programs - Shortcut.lnk
[2013/06/09 10:51:26 | 000,000,259 | ---- | C] () -- C:\Users\Tod\Desktop\fffDocument.rtf
[2013/06/03 22:37:58 | 000,001,999 | ---- | C] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/02 18:48:36 | 000,001,093 | ---- | C] () -- C:\Users\Tod\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/06/02 11:54:21 | 000,001,438 | ---- | C] () -- C:\Users\Tod\Documents\adults only portal .htm
[2013/06/01 13:37:43 | 3219,677,184 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/20 13:44:30 | 000,000,666 | ---- | C] () -- C:\Users\Tod\Desktop\thomas lease addendum.rtf - Shortcut.lnk
[2013/05/14 16:02:25 | 000,000,218 | ---- | C] () -- C:\Users\Tod\.recently-used.xbel
[2013/04/01 02:40:08 | 000,125,440 | ---- | C] () -- C:\Windows\System32\lua5.1a.dll
[2013/01/01 05:16:06 | 000,000,101 | ---- | C] () -- C:\Windows\System32\ud-boot-time.ini
[2012/12/04 05:03:13 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/11/29 20:40:10 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2012/11/29 20:38:07 | 000,000,036 | ---- | C] () -- C:\Users\Tod\AppData\Local\housecall.guid.cache
[2012/05/09 11:21:29 | 000,000,035 | ---- | C] () -- C:\Users\Tod\AppData\Roaming\mbam.context.scan
[2011/08/06 18:37:02 | 000,000,330 | ---- | C] () -- C:\Windows\ULead32.ini
[2010/08/19 22:48:26 | 000,000,113 | ---- | C] () -- C:\Users\Tod\kvirc4.ini
[2010/07/24 19:47:07 | 000,007,887 | ---- | C] () -- C:\Users\Tod\AppData\Roaming\pcouffin.cat
[2010/07/24 19:47:07 | 000,001,144 | ---- | C] () -- C:\Users\Tod\AppData\Roaming\pcouffin.inf
[2009/12/16 13:08:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/06 23:57:15 | 000,000,579 | ---- | C] () -- C:\Users\Tod\AppData\Roaming\AutoGK.ini
[2009/04/18 20:45:07 | 000,038,460 | ---- | C] () -- C:\Users\Tod\AppData\Roaming\wklnhst.dat
[2009/04/01 17:23:30 | 000,056,832 | ---- | C] () -- C:\Users\Tod\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 16:59:25 | 000,001,356 | ---- | C] () -- C:\Users\Tod\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users