Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Improperly removed Trojan.Agent/Gen-Spsproc and Adware-Zwangi issues


  • This topic is locked This topic is locked
21 replies to this topic

#1 Markaina

Markaina

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 07 September 2013 - 05:17 PM

I'm running XP Pro Service Pack 3

 

I started getting emails out of the blue saying that email sent was bounced back because of mail boxes being full or closed, so I knew I had been infected with something.  After a scan, I found that I was suffering with Trojan.Agent/Gen-Sisproc and something called Adware-Zwangi.

 

I honestly thought I had removed it but I keep getting those bounced emails.  I'm really afraid that I'm going to have to format this old system and I'd like to avoid that if all possible.

 

Thank you so much.

 

Markaina

 

 

 

Here's the DDS.txt file:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.11.2
Run by User at 16:45:39 on 2013-09-07
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2012 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\TrojanHunter 5.5\THGuard.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application

data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spotify Web Helper] "c:\documents and settings\user\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [THGuard] "c:\program files\trojanhunter 5.5\THGuard.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\trillian.lnk - c:\program files\trillian\trillian.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Clip Image - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Clip selection - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Clip this page - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Clip URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: New Note - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358403714343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{036E587A-B2C1-4BD5-BF81-48A0ABE4C66E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0EC6DE9C-B7E1-489B-9178-1141A2D93A83} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\f80qcrf5.default-1358406207156\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\adobe extension manager cs6\npAdobeExManDetectX86.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\nitro\pro 8\npdf.dll
FF - plugin: c:\program files\nitro\pro 8\npnitroie.dll
FF - plugin: c:\program files\nitro\pro 8\npnitromozilla.dll
FF - plugin: c:\program files\nitro\pro 8\NPShellExtension.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-09-07 16:01; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\all users\application

data\realnetworks\realdownloader\browserplugins\firefox\Ext
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 211560]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 MpKsle696e595;MpKsle696e595;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{41e43466-f28f-456c-9c63-701b19f2d557}\MpKsle696e595.sys [2013-9-7 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/01/17 17:26:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\daz 3d\content management service\ContentManagementServer.exe [2012-2-7 18432]
R2 HTCMonitorService;HTCMonitorService;c:\program files\htc\htc sync manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\logitech\solarapp\L4301_Solar.exe [2010-10-26 319568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2011-12-29 10384]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-12-19 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-12-19 70152]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2012-12-7 167424]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-1-18 50176]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-1-18 2105728]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S1 rwxkzbsr;rwxkzbsr;\??\c:\windows\system32\drivers\rwxkzbsr.sys --> c:\windows\system32\drivers\rwxkzbsr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 cpuz134;cpuz134;\??\c:\docume~1\user\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2013-5-11 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2012-12-7 21248]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-09-07 21:42:46    --------    d-----w-    c:\documents and settings\user\application data\TrojanHunter
2013-09-07 21:12:34    --------    d-----w-    c:\documents and settings\all users\application data\TrojanHunter
2013-09-07 21:12:28    --------    d-----w-    c:\program files\TrojanHunter 5.5
2013-09-07 21:02:53    --------    d-----w-    c:\documents and settings\user\application data\RealNetworks
2013-09-07 21:01:27    --------    d-----w-    c:\program files\RealNetworks
2013-09-07 21:01:27    --------    d-----w-    c:\documents and settings\all users\application data\RealNetworks
2013-09-07 21:00:44    --------    d-----w-    c:\program files\common files\xing shared
2013-09-07 20:54:47    29904    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{41e43466-f28f-456c-9c63-701b19f2d557}\MpKsle696e595.sys
2013-09-07 20:45:12    --------    d-----w-    c:\program files\OpenOffice 4
2013-09-07 20:34:02    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-09-07 04:32:31    7166848    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\{41e43466-f28f-456c-9c63-701b19f2d557}\mpengine.dll
2013-09-06 04:32:26    7166848    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition

updates\backup\mpengine.dll
2013-08-17 18:00:00    92056    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2013-08-17 18:00:00    20616088    ----a-w-    c:\program files\mozilla firefox\xul.dll
2013-08-15 08:09:27    --------    d-----w-    c:\windows\system32\MRT
2013-08-09 03:28:40    --------    d-----w-    c:\documents and settings\user\local settings\application data\Evernote
2013-08-09 03:28:06    --------    d-----w-    c:\program files\Evernote
.
==================== Find3M  ====================
.
2013-09-07 20:59:33    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-09-07 20:59:33    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-08-21 11:59:17    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-21 11:59:17    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-03 19:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-07-26 02:47:17    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-07-26 02:47:13    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-07-26 02:47:12    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-07-25 15:52:59    385024    ------w-    c:\windows\system32\html.iec
2013-07-20 06:51:00    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-10 06:32:40    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-07-04 03:03:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-19 02:50:08    211560    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2011-03-26 03:01:00    203776    --sh--w-    c:\windows\system32\unrar.exe
2011-03-26 03:00:56    203776    --sh--w-    c:\windows\system32\56ea9d7685b4aef1c712fddf1d3ab782\unrar.exe
.
============= FINISH: 16:51:38.59 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 10 September 2013 - 05:38 PM

Hi Markaina and welcome to BC.
 

I'm really afraid that I'm going to have to format this old system and I'd like to avoid that if all possible.

I'm sure we can avoid that. :)

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.


P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Recommendation:
We stopped recommending spybot search & destroy awhile ago due to bad testing results.
As you have SuperAntiSpyware and MalwareBytes Antimalware on your system it really isn't needed.
I recommend you remove it.


Step 1
It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG 2013 or Microsoft Security Essentials.



Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .

    Step 3
    • Download OTL to your desktop.
      right click on the link and select 'Save Link/Target As'.

      if you have problems, try this download link:
      OTL
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .
    Otllatest.png

    Now copy the lines in bold below.

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      scan-fix.png
      .
    • Click the Run Scan button.

      runscan.png
    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
    In your next reply, please submit:
    JRT.txt
    AdwCleaner report
    and both reports from Otl


    Thanks.

BBPP6nz.png


#3 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 10 September 2013 - 07:09 PM

OK, I happily removed BitTorrent as it was the only P2P name I recognized.  Are there others on my computer that show up?  I also removed AVG and Spybot.

 

Here are the log files you asked for.

 

JRT.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Microsoft Windows XP x86
Ran by User on Tue 09/10/2013 at 18:40:15.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2786678
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3225826
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\premium"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\User\start menu\programs\free registry cleaner"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml"
Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\f80qcrf5.default-1358406207156\prefs.js

user_pref("extensions.AMAZONNEW_NS_PH.searchconf", "{\n  \"google\" : {\n    \"urlexp\" : \"hxxp(s)?:\\\\/\\\\/www\\\\.google\\\\..*\\\\/.*[?#&]q=([^&]+)\",\n    \"rankometer\



~~~ Chrome

Dumping contents of C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\gnoahbieoaocfljihojkalbmeohogihk
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\gnoahbieoaocfljihojkalbmeohogihk\manifest.json

Successfully deleted: [Folder] C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0]
Successfully deleted: [Folder] C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Folder] C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/10/2013 at 18:42:41.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

AdwCleaner[SO].txt

 

# AdwCleaner v3.003 - Report created 10/09/2013 at 18:46:39
# Updated 07/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - VISION-2353CC29
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\User\IECompatCache
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\jetpack
File Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [2307 octets] - [10/09/2013 18:45:28]
AdwCleaner[S0].txt - [1626 octets] - [10/09/2013 18:46:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1686 octets] ##########
 

OTL.txt

 

OTL logfile created on: 9/10/2013 6:54:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 79.93% Memory free
5.09 Gb Paging File | 4.62 Gb Available in Paging File | 90.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 230.05 Gb Free Space | 49.39% Space Free | Partition Type: NTFS
Drive D: | 589.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 57.87 Gb Free Space | 24.85% Space Free | Partition Type: NTFS
 
Computer Name: VISION-2353CC29 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\User\Desktop\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
PRC - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
PRC - C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
PRC - C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Logitech, Inc.)
PRC - C:\WINDOWS\system32\acs.exe (Atheros)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
MOD - C:\Program Files\Trillian\libpng15.dll ()
MOD - C:\Program Files\Trillian\libungif.dll ()
MOD - C:\Program Files\Trillian\zlib1.dll ()
MOD - c:\Program Files\Trillian\languages\en\buddy.dll ()
MOD - c:\Program Files\Trillian\languages\en\talk.dll ()
MOD - c:\Program Files\Trillian\languages\en\trillian.dll ()
MOD - c:\Program Files\Trillian\languages\en\events.dll ()
MOD - c:\Program Files\Trillian\languages\en\toolkit.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Program Files\HTC\HTC Sync Manager\NInstallerHelper.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll ()
MOD - C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll ()
MOD - C:\Documents and Settings\User\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
MOD - C:\Documents and Settings\User\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Evernote\Evernote\libxml2.dll ()
MOD - C:\Program Files\Evernote\Evernote\libtidy.dll ()
MOD - C:\Program Files\DAZ 3D\Content Management Service\vserver_x86.dll ()
MOD - C:\Program Files\DAZ 3D\Content Management Service\ace.dll ()
MOD - C:\Program Files\DAZ 3D\Content Management Service\ace_ssl.dll ()
MOD - C:\Program Files\DAZ 3D\Content Management Service\asnmp.dll ()
MOD - C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (HTCMonitorService) -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool8) -- C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe (Nitro PDF Software)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (L4301_Solar) -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Logitech, Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe (Atheros)
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe (Atheros Communications, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (rwxkzbsr) -- C:\WINDOWS\system32\drivers\rwxkzbsr.sys File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (cpuz134) -- C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\WINDOWS\system32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\WINDOWS\system32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (WN111v2) -- C:\WINDOWS\system32\drivers\WN111v2.sys (Atheros Communications, Inc.)
DRV - (WSIMD) -- C:\WINDOWS\system32\drivers\wsimd.sys (Atheros Communications, Inc.)
DRV - (DNINDIS5) -- C:\WINDOWS\system32\DNINDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9SE_ENUS/120
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = E7 C1 BA 0C 1A E3 F7 4C 9E B6 D4 A9 8A 8C 26 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A943044B-D99B-4BF2-953B-D10A6E1F63E1}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\User\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/07 16:01:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/07 16:01:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/17 12:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/10 18:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/07 21:55:28 | 000,000,000 | ---D | M]
 
[2011/04/10 17:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2011/01/18 23:48:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/08/20 02:33:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\extensions
[2013/01/17 02:08:20 | 000,401,328 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2013/08/20 02:33:11 | 000,009,078 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi
[2013/07/31 16:04:06 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/02 18:50:55 | 000,275,449 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/08/17 12:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/17 12:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/08/17 12:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/17 12:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/08/17 12:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/17 13:00:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/07 16:01:28 | 000,000,000 | ---D | M] (RealDownloader) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013/09/07 16:00:21 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.5.3_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj\2.0.5.3_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\
CHR - Extension: No name found = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
 
O1 HOSTS File: ([2013/03/30 21:58:09 | 000,445,511 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 15325 more lines...
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358403714343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{036E587A-B2C1-4BD5-BF81-48A0ABE4C66E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EC6DE9C-B7E1-489B-9178-1141A2D93A83}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/18 04:24:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 07:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WN111v2\WN111V2.exe - (NETGEAR)
MsConfig - StartUpFolder: C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk - C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS6ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: iXL_MiddleWare - hkey= - key= - C:\Program Files\Fisher-Price\iXL\iXL.Middleware.exe (Fisher-Price)
MsConfig - StartUpReg: Kernel and Hardware Abstraction Layer - hkey= - key= - C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
MsConfig - StartUpReg: PDVD9LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl9 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Documents and Settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/10 18:51:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.scr
[2013/09/10 18:45:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/10 18:40:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/10 18:39:04 | 001,029,490 | ---- | C] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/09/09 11:23:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/09/07 16:42:59 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\User\Desktop\dds(1).com
[2013/09/07 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\TrojanHunter
[2013/09/07 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.5
[2013/09/07 16:02:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\RealNetworks
[2013/09/07 16:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/09/07 16:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RealNetworks
[2013/09/07 16:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/09/07 15:46:22 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice 4.0.0
[2013/09/07 15:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice 4
[2013/09/07 15:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
[2013/09/07 15:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2013/09/07 15:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\mbar
[2013/08/17 12:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/15 03:09:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/10 18:51:54 | 000,570,562 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/10 18:51:54 | 000,107,604 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/10 18:51:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.scr
[2013/09/10 18:48:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/10 18:48:17 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/10 18:48:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/10 18:48:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/10 18:47:49 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 18:47:49 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/09/10 18:47:49 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/10 18:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/10 18:46:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/10 18:44:27 | 001,037,278 | ---- | M] () -- C:\Documents and Settings\User\Desktop\AdwCleaner(1).exe
[2013/09/10 18:39:05 | 001,029,490 | ---- | M] (Thisisu) -- C:\Documents and Settings\User\Desktop\JRT.exe
[2013/09/10 18:35:57 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/10 18:17:04 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1060284298-725345543-1003UA.job
[2013/09/10 18:17:04 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1060284298-725345543-1003Core.job
[2013/09/10 17:59:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/10 17:50:01 | 000,000,324 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/10 15:07:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/09/10 02:00:07 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-VISION-2353CC29-User.job
[2013/09/09 19:32:43 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/08 18:18:10 | 000,180,932 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Jeep Image to try to use for There.jpg
[2013/09/07 16:43:07 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\User\Desktop\dds(1).com
[2013/09/07 16:12:43 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2013/09/07 16:01:38 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/09/07 16:00:30 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2013/09/07 16:00:14 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2013/09/07 16:00:14 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2013/09/07 16:00:08 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2013/09/07 15:54:31 | 003,491,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/07 15:46:26 | 000,000,877 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice 4.0.0.lnk
[2013/09/05 12:05:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
[2013/09/05 11:19:36 | 001,243,334 | ---- | M] () -- C:\Documents and Settings\User\Desktop\IMAG0453-MOTION.gif
[2013/09/04 20:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/09/04 01:19:26 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/04 01:19:26 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2013/08/21 06:59:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/21 06:59:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/17 17:44:40 | 000,060,839 | ---- | M] () -- C:\Documents and Settings\User\My Documents\ThereNametagColorValues_zps62f61027.png
[2013/08/17 17:44:40 | 000,060,839 | ---- | M] () -- C:\Documents and Settings\User\My Documents\There Nametag Values.png
[2013/08/16 14:18:37 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/08/15 03:13:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Desktop\*.tmp files -> C:\Documents and Settings\User\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/10 18:44:26 | 001,037,278 | ---- | C] () -- C:\Documents and Settings\User\Desktop\AdwCleaner(1).exe
[2013/09/08 18:18:08 | 000,180,932 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Jeep Image to try to use for There.jpg
[2013/09/07 16:12:31 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2013/09/07 16:01:38 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2013/09/07 15:46:25 | 000,000,877 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice 4.0.0.lnk
[2013/09/05 11:19:33 | 001,243,334 | ---- | C] () -- C:\Documents and Settings\User\Desktop\IMAG0453-MOTION.gif
[2013/08/17 17:45:20 | 000,060,839 | ---- | C] () -- C:\Documents and Settings\User\My Documents\There Nametag Values.png
[2013/08/17 17:45:03 | 000,060,839 | ---- | C] () -- C:\Documents and Settings\User\My Documents\ThereNametagColorValues_zps62f61027.png
[2013/08/16 14:26:41 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/07/11 11:50:07 | 000,253,758 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1220945662-1060284298-725345543-1003-0.dat
[2013/07/06 22:27:12 | 000,001,642 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2013/07/04 12:53:52 | 000,247,842 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/06 08:44:25 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/06/05 13:35:05 | 000,000,184 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/02/10 17:42:21 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2013/02/03 20:57:34 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\User\Application Data\Adobe PNG Format CS6 Prefs
[2013/02/01 12:01:14 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/01 12:01:14 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/01 12:01:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/01 12:01:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/01 12:01:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/08 22:30:34 | 002,284,064 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/20 00:57:15 | 000,000,113 | ---- | C] () -- C:\WINDOWS\(null)toolkit.ini
[2012/02/16 17:31:07 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2012/02/16 13:48:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/23 18:15:22 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\User\elists.db
[2011/03/25 22:17:30 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\User\.rnd
[2011/01/17 18:17:57 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2011/01/18 05:37:38 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/11/05 00:05:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/03/30 22:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alien Skin
[2011/05/04 05:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avatar Reality
[2013/09/10 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/06/02 13:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Battle.net
[2012/04/20 00:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2013/06/06 16:39:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/08/07 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Curse Client
[2012/02/07 15:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAZ 3D
[2012/12/30 22:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2011/01/23 20:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price
[2013/05/11 14:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/01/17 00:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/09/10 18:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/05/11 14:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/01/18 21:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NETGEAR
[2012/12/30 22:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro
[2013/08/15 08:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2013/01/26 17:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2011/06/04 22:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/03/13 01:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\.minecraft
[2011/01/30 03:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Acreon
[2013/03/30 22:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Alien Skin
[2011/04/05 22:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Amazon
[2013/01/26 16:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/02/07 15:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DAZ 3D
[2012/12/30 21:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Downloaded Installations
[2013/09/10 18:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2012/04/06 23:04:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ElevatedDiagnostics
[2012/12/30 22:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FileOpen
[2012/02/11 00:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Firestorm
[2011/01/23 20:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Fisher-Price
[2011/08/19 19:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FrostWire
[2011/08/18 01:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GetRightToGo
[2013/07/06 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\gtk-2.0
[2013/05/11 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HTC
[2013/05/11 14:36:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HTC Sync
[2011/12/29 22:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2012/12/02 18:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mumble
[2012/12/30 22:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Nitro
[2011/01/19 00:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\onverse
[2011/11/06 00:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2012/01/25 17:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Opera
[2013/01/26 17:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PDAppFlex
[2011/03/25 22:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Reviversoft
[2011/02/05 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\RIFT
[2012/09/26 20:35:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\runic games
[2013/09/06 12:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Spotify
[2013/09/10 18:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TeraCopy
[2011/01/18 23:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Thunderbird
[2012/01/09 21:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Trillian
[2013/09/07 16:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TrojanHunter
[2011/07/01 03:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TS3Client
[2011/07/01 01:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ts3overlay
[2013/06/06 16:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TuneUp Software
[2011/02/28 23:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/03/25 23:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/01/17 02:00:54 | 000,004,818 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2011/01/18 04:24:54 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2013/02/01 11:49:54 | 000,000,172 | ---- | M] () -- C:\Boot.bak
[2013/02/01 13:10:24 | 000,000,310 | -HS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013/02/01 12:45:05 | 000,028,948 | ---- | M] () -- C:\ComboFix.txt
[2011/01/18 04:24:54 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/04/09 16:32:57 | 000,000,000 | ---- | M] () -- C:\DVDPATH.TXT
[2008/04/11 10:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
[2008/04/11 10:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
[2008/04/11 10:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
[2008/04/11 10:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
[2008/04/11 10:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
[2008/04/11 10:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
[2008/04/11 10:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 10:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2008/04/11 10:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
[2008/04/11 10:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
[2008/04/11 10:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2008/04/11 10:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 08:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 08:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 08:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 08:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 08:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 08:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 10:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 08:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 08:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/18 04:24:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/18 04:24:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2013/01/17 02:17:30 | 000,262,144 | ---- | M] () -- C:\NTUser.dat
[2013/01/17 02:17:30 | 000,001,024 | -H-- | M] () -- C:\NTUser.dat.LOG
[2013/09/10 18:47:40 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2013/06/30 23:49:29 | 000,000,627 | ---- | M] () -- C:\rkill.log
[2013/02/01 11:50:58 | 000,083,422 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_01.02.2013_10.50.11_log.txt
[2013/01/17 02:19:00 | 000,000,000 | ---- | M] () -- C:\temp.txt
[2008/04/11 10:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/04/11 10:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
[2008/04/11 10:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
< %systemroot%\System32\config\*.sav >
[2011/01/17 22:10:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/01/17 22:10:57 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/01/17 22:10:57 | 000,921,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %PROGRAMFILES%\* >
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/17 13:00:06 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/17 13:00:06 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/17 13:00:06 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/17 13:00:31 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/17 13:00:31 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/17 13:00:31 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/17 13:00:06 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/17 13:00:06 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/17 13:00:06 | 000,869,656 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2013/08/17 13:00:31 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/08/17 13:00:31 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/17 13:00:31 | 000,276,376 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/07/25 21:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2012/01/25 17:26:10 | 000,949,104 | ---- | M] (Opera Software)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\WINDOWS:nlsPreferences

< End of report >
 

 

 

Extras.txt

 

OTL Extras logfile created on: 9/10/2013 6:54:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 79.93% Memory free
5.09 Gb Paging File | 4.62 Gb Available in Paging File | 90.80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 230.05 Gb Free Space | 49.39% Space Free | Partition Type: NTFS
Drive D: | 589.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 57.87 Gb Free Space | 24.85% Space Free | Partition Type: NTFS
 
Computer Name: VISION-2353CC29 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\D3DX9_4132.exe" = C:\WINDOWS\system32\D3DX9_4132.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\fontextwow.exe" = C:\WINDOWS\fontextwow.exe:*:Enabled:Windows Update Service
"C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe" = C:\Program Files\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe:*:Enabled:Star Wars - The Old Republic
"C:\Documents and Settings\User\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent
"C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe" = C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\Blue Mars\Bin32\BlueMars.exe" = C:\Program Files\Blue Mars\Bin32\BlueMars.exe:*:Enabled:Blue Mars
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\User\My Documents\Downloads\ChampionsDownloader_Atari.exe" = C:\Documents and Settings\User\My Documents\Downloads\ChampionsDownloader_Atari.exe:*:Enabled:ChampionsDownloader_Atari -- ()
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC
"C:\Program Files\Microsoft Games\Project S\Spartan.exe" = C:\Program Files\Microsoft Games\Project S\Spartan.exe:*:Enabled:Spartan -- (Robot Entertainment)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Makena\ThereIM\ThereIM.exe" = C:\Makena\ThereIM\ThereIM.exe:*:Enabled:There Client Program -- (There, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Makena\There\ThereClient\There.exe" = C:\Makena\There\ThereClient\There.exe:*:Enabled:There -- (There, Inc.)
"C:\Program Files\Steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe" = C:\Program Files\Steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe:*:Enabled:Vampire: The Masquerade - Bloodlines -- ()
"C:\Program Files\SHOUTcast\sc_serv.exe" = C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:Nullsoft SHOUTcast DNAS (sc_serv) v2 -- (Aol LLC)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Istaria\jlauncher.exe" = C:\Program Files\Istaria\jlauncher.exe:*:Enabled:Istaria Launcher -- ()
"C:\Program Files\Istaria\istaria.exe" = C:\Program Files\Istaria\istaria.exe:*:Enabled:istaria -- ()
"C:\Program Files\DAZ 3D\BryceLightning7\Lightning.exe" = C:\Program Files\DAZ 3D\BryceLightning7\Lightning.exe:*:Enabled:Lightning -- (DAZ 3D, Inc.)
"C:\Program Files\Diablo III\Diablo III.exe" = C:\Program Files\Diablo III\Diablo III.exe:*:Enabled:Diablo III -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe" = C:\Program Files\Steam\steamapps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1363\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\User\Application Data\Spotify\spotify.exe" = C:\Documents and Settings\User\Application Data\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1544\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\User\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe" = C:\Documents and Settings\User\Local Settings\Application Data\Torch\Plugins\Torrent\TorchTorrent.exe:*:Enabled:Torch Torrent
"C:\Documents and Settings\User\My Documents\RAWBOTS\rawbots.exe" = C:\Documents and Settings\User\My Documents\RAWBOTS\rawbots.exe:*:Enabled:rawbots -- ()
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1675\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe" = C:\Program Files\HTC\HTC Sync Manager\HTCSyncManager.exe:*:Enabled:HTCSyncManager -- ()
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1737\Agent.exe:*:Enabled:Battle.net Update Agent
"C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe" = C:\Program Files\Steam\steamapps\common\portal 2\portal2.exe:*:Enabled:Portal 2 -- ()
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2000\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2000\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
"C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2006\Agent.exe" = C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.2006\Agent.exe:*:Enabled:Battle.net Update Agent -- (Blizzard Entertainment)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028E9F95-38CF-2DFB-4649-385EC9B87F7C}" = CCC Help Dutch
"{0321862A-7D54-704E-DF47-3DA357BE5CA9}" = Skins
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{096CA4ED-08BE-809A-5D6A-3B3D35709344}" = CCC Help Czech
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{18568CD2-E416-08AF-9763-01B0291A8485}" = CCC Help Spanish
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1E9B79AD-D5F7-5905-73AC-FD6E05F9BE50}" = CCC Help French
"{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}" = Adobe Touch App Plugins
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A281E11-2066-4A0A-8E01-E3B2DAE1B2DF}" = Fisher-Price iXL - Kai-lan
"{2B02FBF3-E6E9-2D4D-BE69-7888859352DC}" = CCC Help Greek
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{326B74E7-3E43-9213-9B8F-109896594DFE}" = CCC Help Hungarian
"{3413B6DE-1E21-5B11-31EC-FBD206DE7D9D}" = Catalyst Control Center Graphics Full New
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{618B865F-5038-EECD-66AA-61C11D240173}" = Catalyst Control Center Graphics Full Existing
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FCBA7C0-960E-9E26-8F79-C74DACDED884}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FFB0AA8-0E4F-575D-C3DF-25D36E9A9C02}" = ccc-core-preinstall
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86546ABB-3E1A-49D6-B938-83EBF8D151DD}" = Fisher-Price iXL Computer Software
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88AF096F-0BE7-31A1-58C1-396400D16D08}" = CCC Help Swedish
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A289CCD-4317-4C5C-A961-FFEF0177BD51}" = Catalyst Control Center - Branding
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
"{8F37078D-428C-508D-560E-140401125628}" = CCC Help Chinese Traditional
"{8F6547BF-C899-441D-9984-C1477D8D3BB0}" = CCC Help Korean
"{9082CD2B-F27B-5324-FE43-50AE0CF98E4C}" = CCC Help Japanese
"{9232CA78-2181-45C8-82D4-2D3B3C4BE470}" = THERE aztec3 Master Sound Patch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93612076-BDBA-5188-8585-1771AE832240}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{98B14094-8FCC-FD5C-4EA5-B04D83674789}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9A6A51A4-E607-B86A-D571-035DD6576646}" = Catalyst Control Center Localization All
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C08C3E3-E973-49AB-809C-A82FDC04E002}" = Nitro Pro 8
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}" = Evernote v. 4.6.7
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC5F944A-4854-4976-2DC9-E368E20F4820}" = CCC Help Danish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B2715152-987F-9792-BE18-B19881405E91}" = CCC Help Polish
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B35CFA75-C51E-9813-2539-C03F30F0EBD2}" = ccc-core-static
"{B4D4BA2F-5619-47DB-0047-A52EE0E29AB6}" = CCC Help Portuguese
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B91F145C-032C-8C5A-6D78-7D3ECB1D431B}" = CCC Help Italian
"{BAB60329-1088-4995-89B2-AEB7125F0B7D}" = Fisher-Price iXL - Dinosaurs
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{C9B6BE8E-3A11-4CA2-88CA-40454606EFB5}" = Fisher-Price iXL - Toy Story
"{CBAF3A46-79DB-7A6B-6829-2A9308DFBD04}" = Catalyst Control Center Graphics Light
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA8B6E61-892D-424D-2DF0-2B57B445A51D}" = ccc-utility
"{DE40C570-2CCE-7C86-A493-D925818A0A5E}" = CCC Help German
"{E0EE019B-FC88-E75F-5E39-4CB2B9340EA6}" = CCC Help Thai
"{E9034ADB-3488-4850-BEA8-23BC894E353E}" = Fisher-Price iXL - SpongeBob
"{EB38C3E0-4863-3123-9114-5BE86EC8E5C7}" = Google Talk Plugin
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2546F0F-4EC7-C17D-89C9-230DF4856D9C}" = CCC Help Chinese Standard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FD437D7D-5FCD-36A6-5DC3-ACCB74310ECF}" = Catalyst Control Center Core Implementation
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEBB0C39-F56D-3254-C3EF-14A8CE2B0DAD}" = CCC Help Turkish
"{FF9C0657-A77D-EBB2-D354-C09E46881F4C}" = CCC Help Norwegian
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alien Skin Eye Candy 7" = Alien Skin Eye Candy 7
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Animation Pack V1.8 - There" = Animation Pack V1.8 - There
"Bryce 7.1 7.1.0.109" = Bryce 7.1
"Bryce Lightning 7.0 7.1.0.109" = Bryce Lightning 7.0
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Crosshair Colors - There" = Crosshair Colors - There
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Studio 4 4.0.3.47" = DAZ Studio 4
"Diablo III" = Diablo III
"DS4 Default Content 4.0.0.19" = DS4 Default Content
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"GoZ DS4 1.0.3.47" = GoZ DS4
"Hexagon 2 2.5.1.79" = Hexagon 2
"Hoverboat Sound Mod v2.1 (There)" = Hoverboat Sound Mod v2.1 (There)
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{2A281E11-2066-4A0A-8E01-E3B2DAE1B2DF}" = Fisher-Price iXL - Kai-lan
"InstallShield_{86546ABB-3E1A-49D6-B938-83EBF8D151DD}" = Fisher-Price iXL Computer Software
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{BAB60329-1088-4995-89B2-AEB7125F0B7D}" = Fisher-Price iXL - Dinosaurs
"InstallShield_{C9B6BE8E-3A11-4CA2-88CA-40454606EFB5}" = Fisher-Price iXL - Toy Story
"InstallShield_{E9034ADB-3488-4850-BEA8-23BC894E353E}" = Fisher-Price iXL - SpongeBob
"Invisible Quest Kit Francis_7 - There" = Invisible Quest Kit Francis_7 - There
"Logitech Unifying" = Logitech Unifying Software 2.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MaxSmoke777 Gravestone Patch - There" = MaxSmoke777 Gravestone Patch - There
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Moving Sky Patch by MarineDude" = Moving Sky Patch by MarineDude
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"No-Fog Patch" = No-Fog Patch 1.0
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Opera 11.61.1250" = Opera 11.61
"RealPlayer 16.0" = RealPlayer
"SHOUTcast" = SHOUTcast DSP Plug-in v2
"SolarApp" = Logitech Solar App 1.0
"Spotify" = Spotify
"StarLion Colored MyThings Icons" = StarLion Colored MyThings Icons
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 620" = Portal 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.12
"The "Oof!!" Patch - There" = The "Oof!!" Patch - There
"There" = There
"ThereBuilderKit" = There Builder Kit
"ThereCon 2007 Drink Pack V3" = ThereCon 2007 Drink Pack V3
"ThereIM" = ThereIM
"TherePainterKit" = There Painter Kit
"ThereStyleMaker" = There StyleMaker
"Trillian" = Trillian
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"8 to 20 high rez pinetree's" = 8 to 20 high rez pinetree's
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software
"jinXplorer" = jinXplorer
"MusicManager" = Music Manager
"NCsoft-CityOfHeroes" = City of Heroes
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"YA There Nametag with Labels Version 2" = YA There Nametag with Labels Version 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/24/2013 12:21:50 AM | Computer Name = VISION-2353CC29 | Source = Application Hang | ID = 1002
Description = Hanging application There.exe, version 2.0.19957.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/24/2013 12:27:12 AM | Computer Name = VISION-2353CC29 | Source = Application Hang | ID = 1002
Description = Hanging application There.exe, version 2.0.19957.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 8/24/2013 12:28:06 AM | Computer Name = VISION-2353CC29 | Source = Application Hang | ID = 1002
Description = Hanging application There.exe, version 2.0.19957.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 9/3/2013 12:26:30 AM | Computer Name = VISION-2353CC29 | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F01F  
 
Error - 9/3/2013 12:26:30 AM | Computer Name = VISION-2353CC29 | Source = MatSvc | ID = 262149
Description = A piece of uploaded data has been rejected by the server. hr=0xC004F01F

 
Error - 9/7/2013 5:04:36 PM | Computer Name = VISION-2353CC29 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
 hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error - 9/7/2013 6:27:40 PM | Computer Name = VISION-2353CC29 | Source = Application Hang | ID = 1002
Description = Hanging application There.exe, version 2.0.19957.0, hang module hungapp,
 version 0.0.0.0, hang address 0x00000000.
 
Error - 9/10/2013 1:38:02 AM | Computer Name = VISION-2353CC29 | Source = MatSvc | ID = 262147
Description = The MATS service encountered a web service failure. hr=0xC004F01F  
 
Error - 9/10/2013 1:38:02 AM | Computer Name = VISION-2353CC29 | Source = MatSvc | ID = 262149
Description = A piece of uploaded data has been rejected by the server. hr=0xC004F01F

 
Error - 9/10/2013 7:38:28 PM | Computer Name = VISION-2353CC29 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.3.215.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
[ System Events ]
Error - 9/10/2013 2:17:38 AM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the avgwd service.
 
Error - 9/10/2013 2:18:29 AM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the avgwd service.
 
Error - 9/10/2013 2:19:03 AM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the avgwd service.
 
Error - 9/10/2013 2:20:02 AM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the avgwd service.
 
Error - 9/10/2013 7:13:55 PM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured  password due to the following error:   %%1326    To ensure
 that the service is  configured properly, use the Services snap-in in Microsoft Management
Console
 (MMC).
 
Error - 9/10/2013 7:13:55 PM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 9/10/2013 7:25:35 PM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured  password due to the following error:   %%1326    To ensure
 that the service is  configured properly, use the Services snap-in in Microsoft Management
Console
 (MMC).
 
Error - 9/10/2013 7:25:35 PM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 9/10/2013 7:48:03 PM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured  password due to the following error:   %%1326    To ensure
 that the service is  configured properly, use the Services snap-in in Microsoft Management
Console
 (MMC).
 
Error - 9/10/2013 7:48:03 PM | Computer Name = VISION-2353CC29 | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 

 

Thank you so much for your time!



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 11 September 2013 - 12:48 AM

Hi Markaina
 

I happily removed BitTorrent as it was the only P2P name I recognized.

That's great, thanks.

Eusing Free Registry Cleaner
We don't recommend the use of Registry Cleaners as they have been known to cause more damage than actually cure.

Step 1
If you encounter any freezing of the Otl fix, you will need to uninstall MBAM then run the Otl fix again.
This is a known problem on some XP systems.
MBAM can be installed again after the fix has run.

Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
DRV - (rwxkzbsr) -- C:\WINDOWS\system32\drivers\rwxkzbsr.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
[2013/09/10 18:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2011/08/19 19:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\FrostWire
[2011/03/25 23:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles


Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 40 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 40".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x86'offline from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
In your next reply, please submit:
Otl fix report
and let me know if there was any problem with the Java update.


Thanks.

BBPP6nz.png


#5 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 11 September 2013 - 01:19 AM

I removed Eusing Free Registry Cleaner - at least I'm pretty sure I did.  I went to uninstall it and my computer said it was no longer there and the icon that is supposed to start the program actually lead nowhere, so I'm guessing that it's gone now.  I don't see it anywhere.

 

I got an error when trying to install the new Java that read GetDefaultBrowserError: 2  Howevever, it shows the java as being installed in my add/remove files listing.

 

 

now for the fixed file:

 

All processes killed
========== OTL ==========
Service rwxkzbsr stopped successfully!
Service rwxkzbsr deleted successfully!
File  C:\WINDOWS\system32\drivers\rwxkzbsr.sys File not found not found.
Service cpuz134 stopped successfully!
Service cpuz134 deleted successfully!
File  C:\DOCUME~1\User\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File  C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys File not found not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip Image\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip selection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip this page\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Clip URL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ctfmon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SpybotSD TeaTimer\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013\log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG2013 folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\xml\data folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\xml folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\themes folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\overlays folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\image_cache folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\torrents folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\tmp folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\plugins folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\net folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\logs folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\dht folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus\active folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\azureus folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\.NetworkShare folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire\.AppSpecialShare folder moved successfully.
C:\Documents and Settings\User\Application Data\FrostWire folder moved successfully.
C:\Documents and Settings\User\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\User\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\User\Application Data\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\User\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 207536 bytes
->Flash cache emptied: 56502 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 1319870 bytes
->Temporary Internet Files folder emptied: 780564 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: User
->Temp folder emptied: 9184526 bytes
->Temporary Internet Files folder emptied: 26789466 bytes
->Java cache emptied: 14037242 bytes
->FireFox cache emptied: 166884635 bytes
->Google Chrome cache emptied: 36815726 bytes
->Opera cache emptied: 7829678 bytes
->Flash cache emptied: 59826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2492156 bytes
%systemroot%\System32 .tmp files removed: 6563857 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2821670 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 309237806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 558.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09112013_005537

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 11 September 2013 - 12:27 PM

Hi Markaina

I started getting emails out of the blue saying that email sent was bounced back because of mail boxes being full or closed

Was this referring to the percipients email box?
It could well be that this is what is being referred to.
Is it just one person that this happens with or is it all emails?

I went to uninstall it and my computer said it was no longer there and the icon that is supposed to start the program actually lead nowhere, so I'm guessing that it's gone now. I don't see it anywhere.

This would mean that the program had been removed at an earlier time, but the removal had left an orphan entry in the Add/Remove.
Nothing to worry about then.

BBPP6nz.png


#7 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 11 September 2013 - 01:03 PM

Hi Markaina
 

I started getting emails out of the blue saying that email sent was bounced back because of mail boxes being full or closed

Was this referring to the percipients email box?
It could well be that this is what is being referred to.
Is it just one person that this happens with or is it all emails?

 

Yes, it referred to the percipient's email box.  The email that I would send (knowingly) was always delivered just fine, but stuff that was sent because of what I suspect was the virus was almost always bounced back.

 

I went to uninstall it and my computer said it was no longer there and the icon that is supposed to start the program actually lead nowhere, so I'm guessing that it's gone now. I don't see it anywhere.

This would mean that the program had been removed at an earlier time, but the removal had left an orphan entry in the Add/Remove.
Nothing to worry about then.

 

Fantastic!

 

Before we continue, I've been meaning to ask:  Is it okay to go ahead and turn my computer off each night before bed while we're in the middle of cleaning my computer?  I've been leaving it on at night when I sleep but just disconnecting the internet USB adapter thing to keep it from being able to talk to the internet.



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 11 September 2013 - 01:09 PM

Before we continue, I've been meaning to ask: Is it okay to go ahead and turn my computer off each night before bed while we're in the middle of cleaning my computer? I've been leaving it on at night when I sleep but just disconnecting the internet USB adapter thing to keep it from being able to talk to the internet.

Yes, it's perfectly ok to turn your system off.
Just going for food, will post again later.

BBPP6nz.png


#9 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 11 September 2013 - 01:50 PM

Fantastic!  Thanks



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 11 September 2013 - 04:44 PM

Yes, it referred to the percipient's email box. The email that I would send (knowingly) was always delivered just fine, but stuff that was sent because of what I suspect was the virus was almost always bounced back.

Ok, i now understand.
How long has it been now since you had any emails bounced back?

We have taken care of any adware problem.
Trojan.Agent/Gen-Sisproc is basically a generic name that covers a multitude of malware.
The added problem is that each Anti Virus vendor seems to want to use their own names for things.
I think to be on the safe side, we should look a little deeper...... just in case.

I see that you ran Combofix on this system..... back in February.
If you still have this on your system please remove it. (right click on the icon and select delete)

Now we'll get a fresh copy.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks

BBPP6nz.png


#11 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 11 September 2013 - 05:18 PM

I found nothing on my computer called ComboFix, but I found two olf files listed as GMER and RKill and I got rid of those.  Here's the log you requested:

 

ComboFix 13-09-10.03 - User 09/11/2013  16:58:28.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3327.2590 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ADS - WINDOWS: deleted 192 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\50f790f7b7ea86.68842313.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\background.html
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\content.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\lsdb.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\manifest.json
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\sqlite.js
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmnclomoccanncahpnmcdmhekffelkjd_0.localstorage-journal
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dmnclomoccanncahpnmcdmhekffelkjd_0.localstorage
c:\documents and settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c611d77b27a2e28d.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\wininit.ini
E:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-11 to 2013-09-11  )))))))))))))))))))))))))))))))
.
.
2013-09-11 13:59 . 2013-09-11 13:59    9430408    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2013-09-11 06:15 . 2013-09-11 06:15    --------    d-----w-    c:\program files\Common Files\Java
2013-09-11 06:15 . 2013-09-11 06:15    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-09-11 06:15 . 2013-09-11 06:15    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-09-11 05:55 . 2013-09-11 05:55    --------    d-----w-    C:\_OTL
2013-09-10 23:45 . 2013-09-10 23:46    --------    d-----w-    C:\AdwCleaner
2013-09-10 23:40 . 2013-09-10 23:40    --------    d-----w-    c:\windows\ERUNT
2013-09-10 23:23 . 2013-08-06 07:28    7166848    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BE21D010-6D8A-4BA1-9FE0-278F798F769E}\mpengine.dll
2013-09-10 00:42 . 2013-08-06 07:28    7166848    ----a-w-    c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-09 18:57 . 2013-09-09 18:57    --------    d-----w-    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2013-09-07 21:42 . 2013-09-07 21:42    --------    d-----w-    c:\documents and settings\User\Application Data\TrojanHunter
2013-09-07 21:12 . 2013-09-07 22:25    --------    d-----w-    c:\program files\TrojanHunter 5.5
2013-09-07 21:02 . 2013-09-07 21:02    --------    d-----w-    c:\documents and settings\User\Application Data\RealNetworks
2013-09-07 21:01 . 2013-09-07 21:01    --------    d-----w-    c:\program files\RealNetworks
2013-09-07 21:01 . 2013-09-07 21:01    --------    d-----w-    c:\documents and settings\All Users\Application Data\RealNetworks
2013-09-07 21:00 . 2013-09-07 21:00    --------    d-----w-    c:\program files\Common Files\xing shared
2013-09-07 20:45 . 2013-09-07 20:45    --------    d-----w-    c:\program files\OpenOffice 4
2013-09-07 20:34 . 2013-09-07 20:34    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-03 13:53 . 2013-09-03 13:53    187248    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-08-15 08:09 . 2013-09-11 08:02    --------    d-----w-    c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 13:59 . 2012-04-03 05:09    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-11 13:59 . 2011-05-19 20:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 06:15 . 2012-07-06 06:11    868264    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-09-11 06:15 . 2011-01-17 21:08    790440    ----a-w-    c:\windows\system32\deployJava1.dll
2013-09-07 20:59 . 2011-01-17 23:25    348160    ----a-w-    c:\windows\system32\msvcr71.dll
2013-09-07 20:59 . 2011-01-17 23:25    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-08-09 01:56 . 2008-04-14 12:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-14 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-14 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-14 12:00    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-14 12:00    385024    ------w-    c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 12:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-07-10 10:37 . 2008-04-14 12:00    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-14 12:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-06-19 02:50 . 2010-10-25 03:25    211560    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2011-03-26 03:01    203776    --sh--w-    c:\windows\system32\unrar.exe
2011-03-26 03:00    203776    --sh--w-    c:\windows\system32\56EA9D7685B4AEF1C712FDDF1D3AB782\unrar.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\documents and settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe" [2013-07-26 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-12-29 15635896]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-09-07 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2013-7-23 1089888]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2013-6-17 2606448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 18:28    72208    ----a-w-    c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06    958576    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2013-06-03 10:06    472984    ----a-w-    c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2013-04-25 08:50    1075296    ----a-w-    c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 03:56    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 18:40    75048    ----a-w-    c:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-13 05:07    136176    ----atw-    c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-01-18 02:49    33714176    ----a-r-    c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:31    1840424    ----a-w-    c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iXL_MiddleWare]
2010-11-29 21:17    52280    ----a-w-    c:\program files\Fisher-Price\iXL\iXL.Middleware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55    55824    ----a-w-    c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29    2221352    ----a-w-    c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-11-06 13:25    570664    ----a-w-    c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2012-12-29 10:31    1982312    ----a-w-    c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-14 02:41    50472    ------w-    c:\program files\CyberLink\PowerDVD9\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 15:55    87336    ------w-    c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 18:59    18705664    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2013-07-26 23:42    1104384    ----a-w-    c:\documents and settings\User\Application Data\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-02-04 04:21    61440    ----a-w-    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16    254336    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37    517096    ----a-w-    c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-09-07 21:00    295512    ----a-w-    c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\User\\My Documents\\Downloads\\ChampionsDownloader_Atari.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Microsoft Games\\Project S\\Spartan.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Makena\\ThereIM\\ThereIM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Makena\\There\\ThereClient\\There.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\vampire the masquerade - bloodlines\\vampire.exe"=
"c:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Istaria\\jlauncher.exe"=
"c:\\Program Files\\Istaria\\istaria.exe"=
"c:\\Program Files\\DAZ 3D\\BryceLightning7\\Lightning.exe"=
"c:\\Program Files\\Diablo III\\Diablo III.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\torchlight\\Torchlight.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\User\\My Documents\\RAWBOTS\\rawbots.exe"=
"c:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2000\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Battle.net\\Agent\\Agent.2006\\Agent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 1:54 PM 116608]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/01/17 17:26];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 8:40 PM 87536]
R2 HTCMonitorService;HTCMonitorService;c:\program files\HTC\HTC Sync Manager\HSMServiceEntry.exe [1/29/2013 9:05 PM 87368]
R2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [10/26/2010 4:25 PM 319568]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/29/2011 10:39 PM 10384]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Nitro\Pro 8\NitroPDFDriverService8.exe [12/19/2012 9:17 PM 196616]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [12/19/2012 9:17 PM 70152]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12/7/2012 6:27 PM 167424]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [8/14/2013 3:19 PM 39056]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [1/18/2011 5:54 AM 50176]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [6/17/2009 11:55 AM 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [6/17/2009 11:55 AM 10384]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [1/18/2011 5:52 AM 2105728]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 4:24 AM 453120]
S2 DAZContentManagementService;DAZ Content Management Service;c:\program files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2/7/2012 3:48 PM 18432]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/11/2013 2:27 PM 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [12/7/2012 6:27 PM 21248]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 12:54 PM 360547]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:59]
.
2013-09-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-VISION-2353CC29-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-06-03 10:06]
.
2013-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2013-09-11 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-09-11 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 06:41]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-11 06:41]
.
2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1060284298-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-13 05:07]
.
2013-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-1060284298-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-13 05:07]
.
2013-09-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 23:05]
.
2013-09-10 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 20:19]
.
2013-09-11 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2013-09-10 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14 20:19]
.
2013-09-11 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2013-09-11 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2013-09-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
2013-09-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1220945662-1060284298-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-08-14 22:13]
.
.
------- Supplementary Scan -------
.
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\f80qcrf5.default-1358406207156\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-09-07 16:01; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Torch - c:\documents and settings\User\Local Settings\Application Data\Torch\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-11 17:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1452)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2013-09-11  17:10:48
ComboFix-quarantined-files.txt  2013-09-11 22:10
ComboFix2.txt  2013-02-01 17:45
.
Pre-Run: 246,947,385,344 bytes free
Post-Run: 246,913,998,848 bytes free
.
- - End Of File - - EA684B50941D53D6844B0D6E09BC9680
8F558EB6672622401DA993E1E865C861
 



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 11 September 2013 - 05:48 PM

I found nothing on my computer called ComboFix,

I couldn't see the actual program in the report, but i did see a report:

[2013/02/01 12:45:05 | 000,028,948 | ---- | M] () -- C:\ComboFix.txt

That was why i asked.

How is the system running now?
Any problems?

BBPP6nz.png


#13 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 11 September 2013 - 07:08 PM

It's running like new and booting up faster than it has in months.  Thank you very much.

 

Would you explain generally what we've been doing all along?  Obviously, the first set of logs were diagnostics, right?  After that, I'm just curious.  I think this stuff is interesting.



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:07:41 AM

Posted 12 September 2013 - 12:05 PM

Hi Markaina
 

It's running like new and booting up faster than it has in months

That's good to hear. :)
 

Would you explain generally what we've been doing all along?

Basically the DDS log showed the 2 AV's running ( which will always cause system problems)
It also showed signs of Adware.
JRT and AdwCleaner were run to clean out the Adware and the Otl report was to look for any leftovers.
Combofix was used to look a little deeper just incase there was something that didn't show on the OTL report.

We need to just double check everything now.

I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


Note:
It's been known on some systems that the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png


Please post the report if anything is found.

Thanks

BBPP6nz.png


#15 Markaina

Markaina
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 12 September 2013 - 04:07 PM

Thanks for explaining this all to me.  It is teaching me things and I'm finding it all pretty interesting.

 

The log lists 4 things.  Here we go:

 

C:\Documents and Settings\User\Desktop\Old Firefox Data\extensions\50f790f7b7f54@50f790f7b7f8d.com\content\bg.js    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined
C:\Documents and Settings\User\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13\94b720d-2a886938    Java/Agent.FI trojan    cleaned by deleting - quarantined
C:\Documents and Settings\User\My Documents\Downloads\driverupdater.exe    a variant of Win32/Adware.SpeedingUpMyPC.C application    cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmnclomoccanncahpnmcdmhekffelkjd\1\50f790f7b7ea86.68842313.js.vir    Win32/Adware.MultiPlug.H application    cleaned by deleting - quarantined
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users