site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > Cant find the root problem

Search Topic:
 Uniqs:
863		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
page: 1 · 2
AuthorAll Replies


PLOSEE

join:2001-03-13
USA

reply to LoPhatPhuud

Re: Cant find the root problem

OK, thanks
Couldn't fix the BHO's with OTL. System kept hanging. Cleaned the referenced BHO's using HiJack this. Ran OTL and the BHO's are gone, see log below. VirusTotal reports below OTL log. Cleared MixDJ toolbar using Add/Remove.

==========================================

OTL logfile created on: 3/14/2013 7:42:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop\PetesSecurity
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 72.38% Memory free
5.33 Gb Paging File | 4.37 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 70.83 Gb Free Space | 47.55% Space Free | Partition Type: NTFS

Computer Name: D3Z04VH1 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/03/14 18:39:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\PetesSecurity\OTL.exe
PRC - [2013/02/14 09:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2013/02/14 09:11:30 | 018,814,304 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2013/01/31 10:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/12/01 15:24:36 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/12/01 15:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R205445\stacsv.exe
PRC - [2008/12/01 15:24:22 | 000,471,040 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2008/10/27 18:37:38 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/10/27 18:37:20 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/10/27 18:37:18 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/10/27 18:37:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/07/10 21:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/07/10 21:32:38 | 000,352,256 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
PRC - [2008/07/10 21:30:46 | 001,351,680 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/07/10 21:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/07/10 21:13:50 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/07/10 21:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 07:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2002/02/15 10:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/09/25 16:07:36 | 000,165,768 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012/09/25 16:07:34 | 000,190,344 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2011/05/06 13:07:00 | 004,317,184 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\Core.dll
MOD - [2011/05/06 13:02:52 | 000,737,280 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\qca2.dll
MOD - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/26 08:34:12 | 011,853,824 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtWebKit4.dll
MOD - [2010/10/26 00:37:32 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\phonon4.dll
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtSql4.dll
MOD - [2010/10/26 00:23:48 | 000,204,800 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtSql4.dll
MOD - [2010/10/26 00:23:34 | 008,351,744 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtGui4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtNetwork4.dll
MOD - [2010/10/26 00:08:04 | 000,983,040 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtNetwork4.dll
MOD - [2010/10/26 00:06:28 | 000,364,544 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtXml4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\QtCore4.dll
MOD - [2010/10/26 00:06:18 | 002,248,704 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/20 13:49:18 | 000,258,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,642,048 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoNet.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,511,488 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoXML.dll
MOD - [2010/05/17 09:47:20 | 000,291,840 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoUtil.dll
MOD - [2010/05/17 09:47:20 | 000,175,616 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoNetSSL.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 001,199,104 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\PocoFoundation.dll
MOD - [2010/05/17 09:47:18 | 000,110,592 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\PocoCrypto.dll
MOD - [2008/07/10 21:25:20 | 000,057,344 | ---- | M] () -- C:\Program Files\Common Files\Intel\WirelessCommon\CustomUIResource.dll
MOD - [2008/07/10 21:15:30 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2013/03/13 13:11:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/14 09:11:32 | 001,236,336 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2013/01/29 21:15:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/20 06:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2008/12/01 15:24:28 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R205445\stacsv.exe -- (STacSV)
SRV - [2008/07/10 21:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/07/10 21:32:38 | 000,352,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2008/07/10 21:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/07/10 21:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/15 07:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/04/19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2002/02/15 10:51:00 | 000,114,749 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\rp_skt32.sys -- (RPSKT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pppop.sys -- (pppop)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZid412.sys -- (HPZid412)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxfax.sys -- (HPFXFAX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\hpfxbulk.sys -- (HPFXBULK)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ccidflt.sys -- (CCIDFILTER)
DRV - [2013/02/26 07:41:22 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gfibto.sys -- (gfibto)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/02/09 10:09:06 | 000,057,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/12/01 15:24:32 | 001,392,819 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/12/01 15:24:20 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/11/24 17:32:52 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/11/24 17:32:50 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/11/24 17:32:50 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/11/24 17:32:50 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2008/11/24 17:32:48 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/11/24 17:32:46 | 000,534,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/10/27 18:37:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/08/06 16:36:22 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2008/07/22 15:27:04 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/07/22 15:27:02 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2008/07/01 15:12:18 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/30 16:47:30 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008/06/22 03:42:40 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/06/22 03:42:40 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/06/22 03:42:40 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/04/18 16:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/20 22:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/04/19 06:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2002/02/11 10:51:00 | 000,033,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2001/10/09 10:51:00 | 000,014,944 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2000/09/11 10:51:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AWLEGACY.SYS -- (awlegacy)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.eset.com/onlinescan
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 79 F0 78 18 16 CE 01 [binary data]
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···m=IE8SRC
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\..\SearchScopes\{884CFEB3-9AC6-4CA5-B387-46EA4262360D}: "URL" = »www.mysearchresults.com/search?&···chTerms}
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2215482205-997936350-1451151502-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V6 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287820&SearchSource=3&q={searchTerms}&CUI=UN65897921730695300"
FF - prefs.js..browser.search.selectedEngine: "SecureSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=url&toolbarid=adawaretb&u=94B4F32CC5E02FB775EC53512CADC2AD&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@FortinetCacheClean: C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@FortinetTunnelControl: C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/05/14 14:47:37 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/26 07:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/12 21:43:50 | 000,000,000 | ---D | M]

[2011/07/14 13:16:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/02/26 07:43:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wf4osko2.default\extensions
[2013/02/26 07:42:53 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wf4osko2.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/02/26 07:42:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wf4osko2.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/02/25 21:41:36 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wf4osko2.default\searchplugins\conduit.xml
[2013/02/26 07:36:57 | 000,001,982 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wf4osko2.default\searchplugins\search-here.xml
[2013/01/29 21:15:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/29 21:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2013/01/29 21:15:34 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/06/27 21:13:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/07/14 23:35:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/01/29 21:15:43 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2013/02/26 07:42:54 | 000,000,628 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adawaretb.xml
[2012/11/20 01:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/20 01:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
to forum · permalink · 2013-03-14 21:07:51 ·


PLOSEE

join:2001-03-13
USA

2nd half
====================================

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Funmoods ()
CHR - default_search_provider: search_url = »searchfunmoods.com/results.php?f···38355344
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: »securesearch.lavasoft.com/?sourc···2CADC2AD
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Messenger\2.1.4590.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: FortiClient SSL VPN CacheClean Service (Enabled) = C:\Program Files\Fortinet\SslvpnClient\npccplugin.dll
CHR - plugin: FortiClient SSL VPN Tunnel Service (Enabled) = C:\Program Files\Fortinet\SslvpnClient\nptcplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Supreme Savings = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\crossrider
CHR - Extension: Supreme Savings = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\

O1 HOSTS File: ([2013/03/02 09:37:14 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MixiDJ V6 Toolbar) - {833a69c9-38a7-4536-99a1-48709f645f17} - C:\Program Files\MixiDJ_V6\prxtbMixi.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\..\Toolbar\WebBrowser: (MixiDJ V6 Toolbar) - {833A69C9-38A7-4536-99A1-48709F645F17} - C:\Program Files\MixiDJ_V6\prxtbMixi.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-2215482205-997936350-1451151502-500..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2215482205-997936350-1451151502-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2215482205-997936350-1451151502-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKU\S-1-5-21-2215482205-997936350-1451151502-500\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} »www.update.microsoft.com/microso···56308966 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} »download.eset.com/special/eos/On···nner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = talbant.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24A77AA5-54EE-4FE7-A7E6-245D39EBBF1D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2CBEB6-BD25-4CD5-8BB7-B72ECE3564E9}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ckpNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/03/14 18:43:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/13 11:03:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/03/12 21:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/03/12 09:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/03/12 09:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/12 09:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/03/11 21:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PetesSecurity
[2013/03/11 21:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\.cisco monitor manager
[2013/03/09 09:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2013/03/09 09:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2013/03/09 09:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2013/03/09 09:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/03/02 12:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/03/02 08:42:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/02 08:32:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/28 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/02/27 21:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\HiJackThis
[2013/02/27 21:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/02/26 07:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/02/26 07:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/26 07:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LavasoftStatistics
[2013/02/26 07:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2013/02/26 07:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\adawarebp
[2013/02/26 07:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2013/02/26 07:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\adawaretb
[2013/02/26 07:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/02/26 07:42:57 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/02/26 07:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SecureSearch
[2013/02/26 07:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2013/02/26 07:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\adawaretb
[2013/02/26 07:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ad-Aware Antivirus
[2013/02/26 07:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2013/02/26 07:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/02/26 07:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2013/02/26 07:41:23 | 000,044,424 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/02/26 07:41:23 | 000,013,560 | ---- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/02/26 07:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ad-Aware Antivirus
[2013/02/25 21:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2013/02/25 21:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/02/25 21:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2013/02/25 21:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/02/25 21:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MixiDJ_V6
[2013/02/25 21:41:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2013/02/25 21:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\MixiDJ_V6
[2013/02/25 21:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
[2013/02/25 21:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Updater19962
[2013/02/25 21:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Supreme Savings
[2013/02/25 21:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/02/25 21:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DefaultTab
[2013/02/25 14:06:26 | 000,927,912 | ---- | C] (W3i, LLC) -- C:\OfferBrokerage_14003.exe
[2013/02/25 14:06:26 | 000,153,440 | ---- | C] (Amonetize) -- C:\setup__120.exe
[2013/02/24 22:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/24 22:58:53 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/24 22:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/24 21:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HP
[2013/02/24 21:36:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2013/02/24 20:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/02/24 20:16:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Unused Desktop Shortcuts
[2013/02/24 11:05:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/02/21 16:10:34 | 000,000,000 | ---D | C] -- C:\InstallShield
[2013/02/20 20:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/02/20 19:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/15 22:00:07 | 001,512,448 | ---- | C] (Irfan Skiljan) -- C:\Program Files\iview430_setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/03/14 19:46:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc523a4a9c9aff.job
[2013/03/14 19:45:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{21D9544E-1C9F-4D56-A6BB-69B4FD53DD35}.job
[2013/03/14 19:40:06 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/03/14 19:39:55 | 000,402,491 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/03/14 19:39:55 | 000,190,150 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/03/14 19:39:29 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc523a4a90b1f9.job
[2013/03/14 19:39:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/14 19:39:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/14 19:39:06 | 3745,406,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/14 19:22:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-183765059-261963331-840782136-5411UA.job
[2013/03/14 18:11:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/14 18:09:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/14 11:22:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-183765059-261963331-840782136-5411Core.job
[2013/03/13 20:34:47 | 000,403,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/13 19:30:20 | 000,271,360 | ---- | M] () -- C:\archive.pst
[2013/03/13 13:11:10 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/13 13:11:10 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/13 11:02:15 | 000,003,676 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20130313_110209.reg
[2013/03/13 10:03:08 | 000,529,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/13 10:03:08 | 000,098,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/12 21:42:58 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/03/12 09:20:15 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/09 11:20:50 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/09 11:13:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/02 09:37:14 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/02 08:42:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/02/28 23:09:36 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20130228_220926.reg
[2013/02/28 21:33:07 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/27 23:09:18 | 000,376,678 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20130227_220858.reg
[2013/02/27 00:06:30 | 000,445,671 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20130228-220650.backup
[2013/02/26 07:46:29 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/02/26 07:41:22 | 000,044,424 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\sbbd.exe
[2013/02/26 07:41:22 | 000,013,560 | ---- | M] (GFI Software) -- C:\WINDOWS\System32\drivers\gfibto.sys
[2013/02/25 22:32:07 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/02/25 21:49:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/02/25 21:41:50 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/25 14:06:26 | 000,927,912 | ---- | M] (W3i, LLC) -- C:\OfferBrokerage_14003.exe
[2013/02/25 14:06:26 | 000,153,440 | ---- | M] (Amonetize) -- C:\setup__120.exe
[2013/02/21 17:06:00 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Excel 2010.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/03/13 11:02:13 | 000,003,676 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20130313_110209.reg
[2013/03/12 21:42:58 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/12 21:42:58 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2013/03/12 09:20:15 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/03/11 21:23:15 | 3745,406,976 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/09 11:20:50 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/03/02 08:42:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/02 08:42:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/02/28 23:09:29 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20130228_220926.reg
[2013/02/27 23:09:09 | 000,376,678 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20130227_220858.reg
[2013/02/26 07:46:29 | 000,000,960 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/02/26 07:42:40 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/02/25 22:32:07 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Administrator\ntuser.pol
[2013/02/25 21:49:57 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013/02/25 21:41:22 | 000,000,009 | ---- | C] () -- C:\END
[2013/01/13 01:41:34 | 001,148,952 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/09/27 10:59:25 | 002,447,334 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\[j0013]-[p28].bmp
[2012/09/04 08:43:42 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2012/02/15 23:31:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/22 16:09:02 | 000,000,064 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2011/09/22 16:09:01 | 000,000,518 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2011/09/22 15:56:33 | 000,001,241 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/07/28 08:00:22 | 000,207,014 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/07/28 08:00:21 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2011/07/20 21:31:10 | 000,060,416 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/26 15:31:51 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2009/01/28 04:05:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2004/08/11 18:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/02/27 20:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ad-Aware Antivirus
[2013/02/26 07:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\adawaretb
[2012/07/28 11:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Astrology_4a
[2011/09/15 17:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Blackberry Desktop
[2013/03/02 09:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DefaultTab
[2013/02/24 12:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/10/14 21:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2011/07/14 15:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileOpen
[2011/10/28 23:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Flip Video
[2012/12/02 21:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Funmoods
[2012/07/28 10:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ID Vault
[2012/11/22 15:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macroplant LLC
[2011/09/15 08:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Research In Motion
[2013/02/26 07:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SecureSearch
[2011/07/14 13:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smart PDF Converter
[2011/07/20 18:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sync App Settings
[2011/08/15 21:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Visan
[2009/01/28 04:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2011/09/07 12:07:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2011/09/14 10:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2013/03/12 09:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/02/26 07:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Antivirus
[2013/02/26 07:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2013/02/26 07:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\adawaretb
[2009/06/08 11:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2013/02/26 07:43:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blekko toolbars
[2012/03/16 16:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/02/26 07:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2012/02/04 12:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2009/07/17 16:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/12/27 16:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2012/07/28 07:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/02/20 13:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2013/02/26 07:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Search Protection
[2010/04/14 11:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Smart Soft
[2009/09/24 11:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2012/02/04 12:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UAB
[2009/03/14 13:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/08/15 21:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2009/02/09 09:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2012/07/28 07:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2010/05/04 09:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/09 08:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 10:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/07 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/01 12:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cehelpdesk\Application Data\VZSMBTB
[2009/01/28 04:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\cehelpdesk\Application Data\Wave Systems Corp
[2009/01/28 04:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2011/10/05 08:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Flip Video
[2012/07/28 07:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\ID Vault
[2009/10/12 09:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Amazon
[2009/07/27 11:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/23 20:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Facebook
[2009/07/17 16:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\FileOpen
[2009/05/15 08:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\ICAClient
[2010/04/14 12:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\PrimoPDF
[2009/09/30 15:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Research In Motion
[2010/04/14 11:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Smart PDF Converter
[2011/04/11 13:46:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Smilebox
[2009/09/24 11:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Sync App Settings
[2009/04/01 16:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\TeamViewer
[2010/08/02 23:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Viewpoint
[2009/04/01 13:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\VZSMBTB
[2009/01/28 04:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\loseen\Application Data\Wave Systems Corp
[2009/03/09 17:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Losee\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/03/31 17:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Losee\Application Data\TeamViewer
[2009/03/19 15:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Losee\Application Data\vzsmbtb
[2009/01/28 04:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Losee\Application Data\Wave Systems Corp
[2011/10/04 13:27:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Flip Video

[color=#E56717]========== Purity Check ==========[/color]

=====================

Virus Total Report

Virsutotal Rpt for Offerebroker file
»www.virustotal.com/en/file/00419···nalysis/

Virustotal Rpt for Setup__120.exe
»www.virustotal.com/en/file/ec4ab···nalysis/
to forum · permalink · 2013-03-14 21:08:45 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

reply to PLOSEE
OK, we're done. The last OTL was clear. Only need to remove OTL!

Delete OTL:

  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2013-03-15 11:10:49 ·


PLOSEE

join:2001-03-13
USA

reply to PLOSEE
Most Grateful. Hopefully we won't need to cross paths again. Thanks.

to forum · permalink · 2013-03-17 20:25:43 ·
Forums > Broadband Tech > Security > Security Cleanup
page: 1 · 2

Tuesday, 09-Apr 00:29:19 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics