Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups/Advertisements and More


  • This topic is locked This topic is locked
64 replies to this topic

#1 vmonti

vmonti

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 20 December 2013 - 03:36 PM

Hello,

 

I've recently been experiencing multiple pop-ups when I browse the internet as well as new tabs. I also cannot check my email without signing in multiple times despite having the browser save my password.

 

So far, I have run AdwCleaner and Malwarebytes Antimalware - both of which have removed threats, but I'm still experiencing issues.

 

Here is the required DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Vincent Sr at 15:28:20 on 2013-12-20
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2294.1308 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\TeamViewer\Version9\TeamViewer.exe
c:\docume~1\vincen~1\locals~1\temp\teamviewer\version9\TeamViewer_Desktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh12152013
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://search.findwide.com/?guid={D52F1735-8F96-4319-B7FF-3A898D09EFCF}&serpv=22
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\microsoft\bingbar\7.2.241.0\BingExt.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [HP Deskjet 3050A J611 series (NET)] "c:\program files\hp\hp deskjet 3050a j611 series\bin\ScanToPCActivationApp.exe" -deviceID "CN1A4482YZ05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\50da12af-6666-4cd2-afe7-8c8fdf27df05.exe /check
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [Updater] c:\documents and settings\all users\application data\updater\Updater.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270916475984
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://rmlsfl.mlxchange.com/5.3.06.17085/Control/MLSClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://rmlsfl.mlxchange.com/5.5.12.25747/Control/IRCSharc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{ECEBA761-569C-47AD-B2E5-F42ED7D79187} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=  
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\vincent sr\application data\mozilla\firefox\profiles\jezjfwwh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - plugin: c:\documents and settings\vincent sr\application data\mozilla\firefox\profiles\jezjfwwh.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\vincent sr\local settings\application data\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-12-08 17:29; TidyNetwork@TidyNetwork; c:\documents and settings\vincent sr\application data\mozilla\firefox\profiles\jezjfwwh.default\extensions\TidyNetwork@TidyNetwork
FF - ExtSQL: 2013-12-08 17:29; emily@wilford.biz; c:\documents and settings\vincent sr\application data\mozilla\firefox\profiles\jezjfwwh.default\extensions\emily@wilford.biz
FF - ExtSQL: 2013-12-09 21:15; linksicle@linksicle.com; c:\program files\mozilla firefox\extensions\linksicle@linksicle.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-9-29 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-9-29 178304]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-8-3 51400]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-8-3 40776]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-29 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-9-29 403440]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-12-15 37664]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-8-3 14920]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-8-3 185672]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-29 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-29 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-29 50344]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-7-29 12672]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-8-3 68168]
R2 Guard Agent;Guard Agent Service;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2013-8-3 23624]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
S1 lsnfd;lsnfd;c:\windows\system32\drivers\lsnfd.sys --> c:\windows\system32\drivers\lsnfd.sys [?]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
S2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\reimage\reimage repair\reiguard.exe --> c:\program files\reimage\reimage repair\ReiGuard.exe [?]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\17.2.0\ToolbarUpdater.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\vincen~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\vincen~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 MRVW225;Marvell Libertas 802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [2005-12-21 299904]
.
=============== Created Last 30 ================
.
2013-12-20 19:31:02    --------    d-----w-    C:\AdwCleaner
2013-12-20 19:13:00    --------    d-----w-    c:\program files\VS Revo Group
2013-12-18 14:56:35    --------    d-----w-    c:\windows\system32\cache
2013-12-16 01:10:42    --------    d-----w-    c:\documents and settings\vincent sr\application data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
2013-12-16 00:43:22    --------    d-----w-    c:\documents and settings\all users\application data\CDB
2013-12-16 00:41:35    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-12-16 00:40:31    --------    d--h--w-    c:\documents and settings\all users\application data\Common Files
2013-12-15 22:25:07    --------    d-----w-    c:\program files\Uninstaller
2013-12-15 22:22:09    --------    d-----w-    C:\temp
2013-12-08 22:32:08    --------    d-----w-    c:\documents and settings\all users\application data\Updater
2013-12-08 22:32:08    --------    d-----w-    c:\documents and settings\all users\application data\RHelpers
2013-12-08 22:29:41    --------    d-----w-    c:\documents and settings\vincent sr\application data\MyWordTool
2013-12-04 23:16:25    580712    ------w-    c:\windows\system32\HPDiscoPMa011.dll
2013-12-04 23:16:20    495504    ----a-w-    c:\windows\system32\HPWia1_DJ3050A_J611.dll
2013-12-04 23:16:20    1979280    ----a-w-    c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2013-12-04 23:16:16    529808    ----a-w-    c:\windows\system32\hpinkstsa011.dll
2013-12-04 23:16:16    268688    ----a-w-    c:\windows\system32\hpinkstsa011LM.dll
2013-12-04 23:16:16    2216336    ----a-w-    c:\windows\system32\hpinkinsa011.exe
2013-12-04 23:16:16    220560    ----a-w-    c:\windows\system32\hpinkcoia011.dll
2013-12-04 02:54:57    --------    d-----w-    c:\documents and settings\vincent sr\application data\AVAST Software
2013-11-29 16:42:19    --------    d-----w-    c:\program files\Microsoft
2013-11-29 16:42:11    --------    d-----w-    c:\program files\HP Photo Creations
2013-11-29 16:42:11    --------    d-----w-    c:\documents and settings\all users\application data\Visan
2013-11-29 16:42:11    --------    d-----w-    c:\documents and settings\all users\application data\HP Photo Creations
2013-11-29 16:41:59    --------    d-----w-    c:\documents and settings\vincent sr\application data\HpUpdate
2013-11-29 16:41:23    --------    d-----w-    c:\program files\HP
2013-11-26 20:03:11    --------    d-----w-    c:\program files\common files\KnifeEdge
2013-11-26 19:46:15    --------    d-----w-    c:\program files\RealFlightG3
.
==================== Find3M  ====================
.
2013-12-12 23:27:38    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-12-12 23:27:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-04 02:52:11    774392    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-12-04 02:52:11    70384    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-12-04 02:52:11    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-12-04 02:52:11    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-04 02:52:11    178304    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-13 02:59:42    150528    ----a-w-    c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51    591360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31    7168    ----a-w-    c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17    1879040    ----a-w-    c:\windows\system32\win32k.sys
2013-10-29 07:57:34    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-10-29 07:57:33    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-10-29 07:57:33    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02    385024    ----a-w-    c:\windows\system32\html.iec
2013-10-23 23:45:49    172032    ----a-w-    c:\windows\system32\scrrun.dll
2013-10-12 15:56:19    278528    ----a-w-    c:\windows\system32\oakley.dll
2013-10-09 13:12:48    287744    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-08 11:50:41    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-08 11:29:36    145408    ----a-w-    c:\windows\system32\javacpl.cpl
2013-10-07 10:59:21    603136    ----a-w-    c:\windows\system32\crypt32.dll
.
============= FINISH: 15:34:58.76 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 20 December 2013 - 03:41 PM

Hello vmonti,

 

My name is Cody and I'll be helping you clean up your computer.

 

What's below is very important information. Please take the time to read it before we get started.

 

I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

 

I am in Orlando, Florida at GMT-5 Hours (Eastern Standard Time). As previously stated, I normally respond within 24 hours, but I am a university student currently working part time. If I do not respond within 48 hours, feel free to send me a private message.

 

Some points for you to keep in mind:

 

-Do NOT run any tools unless instructed to do so.

-We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

-Do not attach logs or use code boxes, just copy and paste the text.

-I cannot see your computer.

-Periodically update me on the condition of your computer, and provide detail in every post.

-Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.

 

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

 

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 22 December 2013 - 02:11 AM

Hello vmonti,
 
We need to create an OTL Report

 

  • Please download OTL from one of the following mirrors:

     

    This is THE Mirror
     

  • Save it to your desktop.

     

  • Double click on the otlicon.png icon on your desktop.

     

  • Click the "Scan All Users" checkbox.

     

  • Push the runscan.png button.

     

  • Two reports will open, copy and paste them in a reply here:

     

    • OTL.txt <-- Will be opened

       

    • Extra.txt <-- Will be minimized

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#4 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 23 December 2013 - 07:26 PM

OTL Extras logfile created on: 12/23/2013 12:06:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Vincent Sr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.24 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 60.81% Memory free
2.45 Gb Paging File | 1.70 Gb Available in Paging File | 69.18% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.86 Gb Free Space | 34.52% Space Free | Partition Type: NTFS
 
Computer Name: OFFICECOMPUTER | User Name: Vincent Sr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_USERS\S-1-5-21-515967899-1965331169-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\rundll32.exe" = C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TbService.exe:*:Enabled:TbService.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe" = C:\Program Files\EaseUS\Todo Backup\bin\TBConsoleUI.exe:*:Enabled:Local TBConsoleUI.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Deskjet 3050A J611 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Deskjet 3050A J611 series) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Deskjet 3050A J611 series) -- (Hewlett-Packard Co.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04B83666-3A62-452B-85D3-70F8117F2329}_is1" = CamStudio version 2.7
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2BDCE73D-C1CF-45BF-B6EB-B010365314A3}" = HP Deskjet 3050A J611 series Basic Device Software
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6CC74460-AC9B-4E7E-91FF-833C751C092F}" = HP Deskjet 3050A J611 series Product Improvement Study
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D322A9E3-758B-4D60-A7C4-65C88FD378D0}" = Bing Bar
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E1B40232-F73B-4BF9-A819-E352CCC1EDEF}" = Citrix Online Launcher
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"EaseUS Todo Backup Free 6.0_is1" = EaseUS Todo Backup Free 6.0
"HP Photo Creations" = HP Photo Creations
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 4.2.9
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealFlightG3Pro" = RealFlight G3 R/C Simulator
"Revo Uninstaller" = Revo Uninstaller 1.95
"sl-adk" = SelectionLinks
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-515967899-1965331169-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.7.0.1172
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 12/20/2013 9:55:00 PM | Computer Name = OFFICECOMPUTER | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error:   %%2147942403
 
Error - 12/20/2013 10:55:00 PM | Computer Name = OFFICECOMPUTER | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error:   %%2147942403
 
Error - 12/21/2013 11:02:38 AM | Computer Name = OFFICECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Reimage Real Time Protection service failed to start due to the
 following error:   %%2
 
Error - 12/21/2013 11:02:38 AM | Computer Name = OFFICECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.2.0 service failed to start due to the following
 error:   %%2
 
Error - 12/21/2013 11:02:45 AM | Computer Name = OFFICECOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   lsnfd
 
Error - 12/21/2013 11:55:00 AM | Computer Name = OFFICECOMPUTER | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error:   %%2147942403
 
Error - 12/21/2013 12:55:00 PM | Computer Name = OFFICECOMPUTER | Source = Schedule | ID = 7901
Description = The At5.job command failed to start due to the following error:   %%2147942403
 
Error - 12/23/2013 12:58:33 PM | Computer Name = OFFICECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The Reimage Real Time Protection service failed to start due to the
 following error:   %%2
 
Error - 12/23/2013 12:58:33 PM | Computer Name = OFFICECOMPUTER | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater17.2.0 service failed to start due to the following
 error:   %%2
 
Error - 12/23/2013 12:58:39 PM | Computer Name = OFFICECOMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   lsnfd
 
 
< End of report >
 



#5 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 24 December 2013 - 03:01 PM

OTL logfile created on: 12/24/2013 2:51:06 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Vincent Sr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.24 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 52.05% Memory free
2.45 Gb Paging File | 1.46 Gb Available in Paging File | 59.62% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 12.01 Gb Free Space | 32.24% Space Free | Partition Type: NTFS
 
Computer Name: OFFICECOMPUTER | User Name: Vincent Sr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/23 12:06:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent Sr\Desktop\OTL.exe
PRC - [2013/12/05 14:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/12/03 21:52:08 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/03 21:52:08 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/05/10 11:48:32 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2013/05/10 11:36:24 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/24 12:20:38 | 002,154,496 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13122401\algo.dll
MOD - [2013/12/12 18:27:35 | 016,242,056 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/05 14:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/12/03 21:52:10 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/06/19 18:14:24 | 000,243,784 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\uexper.dll
MOD - [2013/06/19 15:00:50 | 000,094,792 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
MOD - [2013/05/22 15:25:32 | 000,030,280 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
MOD - [2013/05/20 16:44:10 | 000,135,240 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
MOD - [2013/05/20 16:44:08 | 000,022,600 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
MOD - [2013/05/10 11:09:00 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2013/05/10 11:08:58 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2013/05/10 11:08:58 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
MOD - [2013/05/10 11:08:56 | 000,115,784 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll
MOD - [2013/05/10 11:08:52 | 000,578,632 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2013/05/10 11:08:52 | 000,468,040 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
MOD - [2013/05/10 11:08:52 | 000,293,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2013/05/10 11:08:50 | 000,068,680 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2013/05/10 11:08:48 | 000,098,888 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2013/05/10 11:08:48 | 000,029,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
MOD - [2013/05/10 11:08:46 | 000,135,752 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
MOD - [2013/05/10 11:08:46 | 000,037,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
MOD - [2008/11/25 16:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/10/05 02:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/12 18:27:38 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/03 21:52:08 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/23 02:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 02:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/05/10 11:48:32 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2013/05/10 11:36:24 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\lsnfd.sys -- (lsnfd)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/12/15 19:40:52 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/12/03 21:52:11 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/03 21:52:11 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/03 21:52:11 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/03 21:52:11 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/03 21:52:11 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/03 21:52:11 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/12/03 21:52:11 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/12/03 21:52:11 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/05/10 11:22:40 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2013/05/10 11:19:32 | 000,040,776 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2013/05/10 11:14:14 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2013/05/10 11:11:04 | 000,051,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2005/12/21 17:44:28 | 000,299,904 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW225.sys -- (MRVW225)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={D52F1735-8F96-4319-B7FF-3A898D09EFCF}&serpv=22
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=mtmh12152013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {1EE2FE55-941D-427E-AFF7-8FEA9C0F5CC6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1EE2FE55-941D-427E-AFF7-8FEA9C0F5CC6}: "URL" = http://search.findwide.com/serp?guid={D52F1735-8F96-4319-B7FF-3A898D09EFCF}&action=default_search&serpv=22&k={searchTerms}
IE - HKCU\..\SearchScopes\{2D6AACF5-780C-4C89-9ACE-E30E93321451}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=888596"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.comcast.net/"
FF - prefs.js..extensions.enabledAddons: ietab%40ip.cn:2.0.0.0
FF - prefs.js..extensions.enabledAddons: %7B8476A68F-B759-4E09-A7C2-E9B72775983F%7D:1.5
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {7c8789ee-2a58-4f91-d761-1be1e5ed6bf5}:1.0
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.98.20110322
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/03 21:52:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com: C:\Program Files\Mozilla Firefox\extensions\linksicle@linksicle.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/11/16 22:47:03 | 000,000,000 | ---D | M]
 
[2010/04/10 10:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Extensions
[2013/12/20 14:51:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions
[2013/07/16 19:28:19 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\{8476A68F-B759-4E09-A7C2-E9B72775983F}
[2013/12/08 17:29:45 | 000,000,000 | ---D | M] (MyWordTool) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\emily@wilford.biz
[2012/05/04 12:53:30 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\ietab@ip.cn
[2013/12/15 17:24:21 | 000,000,000 | ---D | M] (ScorpionSaver) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\ScorpionSaver@jetpack
[2013/10/09 19:04:09 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/30 10:41:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/12/15 18:27:05 | 000,001,718 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\searchplugins\findwide.xml
[2013/12/09 21:16:10 | 000,007,716 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\searchplugins\yahoo-1.xml
[2013/09/05 20:12:20 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\searchplugins\yahoo.xml
[2013/11/16 22:46:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/16 22:47:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/15 18:26:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/15 18:26:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/03 21:52:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D6EFAD3C-04ED-437F-A542-FFFF7E8112C1} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\50da12af-6666-4cd2-afe7-8c8fdf27df05.exe (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Updater] C:\Documents and Settings\All Users\Application Data\Updater\Updater.exe File not found
O4 - HKCU..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270916475984 (WUWebControl Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://rmlsfl.mlxchange.com/5.3.06.17085/Control/MLSClientUtils.cab (MLS Client Utils)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://rmlsfl.mlxchange.com/5.5.12.25747/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ECEBA761-569C-47AD-B2E5-F42ED7D79187}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/10 09:48:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/23 12:06:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincent Sr\Desktop\OTL.exe
[2013/12/20 15:26:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Vincent Sr\Desktop\dds.com
[2013/12/20 14:31:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/20 14:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent Sr\Start Menu\Programs\Revo Uninstaller
[2013/12/20 14:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/12/18 09:56:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2013/12/15 20:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent Sr\Application Data\{46577E3C-95B4-4f4f-B4A7-0C29D12FB15D}
[2013/12/15 19:43:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB
[2013/12/15 19:41:35 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/12/15 19:40:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/12/15 17:25:07 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/15 17:22:09 | 000,000,000 | ---D | C] -- C:\temp
[2013/12/08 17:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/08 17:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Updater
[2013/12/08 17:32:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RHelpers
[2013/12/08 17:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent Sr\Application Data\MyWordTool
[2013/12/04 18:45:20 | 004,559,384 | ---- | C] (TeamViewer) -- C:\Documents and Settings\Vincent Sr\Desktop\TeamViewerQS_en(1).exe
[2013/12/04 18:16:25 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPMa011.dll
[2013/12/04 18:16:20 | 001,979,280 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_DJ3050A_J611.dll
[2013/12/04 18:16:20 | 000,495,504 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_DJ3050A_J611.dll
[2013/12/04 18:16:16 | 002,216,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkinsa011.exe
[2013/12/04 18:16:16 | 000,529,808 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsa011.dll
[2013/12/04 18:16:16 | 000,268,688 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkstsa011LM.dll
[2013/12/04 18:16:16 | 000,220,560 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoia011.dll
[2013/12/03 21:54:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent Sr\Application Data\AVAST Software
[2013/12/03 21:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2013/11/29 11:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/11/29 11:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/11/29 11:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2013/11/29 11:42:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2013/11/29 11:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent Sr\Application Data\HpUpdate
[2013/11/29 11:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2013/11/29 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/11/26 15:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincent Sr\Start Menu\Programs\RealFlight G3
[2013/11/26 15:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\KnifeEdge
[2013/11/26 14:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\RealFlightG3
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/24 14:55:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2013/12/24 14:30:01 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/12/24 14:27:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/24 14:24:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/23 20:40:17 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/12/23 12:06:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincent Sr\Desktop\OTL.exe
[2013/12/23 11:58:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/21 11:41:00 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/12/21 10:10:17 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/12/20 15:27:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Vincent Sr\Desktop\dds.com
[2013/12/20 14:54:43 | 001,226,750 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Desktop\AdwCleaner.exe
[2013/12/20 14:00:17 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/12/20 13:25:43 | 000,092,705 | ---- | M] () -- C:\WINDOWS\System32\ScanResults.xml
[2013/12/20 13:21:43 | 000,001,056 | ---- | M] () -- C:\WINDOWS\System32\SettingsFile
[2013/12/15 21:35:45 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2013/12/15 19:40:52 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/12/15 18:26:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/15 18:26:33 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/14 12:57:43 | 000,212,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/12 20:20:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/12 18:27:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/12 18:27:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/04 18:45:24 | 004,559,384 | ---- | M] (TeamViewer) -- C:\Documents and Settings\Vincent Sr\Desktop\TeamViewerQS_en(1).exe
[2013/12/04 18:16:24 | 000,002,029 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 3050A J611 series.lnk
[2013/12/03 21:52:31 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/12/03 21:52:11 | 000,774,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/12/03 21:52:11 | 000,403,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/12/03 21:52:11 | 000,269,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/12/03 21:52:11 | 000,178,304 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/12/03 21:52:11 | 000,070,384 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/12/03 21:52:11 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/12/03 21:52:11 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/12/03 21:52:11 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/12/03 21:52:11 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/12/03 21:52:11 | 000,035,656 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/12/03 21:49:56 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/11/29 11:55:40 | 000,225,817 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\My Documents\Scan0003.jpg
[2013/11/29 10:29:54 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Desktop\Shortcut to Vins_laptop new.lnk
[2013/11/27 21:38:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/11/26 15:26:27 | 000,435,742 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/26 15:26:27 | 000,068,638 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/26 15:16:47 | 000,000,235 | ---- | M] () -- C:\WINDOWS\RealFlight.INI
[2013/11/26 15:11:48 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Vincent Sr\Desktop\RealFlight G3 Launcher.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/20 14:54:51 | 001,226,750 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\Desktop\AdwCleaner.exe
[2013/12/20 13:55:02 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/12/20 13:25:43 | 000,092,705 | ---- | C] () -- C:\WINDOWS\System32\ScanResults.xml
[2013/12/20 13:21:42 | 000,001,056 | ---- | C] () -- C:\WINDOWS\System32\SettingsFile
[2013/12/15 20:55:58 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2013/12/15 19:39:28 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/12/04 18:16:24 | 000,002,029 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 3050A J611 series.lnk
[2013/11/29 11:55:39 | 000,225,817 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\My Documents\Scan0003.jpg
[2013/11/29 11:41:55 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2013/11/29 11:41:55 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2013/11/29 11:41:55 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2013/11/29 11:41:55 | 000,000,466 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/11/29 10:29:54 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\Desktop\Shortcut to Vins_laptop new.lnk
[2013/11/26 15:16:47 | 000,000,235 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2013/11/26 15:11:48 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\Desktop\RealFlight G3 Launcher.lnk
[2013/09/29 09:27:38 | 000,178,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/29 09:27:37 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/29 22:54:26 | 003,915,776 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2013/08/29 22:53:34 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/08/29 22:51:58 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2013/08/29 22:51:54 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2013/08/29 22:51:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2013/08/29 22:51:48 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2013/08/29 22:51:48 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2013/08/29 22:51:48 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2013/08/29 22:51:40 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2013/08/29 22:51:40 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2013/08/03 12:14:29 | 000,040,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2013/08/03 11:54:27 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\FASTWiz.html
[2013/07/26 08:24:22 | 006,275,760 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-55.dll
[2013/07/26 08:24:22 | 001,239,216 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-55.dll
[2013/07/26 08:24:22 | 000,394,416 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2013/07/26 08:24:22 | 000,288,944 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-52.dll
[2013/07/26 08:24:22 | 000,235,184 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-3.dll
[2013/07/26 08:24:22 | 000,190,640 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2013/07/26 08:24:22 | 000,150,192 | ---- | C] () -- C:\WINDOWS\System32\avresample-lav-1.dll
[2013/05/20 10:43:32 | 000,280,624 | ---- | C] () -- C:\WINDOWS\System32\avutil-51.dll
[2013/05/20 10:43:30 | 007,856,976 | ---- | C] () -- C:\WINDOWS\System32\avcodec-53.dll
[2013/04/14 05:00:06 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2013/04/14 05:00:02 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2013/04/14 04:59:54 | 000,143,872 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2013/04/14 04:59:48 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2013/04/14 04:59:36 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2013/04/14 04:59:32 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2013/04/14 04:59:28 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2013/04/14 04:59:12 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2013/04/14 04:59:10 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2013/04/14 04:59:06 | 000,357,376 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2013/04/14 04:59:06 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2013/04/14 04:58:12 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2013/04/14 04:58:12 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2013/04/05 15:27:16 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2013/04/05 15:27:12 | 000,102,912 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2013/04/05 15:27:10 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2013/01/28 20:33:23 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini
[2012/05/03 11:03:26 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/08 18:39:26 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/04/02 13:48:11 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Vincent Sr\g2mdlhlpx.exe
[2012/03/29 09:21:18 | 006,582,226 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/03/29 09:21:18 | 001,152,365 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/03/29 09:21:18 | 000,207,872 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/03/29 09:21:18 | 000,144,523 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2012/02/15 14:15:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
 
========== ZeroAccess Check ==========
 
[2012/09/01 10:14:17 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >
 



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 28 December 2013 - 03:58 PM

Hello vmonti,

 

We need to run an OTL Fix

  • Please reopen otlicon.png on your desktop.

     

  • Copy and Paste the following code into the customscanfix.png textbox.
    
    
    
    
    :OTL 
    IE - HKCU\..\SearchScopes\{1EE2FE55-941D-427E-AFF7-8FEA9C0F5CC6}: "URL" = http://search.findwide.com/serp?guid={D52F1735-8F96-4319-B7FF-3A898D09EFCF}&action=default_search&serpv=22&k={searchTerms} 
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.findwide.com/?guid={D52F1735-8F96-4319-B7FF-3A898D09EFCF}&serpv=22 
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com: C:\Program Files\Mozilla Firefox\extensions\linksicle@linksicle.com   
    
    :Files 
    C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\emily@wilford.biz 
    C:\WINDOWS\tasks\At*.job 
  • Push runfix.png

     

  • OTL may ask to reboot the machine. Please do so if asked.

     

  • Click the OK button.

     

  • A report will open. Copy and Paste that report in your next reply.

Edited by TheShooter93, 28 December 2013 - 03:58 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 29 December 2013 - 08:36 PM

Hi Cody,

 

Even after this fix, I'm still getting pop-ups (advertisements) and redirects.

 

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1EE2FE55-941D-427E-AFF7-8FEA9C0F5CC6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EE2FE55-941D-427E-AFF7-8FEA9C0F5CC6}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linksicle@linksicle.com deleted successfully.
File C:\Program Files\Mozilla Firefox\extensions\linksicle@linksicle.com not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Vincent Sr\Application Data\Mozilla\Firefox\Profiles\jezjfwwh.default\extensions\emily@wilford.biz not found.
File\Folder C:\WINDOWS\tasks\At*.job not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 12282013_181818
 



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 01 January 2014 - 03:28 PM

Hello vmonti,

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 03 January 2014 - 03:02 PM

I tried to download the FRST.exe, First with 32bit and then the 64bit. Two times the 32bit did not download and needed to shut down. The 64bit would not download via an error message which stated it can not load with win32. I don't  know what else to do to get the FRST.exe to download.



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 04 January 2014 - 09:33 PM

Please try the following link for the 32-bit version of FRST: ->HERE<-

 

If this does not work, please provide a fresh OTL log by following the instructions given in post #3


Edited by TheShooter93, 05 January 2014 - 10:10 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 05 January 2014 - 07:24 PM

I tried to download from your post and a FRST failure error message came up. I tried a second time and got the same failure. For some reason I can't download that software.



#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 05 January 2014 - 07:56 PM

Hi vmonti,

 

That's okay, we will pursue another avenue. :)

 

Please re-run OTL as you did in post #3 and include the resulting log in your next post.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 07 January 2014 - 11:39 AM

Cody I ran OTL.Tex. I selected all and copied the report, but I can't past to this post. What am I doing wrong?



#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:09:05 PM

Posted 07 January 2014 - 12:31 PM

Hello vmonti,

 

Are you getting any error messages after trying to paste the contents of the log here? What part during the copy and paste process are you getting stuck at?

 

If you still cannot get the contents pasted here, you can try attaching the file to your next post:

 

Click More Reply Options (found next to the 'Post' button).

 

Click the Choose File button.

 

Select the OTL log.

 

Click the Attach This File button.

 

Click Post.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 vmonti

vmonti
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 07 January 2014 - 12:44 PM

Cody I attached the OTL.Tex dated 1-7-14 to this post, I hope it comes through.Attached File  1-7-14 OTL.Txt   67.71KB   4 downloads






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users