login · register	food site

	All Forums		Hot Topics		Gallery

Forums →

Broadband Tech → Security → Security Cleanup > Tower infected

uniqs
613

« (topic move) PC doctor locks up with Sept 2013 security update • [Malware] Help Please. »
page: 1 · 2 · next

ez2cy join:2008-03-05 1 edit	ez2cy Tower infected Friends tower mentioned in »laptop unresponsive and slow Dell, running Windows XP Removed Antivirus Security Pro with RKILL as mentioned at bleeping. Did scan with Malware, can now get on internet. Warnings about her computer being infected gone now. Ty Trying to do Mandatory steps to clean up her computer as it's extremely slow. Have disabled, hid, click show files etc. to the part of downloading TFC and running it. Hit start....TFC says, "Getting user folders Stopping running processes. Been like that for an hour. Never had to wait for it before now. Tower PC seems to hang or freeze a lot. Had to reboot a couple of times to just get going. Next step?
	hey mods · actions · 2013-Sep-21 12:00 pm ·
ez2cy join:2008-03-05	ez2cy Got it work in safe mode...stand by for scans
	hey mods · actions · 2013-Sep-21 3:35 pm ·
ez2cy join:2008-03-05	ez2cy Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.21.05 Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.18702 Main User :: MAIN-3C119DCCFC [administrator] Protection: Disabled 9/21/2013 7:43:51 AM mbam-log-2013-09-21 (07-43-51).txt Scan type: Full scan (C:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 261411 Time elapsed: 32 minute(s), 46 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 9 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> No action taken. HKCR\iMeshIEHelper.DNSGuard (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken. HKCR\iMeshIEHelper.DNSGuard.1 (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> No action taken. HKCU\SOFTWARE\BPROTECTOR (PUP.BProtector) -> No action taken. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken. HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\BPROTECTOR (PUP.BProtector) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} (PUP.BProtector) -> No action taken. Registry Values Detected: 10 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\|bProtector Start Page (PUP.BProtector) -> Data: http://www.google.ca/ -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\|bProtectorDefaultScope (PUP.BProtector) -> Data: {95B7759C-8C7F-4BF1-B163-73684A933233} -> No action taken. HKCU\SOFTWARE\bProtector\|iexplore homepages (PUP.BProtector) -> Data: http://go.microsoft.com/fwlink/?linkid=69157^http://www.ask.com/?l=dis&o=apn10144&gct=hp^^ -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|DATAMNGR (PUP.Optional.Datamngr.A) -> Data: C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\bProtector\|ImagePath (PUP.BProtector) -> Data: C:\Documents and Settings\All Users\Application Data\bProtector\bProtect.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|ovgeqmjh (PUP.BProtector) -> Data: "C:\Documents and Settings\Main User\Local Settings\Application Data\askuptex.exe" -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|jmstqxwb (Email.Trojan) -> Data: "C:\Documents and Settings\Main User\Local Settings\Application Data\xtkxmuvc.exe" -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|AS2014 (Trojan.Ransom.BV) -> Data: C:\Documents and Settings\All Users\Application Data\3XVrn37a\3XVrn37a.exe -> Quarantined and deleted successfully. HKCU\Control Panel\don't load\|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|wdmas (Trojan.Agent) -> Data: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Main User\Application Data\wdmas.dll",FromMemory -> Quarantined and deleted successfully. Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center\|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center\|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center\|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 9 C:\Documents and Settings\Main User\Application Data\DealPly (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\Main User\Application Data\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\NetworkService\Application Data\DealPly (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\NetworkService\Application Data\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D} (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Cache (PUP.Optional.Tarma.A) -> No action taken. Files Detected: 72 C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\Main User\Local Settings\Temp\7ywTBm_l.exe.part (PUP.BundleInstaller.DW) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\FLVPlayerSetup_MMM (1).exe (PUP.Adware.Installcore) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\FLVPlayerSetup_MMM (2).exe (PUP.Adware.Installcore) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\FLVPlayerSetup_MMM.exe (PUP.Adware.Installcore) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\frostwire-5.3.5.windows.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\frostwire-5.3.9.windows (1).exe (PUP.Optional.OpenCandy) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\frostwire-5.3.9.windows.exe (PUP.Optional.OpenCandy) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\iLividSetup.exe (PUP.Optional.Bandoo) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\iLividSetupV1 (1).exe (PUP.Optional.Bandoo) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\iLividSetupV1.exe (PUP.Optional.Bandoo) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\mplayer_Setup.exe (PUP.BundleInstaller.OI) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\musicoasis_d16949.exe (PUP.Optional.InstallIQ.A) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup (1).exe (PUP.BundleInstaller.VG) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup (2).exe (PUP.BundleInstaller.VG) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup (3).exe (PUP.BundleInstaller.VG) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup (4).exe (PUP.BundleInstaller.VG) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup(1).exe (PUP.Optional.AirInstaller) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup(2).exe (PUP.Optional.AirInstaller) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup(3).exe (PUP.Optional.AirInstaller) -> No action taken. C:\Documents and Settings\Main User\My Documents\Downloads\setup.exe (PUP.BundleInstaller.VG) -> No action taken. C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> No action taken. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159424.exe (PUP.Optional.Dealply) -> No action taken. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159426.dll (PUP.DealPly) -> No action taken. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159427.exe (PUP.Optional.Dealply) -> No action taken. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159428.exe (PUP.Optional.Dealply) -> No action taken. C:\WINDOWS\system32\roboot.exe (PUP.Optional.PCPerformer.A) -> No action taken. C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> No action taken. C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken. C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> No action taken. C:\Documents (PUP.BProtector) -> No action taken. C:\Documents and Settings\Main User\Application Data\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\NetworkService\Application Data\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\NetworkService\Application Data\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\All Users\Application Data\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken. C:\Documents and Settings\Main User\Local Settings\Application Data\xtkxmuvc.exe (Email.Trojan) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\3XVrn37a\3XVrn37a.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\ddkdixva.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\dihkjhhs.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\ifiroqxt.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\ihairggb.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\iimnxsxo.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\imdclfvs.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\jxldiujh.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\kufxwnav.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\lmqopckl.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\rgjwaann.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\rkiofbik.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\vfnbjehk.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\xhosfbbj.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\xuvgnpfb.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Temp\WhatsApp_VoiceMail_ID9623564.zip (Email.Trojan) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\My Documents\Downloads\eMuleSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\My Documents\Downloads\MPLSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\My Documents\Downloads\WhatsApp_VoiceMail_ID9623564(1).zip (Email.Trojan) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\My Documents\Downloads\WhatsApp_VoiceMail_ID9623564.zip (Email.Trojan) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\My Documents\Downloads\XvidSetup(1).exe (Adware.HotBar) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\My Documents\Downloads\XvidSetup.exe (Adware.HotBar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159473.exe (Adware.InstallBrain) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP662\A0166643.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP662\A0166727.exe (Malware.Builder.CD) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP666\A0168816.exe (Malware.Builder.CD) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Desktop\Antivirus Security Pro.lnk (Rogue.AntiVirusSecurity) -> Quarantined and deleted successfully. (end) Same as last, missed cleaning up 10 PUP's as they were not checked, did 2nd scan, log lost. # AdwCleaner v3.004 - Report created 21/09/2013 at 14:31:38 # Updated 15/09/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Main User - MAIN-3C119DCCFC # Running from : C:\Documents and Settings\Main User\Desktop\Cleanup\adwcleaner.exe # Option : Clean *** [ Services ] * [#] Service Deleted : RadioRage_4jService * [ Files / Folders ] * Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess Folder Deleted : C:\Documents and Settings\All Users\Application Data\bProtector Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\DVDVideoSoftTB Folder Deleted : C:\Program Files\file2linkib Folder Deleted : C:\Program Files\FunWebProducts Folder Deleted : C:\Program Files\iMesh Applications Folder Deleted : C:\Program Files\RadioRage_4j Folder Deleted : C:\Program Files\TelevisionFanaticEI Folder Deleted : C:\Program Files\v-Grabber Folder Deleted : C:\Program Files\Yontoo Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\apn Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Conduit Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\cre Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\DVDVideoSoftTB Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\Main User\Application Data\file2linkib Folder Deleted : C:\Documents and Settings\Main User\Application Data\mediabarim Folder Deleted : C:\Documents and Settings\Main User\Application Data\PerformerSoft Folder Deleted : C:\Documents and Settings\Main User\Application Data\RadioRage_4j Folder Deleted : C:\Documents and Settings\Main User\Application Data\wincoreimband Folder Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\alot-appbar Folder Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\Smartbar Folder Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\Extensions\4jffxtbr@RadioRage_4j.com Folder Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\Extensions\appbar@alot.com [!] Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje [!] Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [!] Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [!] Folder Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm File Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\searchplugins\alot-search.xml File Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\searchplugins\Askcom.xml File Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\searchplugins\askcomsearch.xml File Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\searchplugins\ask-web-search.xml File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\searchplugins\my-web-search.xml File Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage File Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal File Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage File Deleted : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal * [ Shortcuts ] * * [ Registry ] * Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4jffxtbr@RadioRage_4j.com] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc Key Deleted : HKCU\Software\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iMesh Key Deleted : HKCU\Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader Key Deleted : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1 Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO Key Deleted : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.DynamicBarButton.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.FeedManager.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.HTMLPanel.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.MultipleButton.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.PseudoTransparentPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.Radio.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ScriptButton.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncher.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncherSettings Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.SkinLauncherSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ThirdPartyInstaller.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.UrlAlertButton.1 Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.XMLSessionPlugin Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@RadioRage_4j.com/Plugin Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2953735 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3131886 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioRage Search Scope Monitor] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [RadioRage_4j Browser Plugin Loader] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00A2B7C6-7487-4B99-9F6C-1FDF57FE130B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11D4B723-18CA-48C6-BA13-965488F19A70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{48909954-14FB-4971-A7B3-47E7AF10B38A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{53855564-CF81-410C-9C1C-321C7E067816} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{581C7D7D-F809-4E03-A631-74C069D5F04A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5848763C-2668-44CA-ADBE-2999A6EE2858} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6562E272-88E1-4DFF-8FF8-FE1A05323D36} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78BA36C9-6036-482B-B48D-ECCA6F964B84} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E7ABF2A-8C44-4562-895D-DBCA3CDDD1A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9638B7D6-11F5-4406-B387-327642A11FFB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA41198F-C3C5-47D8-99E1-1AB199E81723} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D740AD89-BAF4-47D5-9B5E-343D30F07A7A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DFEB941C-8B58-4899-97C3-88FE394E1285} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E23760BE-23A3-4CEF-9304-66AF079F53DB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6AD866F-EA06-476A-8432-ED943683FAB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECEF0D95-32FA-48D3-8A2D-D6453B5B7361} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F69FE1BE-09C3-460C-AC89-8CCD9D3DF1CC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F706E19B-6C14-4272-BA98-2F16636A898D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A661D4DC-4BD8-48FC-964B-A24AB8157DE6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0978C5FA-83C0-4118-A54F-99DACCEECB8C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1ED65BE2-AE84-46CB-8EA6-1C2B86ADF768} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDAD7F1-B87C-4E79-9150-DE235FF80B3A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A50E810-71EB-43A8-A665-19ED8CCD1630} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4DD9EB5D-8657-4856-A804-535841B09D73} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{569A9014-22E3-4F11-A243-CA4E3D95ADED} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{597494DA-C59F-4EDF-B2D1-CE137E2DB9E4} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9E18E695-C9AF-4369-8CC3-93141C2928AF} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B872D222-3F52-4CD9-A4BE-9D69EE4F293D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0E90465-CF35-480D-B520-E1E3BDE802F5} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48909954-14FB-4971-A7B3-47E7AF10B38A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5848763C-2668-44CA-ADBE-2999A6EE2858} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{48909954-14FB-4971-A7B3-47E7AF10B38A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5848763C-2668-44CA-ADBE-2999A6EE2858} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78BA36C9-6036-482B-B48D-ECCA6F964B84} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{48909954-14FB-4971-A7B3-47E7AF10B38A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5848763C-2668-44CA-ADBE-2999A6EE2858} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{78BA36C9-6036-482B-B48D-ECCA6F964B84} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C66A678D-5E6C-4AF9-8F57-C6192F42CF74} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{434FA5E9-253E-4BD0-ADB6-7CE4CEA114CA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{581C7D7D-F809-4E03-A631-74C069D5F04A} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{60B34F47-3FDD-46F8-AB6C-AAABEA55C3D6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{68122F44-3A4A-4EDB-B28F-0C0E07F89BD0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9638B7D6-11F5-4406-B387-327642A11FFB} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F706E19B-6C14-4272-BA98-2F16636A898D} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\iMesh\iMesh.exe] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe] Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\ConduitSearchScopes Key Deleted : HKCU\Software\DVDVideoSoftTB Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\mediabarim Key Deleted : HKCU\Software\RadioRage_4j Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\DVDVideoSoftTB Key Deleted : HKLM\Software\iMeshMediabarTb Key Deleted : HKLM\Software\RadioRage_4j Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\file2linkib Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Firefox Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RadioRage_4jbar Uninstall Internet Explorer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\file2linkib Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Performer_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RadioRage_4jbar Uninstall Firefox Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RadioRage_4jbar Uninstall Internet Explorer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\imesha~1\mediabar\datamngr\iebho.dll * [ Browsers ] * -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] -\\ Mozilla Firefox v [ File : C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\prefs.js ] Line Deleted : user_pref("CT3282134.1000082.isPlayDisplay", "true"); Line Deleted : user_pref("CT3282134.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}"); Line Deleted : user_pref("CT3282134.1000234.TWC_TMP_city", "REGINA"); Line Deleted : user_pref("CT3282134.1000234.TWC_TMP_country", "CA"); Line Deleted : user_pref("CT3282134.1000234.TWC_country", "CANADA"); Line Deleted : user_pref("CT3282134.1000234.TWC_locId", "CAXX0397"); Line Deleted : user_pref("CT3282134.1000234.TWC_location", "Regina, Canada"); Line Deleted : user_pref("CT3282134.1000234.TWC_region", "OT"); Line Deleted : user_pref("CT3282134.1000234.TWC_temp_dis", "c"); Line Deleted : user_pref("CT3282134.1000234.TWC_wind_dis", "kmh"); Line Deleted : user_pref("CT3282134.1000234.weatherData", "{\"icon\":\"27.png\",\"temperature\":\"-2°C\",\"temperatureClear\":\"-2°C\",\"highTemperature\":\"-2°C\",\"lowTemperature\":\"-11°C\",\"feelsLike\":\"-9°C\"[...] Line Deleted : user_pref("CT3282134.CBOpenMAMSettings.enc", "MA=="); Line Deleted : user_pref("CT3282134.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3282134.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3282134.FirstTime", "true"); Line Deleted : user_pref("CT3282134.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3282134.PG_ENABLE", "dHJ1ZQ=="); Line Deleted : user_pref("CT3282134.RevertSettingsEnabled", true); Line Deleted : user_pref("CT3282134.UserID", "UN88328214108045642"); Line Deleted : user_pref("CT3282134.cbcountry_001.enc", "Q0E="); Line Deleted : user_pref("CT3282134.cbfirsttime.enc", "TW9uIEZlYiAwNCAyMDEzIDIyOjMwOjM3IEdNVC0wNjAwIChDYW5hZGEgQ2VudHJhbCBTdGFuZGFyZCBUaW1lKQ=="); Line Deleted : user_pref("CT3282134.embeddedsData", "[{\"appId\":\"130037721295619503\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] Line Deleted : user_pref("CT3282134.enableFix404ByUser", "FALSE"); Line Deleted : user_pref("CT3282134.event_data.enc", "JTVCJTVE"); Line Deleted : user_pref("CT3282134.fired_events.enc", ""); Line Deleted : user_pref("CT3282134.fixPageNotFoundErrorByUser", "TRUE"); Line Deleted : user_pref("CT3282134.fixUrls", true); Line Deleted : user_pref("CT3282134.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3282134.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3282134.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3282134.isPerformedSmartBarTransition", "true"); Line Deleted : user_pref("CT3282134.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3282134.key_date.enc", "NA=="); Line Deleted : user_pref("CT3282134.lastVersion", "10.14.42.7"); Line Deleted : user_pref("CT3282134.migrateAppsAndComponents", true); Line Deleted : user_pref("CT3282134.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fca.msn.com%2F%3Frd%3D1%26ucc%3DCA%26dcc%3DCA%26opt%3D0%26tc%3D425\",\"EB_MAIN_FRAME_TITLE\":[...] Line Deleted : user_pref("CT3282134.price-gong.isManagedApp", "true"); Line Deleted : user_pref("CT3282134.search.searchAppId", "130037721295619503"); Line Deleted : user_pref("CT3282134.search.searchCount", "0"); Line Deleted : user_pref("CT3282134.searchInNewTabEnabledByUser", "true"); Line Deleted : user_pref("CT3282134.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3282134\"}"); Line Deleted : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WiseConvertBToolbar.OurToolbar.com//xpi\"}"); Line Deleted : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WiseConvert B\"}"); Line Deleted : user_pref("CT3282134.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3282134.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360038629197"); Line Deleted : user_pref("CT3282134.serviceLayer_services_appsMetadata_lastUpdate", "1360038629842"); Line Deleted : user_pref("CT3282134.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360038629384"); Line Deleted : user_pref("CT3282134.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1360038629568"); Line Deleted : user_pref("CT3282134.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1360038629451"); Line Deleted : user_pref("CT3282134.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360038629658"); Line Deleted : user_pref("CT3282134.serviceLayer_services_searchAPI_lastUpdate", "1360038627455"); Line Deleted : user_pref("CT3282134.serviceLayer_services_serviceMap_lastUpdate", "1360038627250"); Line Deleted : user_pref("CT3282134.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360038629313"); Line Deleted : user_pref("CT3282134.serviceLayer_services_toolbarSettings_lastUpdate", "1360038628274"); Line Deleted : user_pref("CT3282134.serviceLayer_services_translation_lastUpdate", "1360038629769"); Line Deleted : user_pref("CT3282134.settingsINI", true); Line Deleted : user_pref("CT3282134.smartbar.CTID", "CT3282134"); Line Deleted : user_pref("CT3282134.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3282134.smartbar.toolbarName", "WiseConvert B "); Line Deleted : user_pref("CT3282134.url_history0001.enc", "aHR0cDovL3d3dy5mdW5ueWNvbG9yaW5nLmNvbS90aGVtZS1jb2xvcmluZy1wYWdlcy5odG1sOjo6Y2xpY2toYW5kbGVyOjo6MTM2MDAzODcyNDI2NSwsLGh0dHA6Ly93d3cuZnVubnljb2xvcmluZy5jb20v[...] Line Deleted : user_pref("CT3282134_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1360038626053,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("browser.search.defaultengine", "Ask.com Search"); Line Deleted : user_pref("browser.search.order.1", "Ask.com Search"); Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=B5E49397-0338-4575-8078-DD9AEC39E680&n=77fd52d7&p2=^ZX^xdm041^YYA^ca&si=radiopi"); Line Deleted : user_pref("extensions.alotab.oldHomepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=53053D8A-9774-4932-AA89-98EF5C47E7FE&n=77fcbade&p2=^Y6^xdm035^YY^ca&si=swissconverter"); Line Deleted : user_pref("extensions.alotab.oldKeyword", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=B5E49397-0338-4575-8078-DD9AEC39E680&n=77fd52d7&ind=2013090519&p2=^ZX^xdm041^YYA^ca&si=radiopi&search[...] Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Ask.com Search"); Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true); Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://isearch.avg.com/search?cid={8727027D-A97D-4001-BF0D-8D35AB3167A4}&mid=6b1fa37e764047d19409d150ffc9d183-b6e2ac731e3f57a340155ea2d9c6308108937937&l[...] Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Ask.com Search"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=B5E49397-0338-4575-8078-DD9AEC39E680&n=77fd52d7&p2=^ZX^xdm041^YYA^ca&si=radiopi"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.hp.enabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.initialized", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.contextKey", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.installDate", "2013090519"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerId", "^ZX^xdm041^YYA^ca"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.partnerSubId", "radiopi"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.success", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.installation.toolbarId", "B5E49397-0338-4575-8078-DD9AEC39E680"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.lastActivePing", "1378830228074"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.defaultSearch", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.homePageEnabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.keywordEnabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.options.tabEnabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.searchHistory", "BDL SASKATCHEWAN ODER FORM\|\|BDL SASKATCHEWAN ODER FORM PRINTABLE"); Line Deleted : user_pref("extensions.toolbar.mindspark._4jMembers_.weather.location", "S6V+S"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=53053D8A-9774-4932-AA89-98EF5C47E7FE&n=77fcbade&p2=^Y6^xdm035^YY^ca&si=swissconverter"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.enabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.lastGuardTime", -1612455722); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.hp.numGuards", 1); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.initialized", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.contextKey", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.installDate", "2013051614"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerId", "^Y6^xdm035^YY^ca"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.partnerSubId", "swissconverter"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.success", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.installation.toolbarId", "53053D8A-9774-4932-AA89-98EF5C47E7FE"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.lastActivePing", "1372773873578"); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.defaultSearch", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.homePageEnabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.keywordEnabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.options.tabEnabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.searchHistory", "MSN.COM\|\|PRINCE ALBERT DALY HAROLD\|\|HOROSCOPES\|\|HOROSCOPES CHINESE\|\|blue dog\|\|ASPIRIN 81MG\|\|apps on samsung galaxy s4\|\|www.canlearn[...] Line Deleted : user_pref("extensions.toolbar.mindspark._65Members_.weather.location", "S4N+S"); Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true); Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "radiorage@mindspark.com"); Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "radiorage@mindspark.com"); Line Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=B5E49397-0338-4575-8078-DD9AEC39E680&n=77fd52d7&ind=2013090519&p2=^ZX^xdm041^YYA^ca&si=radiopi&searchfor="); -\\ Google Chrome v [ File : C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] Deleted : homepage Deleted : icon_url Deleted : homepage *********************** AdwCleaner[R0].txt - [41085 octets] - [21/09/2013 13:45:03] AdwCleaner[S0].txt - [39561 octets] - [21/09/2013 14:31:38] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39622 octets] ##########
	hey mods · actions · 2013-Sep-21 7:07 pm ·
ez2cy join:2008-03-05	ez2cy OTL logfile created on: 9/21/2013 2:39:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Main User\Desktop\Cleanup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1013.54 Mb Total Physical Memory \| 410.96 Mb Available Physical Memory \| 40.55% Memory free 2.38 Gb Paging File \| 1.86 Gb Available in Paging File \| 77.85% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 149.04 Gb Total Space \| 126.89 Gb Free Space \| 85.14% Space Free \| Partition Type: NTFS Computer Name: MAIN-3C119DCCFC \| User Name: Main User \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/09/21 14:39:18 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Main User\Desktop\Cleanup\OTL.exe PRC - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 \| 000,532,040 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/18 08:02:58 \| 000,871,536 \| ---- \| M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe PRC - [2011/01/17 18:37:40 \| 011,322,880 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 \| 011,314,688 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/06/29 15:15:18 \| 000,073,728 \| ---- \| M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2010/01/29 01:04:26 \| 000,764,784 \| ---- \| M] (Microsoft Corporation ) -- C:\WINDOWS\vVX6000.exe PRC - [2009/06/03 20:59:02 \| 000,103,720 \| ---- \| M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 23:52:06 \| 000,091,432 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/12/04 13:24:30 \| 000,665,424 \| ---- \| M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008/04/14 06:00:00 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/04/06 01:21:39 \| 000,985,088 \| ---- \| M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2011/11/01 23:26:32 \| 000,087,912 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 \| 001,242,472 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/08/20 12:35:48 \| 007,745,536 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/08/20 12:35:46 \| 002,121,728 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/08/20 12:35:46 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/06/03 20:59:14 \| 000,013,096 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 \| 000,619,816 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/12/03 14:05:26 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/26 10:56:02 \| 000,057,344 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0) SRV - [2013/09/21 08:45:13 \| 000,257,416 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) [Auto \| Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (WDICA) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDCOMP) DRV - File not found [Kernel \| System \| Stopped] -- -- (PCIDump) DRV - File not found [Kernel \| System \| Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel \| System \| Stopped] -- -- (i2omgmt) DRV - File not found [Kernel \| System \| Stopped] -- -- (Changer) DRV - [2013/08/15 11:23:41 \| 000,037,664 \| ---- \| M] (AVG Technologies) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013/04/04 14:50:32 \| 000,022,856 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/04/28 07:44:02 \| 000,054,760 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2010/01/29 01:04:28 \| 002,074,480 \| ---- \| M] (Microsoft Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000) DRV - [2008/04/14 06:00:00 \| 000,088,320 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 06:00:00 \| 000,063,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 06:00:00 \| 000,055,936 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2007/06/06 12:51:04 \| 000,161,792 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E C9 C0 F4 B6 39 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{2B13BBF1-312A-4365-B80F-53DD098E0A9A}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA457 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "ALOT Search" FF - prefs.js..browser.search.selectedEngine: "ALOT Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Bab728073-1a39-11e3-8277-b8ac6f996f26%7D:3.0.1 FF - prefs.js..extensions.enabledAddons: appbar%40alot.com:1.1.6000 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@ei.DailyFitnessCenter_53.com/Plugin: C:\Program Files\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISB.dll (Daily Fitness Center) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2012/12/07 00:30:57 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Extensions [2013/09/21 14:32:18 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions [2013/09/10 14:00:10 \| 000,004,229 \| ---- \| M] () (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions\{ab728073-1a39-11e3-8277-b8ac6f996f26}.xpi [2013/08/17 01:44:34 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/08/17 01:44:49 \| 000,000,000 \| ---D \| M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAIN USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\00UBWAZ9.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2008/04/14 06:00:00 \| 000,000,734 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [apofpr] C:\Documents and Settings\Main User\Application Data\apofpr.dll (Technology Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation ) O4 - HKCU..\Run: [EPSON NX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Main User\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D666106F-B683-4422-8F03-0E9FE1A2102A}: DhcpNameServer = 172.16.1.254 O20 - AppInit_DLLs: (protector.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/28 10:11:02 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/09/21 13:44:59 \| 000,000,000 \| ---D \| C] -- C:\AdwCleaner [2013/09/21 13:19:34 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2013/09/21 09:06:25 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\Cleanup [2013/09/21 08:56:52 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Main User\Desktop\TFC.exe [2013/09/21 07:42:24 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Application Data\Malwarebytes [2013/09/21 07:42:19 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/09/21 07:42:18 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/09/21 07:42:17 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/09/21 07:42:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/09/21 07:29:29 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\CSC [2013/09/10 13:02:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro [2013/09/10 10:56:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/10 10:55:52 \| 000,331,776 \| ---- \| C] (Technology Inc.) -- C:\Documents and Settings\Main User\Application Data\apofpr.dll [2013/09/10 10:55:45 \| 000,573,440 \| ---- \| C] (Technology,Inc) -- C:\Documents and Settings\Main User\Application Data\wdmas.dll [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/09/21 14:42:15 \| 000,000,830 \| ---- \| M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/09/21 14:38:02 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2013/09/21 14:37:31 \| 000,000,888 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/09/21 14:37:24 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2013/09/21 14:24:01 \| 000,001,014 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003UA.job [2013/09/21 14:14:38 \| 000,000,430 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7B09058B-9D4E-4995-98D2-4BA13ABAB3DF}.job [2013/09/21 14:12:00 \| 000,000,892 \| ---- \| M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/09/21 13:20:54 \| 000,000,211 \| -HS- \| M] () -- C:\boot.ini [2013/09/21 13:16:46 \| 000,503,082 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2013/09/21 13:16:46 \| 000,087,182 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2013/09/21 13:15:51 \| 000,004,566 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2013/09/21 08:56:57 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Main User\Desktop\TFC.exe [2013/09/21 08:44:50 \| 000,692,616 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/09/21 08:44:49 \| 000,071,048 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/09/20 01:14:00 \| 000,000,418 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job [2013/09/19 17:24:00 \| 000,000,992 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003Core.job [2013/09/14 17:11:01 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| M] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/10 10:55:52 \| 000,331,776 \| ---- \| M] (Technology Inc.) -- C:\Documents and Settings\Main User\Application Data\apofpr.dll [2013/09/10 10:55:45 \| 000,573,440 \| ---- \| M] (Technology,Inc) -- C:\Documents and Settings\Main User\Application Data\wdmas.dll [2013/09/08 16:48:09 \| 000,015,717 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\jackies resume.odt [2013/09/06 22:51:51 \| 000,100,900 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/09/01 01:01:01 \| 000,013,332 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/08/31 15:25:28 \| 000,001,255 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\BARRED.rtf [2013/08/27 15:23:09 \| 000,014,656 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER + WINE STORE.ods [2013/08/27 15:11:03 \| 000,013,385 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER +WINE STORE P2.ods [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| C] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/06 22:51:50 \| 000,100,900 \| ---- \| C] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/08/31 23:54:20 \| 000,013,332 \| ---- \| C] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/06/29 19:54:12 \| 000,003,715 \| ---- \| C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013/05/16 14:23:21 \| 000,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2012/04/27 03:02:35 \| 000,026,168 \| -H-- \| C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/04/25 10:16:24 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\HPPLVS.dll [2012/02/16 08:04:57 \| 000,003,072 \| ---- \| C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/16 06:02:32 \| 000,001,043 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml [2011/11/12 23:01:12 \| 000,008,192 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/12 11:03:39 \| 000,000,337 \| ---- \| C] () -- C:\WINDOWS\lgfwup.ini [2011/11/11 03:21:56 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\EEventManager.INI [2011/11/10 08:33:59 \| 000,073,220 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/10 08:33:59 \| 000,031,053 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/10 08:33:59 \| 000,029,114 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/10 08:33:59 \| 000,027,417 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/10 08:33:59 \| 000,021,021 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/10 08:33:59 \| 000,015,670 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/10 08:33:59 \| 000,013,280 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/10 08:33:59 \| 000,010,673 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/10 08:33:59 \| 000,004,943 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/10 08:33:59 \| 000,001,137 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/10 08:33:59 \| 000,001,104 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/10 08:33:59 \| 000,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/11/10 08:28:16 \| 000,000,044 \| ---- \| C] () -- C:\WINDOWS\EPNX210.ini [2011/07/06 13:46:16 \| 000,017,408 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\WebpageIcons.db [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/04/28 11:33:16 \| 000,000,227 \| RHS- \| M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 07:51:57 \| 001,510,400 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 \| 000,473,600 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 \| 000,273,920 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/09/10 11:05:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/01 16:07:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\1D128 [2012/01/25 11:33:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\27EA [2013/09/21 08:17:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/21 09:30:41 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/01/16 07:01:43 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/11/10 08:35:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/09/21 09:24:19 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/02/01 01:11:48 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MGS [2012/10/24 08:07:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC [2012/11/01 08:57:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Temp [2012/01/18 16:38:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/01/16 06:53:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{DDDBACA1-459C-43AE-9BD3-116CB222273D} [2012/09/20 01:07:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\DVDVideoSoft [2011/11/11 03:14:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Epson [2011/11/10 08:36:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Leadertech [2011/11/07 19:46:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\MSNInstaller [2012/04/06 13:36:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\OpenOffice.org [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\PC Cleaner [2012/11/01 09:00:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Pogo Games [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\RegistryKeys [2012/09/19 16:41:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\wincorebsband [2011/04/28 11:36:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Desktop Search [2011/12/05 19:45:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Search [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1 OTL Extras logfile created on: 9/21/2013 2:39:24 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Main User\Desktop\Cleanup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1013.54 Mb Total Physical Memory \| 410.96 Mb Available Physical Memory \| 40.55% Memory free 2.38 Gb Paging File \| 1.86 Gb Available in Paging File \| 77.85% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 149.04 Gb Total Space \| 126.89 Gb Free Space \| 85.14% Space Free \| Partition Type: NTFS Computer Name: MAIN-3C119DCCFC \| User Name: Main User \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP::Disabled:Windows Remote Management "80:TCP" = 80:TCP::Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe::Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe::Enabled:BearShare [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe::Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe::Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe::Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe::Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe::Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION) "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe::Enabled:AVG Installer "C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe::Enabled:FrostWire "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe::Enabled:BearShare "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe::Enabled:WebKit -- (Apple Inc.) "C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe::Enabled:Facebook Video Calling Plugin -- (Skype Limited) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25 "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD "{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support "{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "EPSON NX210 Series" = EPSON NX210 Series Printer Uninstall "EPSON Scanner" = EPSON Scan "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 9/21/2013 3:02:29 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Windows Search Service \| ID = 3013 Description = The entry in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) [ System Events ] Error - 9/21/2013 3:32:37 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7001 Description = The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 9/21/2013 3:32:37 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7001 Description = The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: %%31 Error - 9/21/2013 3:32:37 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7001 Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error - 9/21/2013 3:32:37 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7001 Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error - 9/21/2013 3:32:37 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 9/21/2013 3:38:05 PM \| Computer Name = MAIN-3C119DCCFC \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} Error - 9/21/2013 3:38:41 PM \| Computer Name = MAIN-3C119DCCFC \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} Error - 9/21/2013 3:38:59 PM \| Computer Name = MAIN-3C119DCCFC \| Source = DCOM \| ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} Error - 9/21/2013 3:41:18 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7000 Description = The vToolbarUpdater15.5.0 service failed to start due to the following error: %%2 Error - 9/21/2013 4:39:01 PM \| Computer Name = MAIN-3C119DCCFC \| Source = Service Control Manager \| ID = 7000 Description = The vToolbarUpdater15.5.0 service failed to start due to the following error: %%2 Results of screen317's Security Check version 0.99.73 Windows XP Service Pack 3 x86 [color=red](UAC is disabled!)[/color] Internet Explorer 8 [u]``````````````Antivirus/Firewall Check:``````````````[/u] [color=red]Windows Security Center service is not running! This report may not be accurate![/color] Windows Firewall Enabled! AVG Internet Security 2012 Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 [color=red]Adobe Reader out of Date![/color] [u]````````Process Check: objlist.exe by Laurent````````[/u] Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Common Files Authentium AntiVirus5 vsedsps.exe Common Files Authentium AntiVirus5 vseamps.exe Common Files Authentium AntiVirus5 vseqrts.exe Malwarebytes' Anti-Malware mbamscheduler.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C:: 5% [u]````````````````````End of Log``````````````````````*[/u] ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e7909ea83f7c9947aac1d3ccc846f559 # engine=15213 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-21 10:11:53 # local_time=2013-09-21 04:11:53 (-0600, Canada Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # scanned=64308 # found=5 # cleaned=5 # scan_time=1770 sh=564160696ED3A767BEB3A5B77DA5107F05EBCBA4 ft=1 fh=62fd1985c73163e4 vn="a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir" sh=BE8BE9A52F1FEB25070369860F1E1789551C2B03 ft=0 fh=0000000000000000 vn="BAT/KillAV.NDV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\All Users\Application Data\3XVrn37a\serv.bat" sh=5EDFAAABAC92DB8B7ED2503C80359BB4E922397A ft=1 fh=c71c00110236e882 vn="a variant of Win32/Medfos.WR trojan (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Documents and Settings\Main User\Application Data\apofpr.dll" sh=A146171DC173772C7A6DD5F6344CD82BD5AD6A9A ft=1 fh=50318edc68621213 vn="a variant of Win32/Medfos.WR trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Main User\Application Data\wdmas.dll" sh=16C1C114CF723D95CB90674D5705BDE42ED911F4 ft=1 fh=909e75512cc12a1e vn="a variant of JS/Chromex.FBook.K trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Main User\My Documents\Downloads\ProfileVisitor.exe"
	hey mods · actions · 2013-Sep-21 7:13 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM Hi ez2cy quote: missed cleaning up 10 PUP's as they were not checked, did 2nd scan, log lost Have you subsequently run a full scan with MBAM and had it come up clean, with no detections? Please download Malwarebytes Anti-Rootkit here: http://downloads.malwarebytes.org/file/mbar Unzip the contents to a folder on the Desktop. - Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7). - Follow the instructions in the wizard to update and allow the program to scan your computer for threats. - Click on the Cleanup button to remove any threats and reboot if prompted to do so. - Wait while the system shuts down and the cleanup process is performed. - Please post the two logs produced. Please note: This tool is still in BETA mode, so please ensure you have backed up any important files. Please download Junkware Removal Tool to your Desktop. - Disconnect from the Internet (unplug your connection to your router or modem). - Please close your security software to avoid potential conflicts. - Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator. - The tool will open and start scanning your system. - Please be patient as this can take a while to complete, depending on your system's specifications. - On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. - Restart your security software and reconnect to the Internet. - Please post the contents of JRT.txt into your reply. Please run OTL.exe. - Copy the text in the quote box below to the clipboard by highlighting all the text inside the box and pressing CTRL + C (or, after highlighting, right-click and choose Copy): quote: :OTL @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1 :Commands [EmptyTemp] - Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. - Click the red Run Fix button. - A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. - Close OTL.exe Please post the two logs frmo MBAR, the log from Junkware Removal Tool, the log from OTL, and note any errors encountered. Do you still have the ad showing up? -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-22 12:49 am ·

ez2cy join:2008-03-05	ez2cy reply to ez2cy yes the ad was gone after running the Kill as mentioned in first post. Yes I ran the MBAM again after the 10 pups did not get checked and cleaned. Ran it again just now and got 60 objects. ?????? Only place I've been is here and any sites mentioned in mandatory clean up. ???? Going to continue now with what you have asked me to do. This is the MBAM scan did this morn. Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.09.22.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Main User :: MAIN-3C119DCCFC [administrator] Protection: Enabled 9/22/2013 9:54:12 AM mbam-log-2013-09-22 (09-54-12).txt Scan type: Full scan (C:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 257245 Time elapsed: 2 hour(s), 16 minute(s), 32 second(s) Memory Processes Detected: 1 C:\Program Files\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> 484 -> Delete on reboot. Memory Modules Detected: 2 C:\Program Files\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Delete on reboot. C:\Program Files\WebConnect\WebConnectBHO.dll (PUP.Optional.WebConnect.A) -> Delete on reboot. Registry Keys Detected: 19 HKLM\SYSTEM\CurrentControlSet\Services\Update WebConnect (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCR\CLSID\{2316c625-b487-4410-a1a5-ff040b65245f} (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{d8caf2df-52d3-42cf-9ddb-f4ff828db4f8} (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCR\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C} (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\WEBCONNECT (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. Registry Values Detected: 3 HKCU\Software\InstallCore\|tb (PUP.Optional.InstallCore.A) -> Data: 0L1N1H2O1S -> Quarantined and deleted successfully. HKCU\Software\WebConnect\|iid (PUP.Optional.WebConnect.A) -> Data: def_WebConnect -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\|bProtectTabs (PUP.Optional.BrowserProtect.A) -> Data: http://www2.delta-search.com/?babsrc=NT_ss&mntrId=602E0019B92D3870&affID=119357&tt=160913_m1&tsp=5012 -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\|Start Page (PUP.Optional.StartPage) -> Bad: (http://www2.delta-search.com/?babsrc=HP_ss&mntrId=602E0019B92D3870&affID=119357&tt=160913_m1&tsp=5012) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 2 C:\Documents and Settings\Main User\Application Data\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Program Files\WebConnect (PUP.Optional.WebConnect.A) -> Delete on reboot. Files Detected: 38 C:\Program Files\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> Delete on reboot. C:\Program Files\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Delete on reboot. C:\Program Files\WebConnect\WebConnectBHO.dll (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. C:\AdwCleaner\Quarantine\C\Program Files\v-Grabber\Uninstall.exe.vir (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159424.exe (PUP.Optional.Dealply) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159426.dll (PUP.DealPly) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159427.exe (PUP.Optional.Dealply) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP596\A0159428.exe (PUP.Optional.Dealply) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169921.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169939.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169919.exe (Email.Trojan) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169920.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169922.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169923.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169924.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169925.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169926.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169927.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169928.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169929.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169930.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169931.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169932.exe (Trojan.Ransom.BV) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169933.exe (Trojan.Medfos.RRE) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169934.exe (Trojan.FakeAlert.ED) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169937.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP667\A0169938.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP668\A0173129.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP668\A0173464.dll (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP668\A0173465.exe (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP668\A0173466.exe (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B8963444-EC9A-45BA-81E0-AD60871199B3}\RP668\A0173470.dll (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Application Data\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. C:\Program Files\WebConnect\updateWebConnect.InstallState (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. C:\Program Files\WebConnect\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. C:\Program Files\WebConnect\WebConnect.ico (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. C:\Program Files\WebConnect\WebConnectUninstall.exe (PUP.Optional.WebConnect.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully. (end)
	hey mods · actions · 2013-Sep-22 2:21 pm ·
ez2cy join:2008-03-05	ez2cy Downloaded Malware Anti- Rootkit and ran it. Came back and the computer had rebooted itself. I have one log I can find, not two. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.791000 GHz Memory total: 1062772736, free: 353107968 Downloaded database version: v2013.09.22.04 Downloaded database version: v2013.09.20.01 ======================================= Initializing... ------------ Kernel report ------------ 09/22/2013 12:37:56 ------------ Loaded modules ----------- \WINDOWS\system32\ntkrnlpa.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll eukgcd.sys ACPI.sys \WINDOWS\system32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\system32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys dmload.sys dmio.sys PartMgr.sys VolSnap.sys atapi.sys disk.sys \WINDOWS\system32\DRIVERS\CLASSPNP.SYS fltMgr.sys sr.sys MpFilter.sys KSecDD.sys WudfPf.sys Ntfs.sys NDIS.sys Mup.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\igxpmp32.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\b57xp32.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\imapi.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\redbook.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\psched.sys \SystemRoot\system32\DRIVERS\msgpc.sys \SystemRoot\system32\DRIVERS\ptilink.sys \SystemRoot\system32\DRIVERS\raspti.sys \SystemRoot\system32\DRIVERS\rdpdr.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\update.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\ADIHdAud.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\rasacd.sys \SystemRoot\system32\DRIVERS\ipsec.sys \SystemRoot\system32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\ipnat.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_WMILIB.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\igxpgd32.dll \SystemRoot\System32\igxprd32.dll \SystemRoot\System32\igxpdv32.DLL \SystemRoot\System32\igxpdx32.DLL \SystemRoot\System32\ATMFD.DLL \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys \SystemRoot\system32\DRIVERS\nwlnkipx.sys \SystemRoot\system32\DRIVERS\nwlnknb.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\nwrdr.sys \SystemRoot\system32\DRIVERS\mrxdav.sys \SystemRoot\system32\DRIVERS\nwlnkspx.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\system32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\ipfltdrv.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\drivers\kmixer.sys \SystemRoot\System32\Drivers\HTTP.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! >> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff86d6aab8 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\ Lower Device Object: 0xffffffff86d37b00 Lower Device Driver Name: \Driver\atapi\ >> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff86d6aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff86dcb930, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff86d6aab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff86d37b00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes >> >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... >> >> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2BD2C32A Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 312560577 Partition file system is NTFS Partition is bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)... Done!
	hey mods · actions · 2013-Sep-22 3:11 pm ·
ez2cy join:2008-03-05	ez2cy Ran junkware, hooked internet up. Connected, but won't let me connect to anything. Ran Diagnostics, says cannot connect using HTTP, HTTPS, or FTP. Check firewall setting for the HTTP port (80) HTTPS port (443) and the FTP port (21). JRT scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.2 (09.22.2013:1) OS: Microsoft Windows XP x86 Ran by Main User on Sun 09/22/2013 at 13:25:03.32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2025429265-884357618-1417001333-1003\Software\SweetIM Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\Main User\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Program Files\bearshare applications" Successfully deleted: [Folder] "C:\Program Files\browsersafeguard" Successfully deleted: [Folder] "C:\Program Files\mypc backup" Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Main User\Application Data\mozilla\firefox\profiles\00ubwaz9.default\user.js Successfully deleted the following from C:\Documents and Settings\Main User\Application Data\mozilla\firefox\profiles\00ubwaz9.default\prefs.js user_pref("extensions.alotab.errorUrl", "hxxp://search.alot.com/error?src_id=30916&client_id=19b832b8686eea18a89c82f8&camp_id=4831&install_time=2013-07-02T14:57:57Z&pr=errs&tb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 09/22/2013 at 13:30:05.40 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	hey mods · actions · 2013-Sep-22 4:13 pm ·
ez2cy join:2008-03-05	ez2cy OTL logfile created on: 9/22/2013 3:00:56 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Main User\Desktop\Cleanup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1013.54 Mb Total Physical Memory \| 568.31 Mb Available Physical Memory \| 56.07% Memory free 2.38 Gb Paging File \| 2.03 Gb Available in Paging File \| 85.16% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 149.04 Gb Total Space \| 126.79 Gb Free Space \| 85.07% Space Free \| Partition Type: NTFS Computer Name: MAIN-3C119DCCFC \| User Name: Main User \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/09/21 14:39:18 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Main User\Desktop\Cleanup\OTL.exe PRC - [2013/07/25 11:19:26 \| 005,624,784 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/05/16 10:56:34 \| 001,033,688 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 \| 001,817,560 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/07/18 08:02:58 \| 000,871,536 \| ---- \| M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe PRC - [2011/01/17 18:37:40 \| 011,322,880 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 \| 011,314,688 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/06/29 15:15:18 \| 000,073,728 \| ---- \| M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2010/01/29 01:04:26 \| 000,764,784 \| ---- \| M] (Microsoft Corporation ) -- C:\WINDOWS\vVX6000.exe PRC - [2009/06/03 20:59:02 \| 000,103,720 \| ---- \| M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 23:52:06 \| 000,091,432 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/12/04 13:24:30 \| 000,665,424 \| ---- \| M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008/04/14 06:00:00 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/05/16 10:55:28 \| 000,161,112 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 \| 000,113,496 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 \| 000,416,600 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/08/23 10:38:24 \| 000,574,840 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012/04/06 01:21:39 \| 000,985,088 \| ---- \| M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012/04/03 17:06:14 \| 000,565,640 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll MOD - [2011/11/01 23:26:32 \| 000,087,912 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 \| 001,242,472 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/19 20:34:22 \| 000,056,224 \| ---- \| M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll MOD - [2009/08/20 12:35:48 \| 007,745,536 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/08/20 12:35:46 \| 002,121,728 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/08/20 12:35:46 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/06/03 20:59:14 \| 000,013,096 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 \| 000,619,816 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/12/03 14:05:26 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/26 10:56:02 \| 000,057,344 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0) SRV - File not found [Auto \| Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/09/21 08:45:13 \| 000,257,416 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) [Auto \| Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (WDICA) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\uupimudt.sys -- (uupimudt) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDCOMP) DRV - File not found [Kernel \| System \| Stopped] -- -- (PCIDump) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\lmzrxvqd.sys -- (lmzrxvqd) DRV - File not found [Kernel \| System \| Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\kjszbvlm.sys -- (kjszbvlm) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\jhootmkw.sys -- (jhootmkw) DRV - File not found [Kernel \| System \| Stopped] -- -- (i2omgmt) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\hdkuvrkw.sys -- (hdkuvrkw) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\dxjfjdav.sys -- (dxjfjdav) DRV - File not found [Kernel \| System \| Stopped] -- -- (Changer) DRV - [2013/09/22 12:36:52 \| 000,048,728 \| ---- \| M] (MalwareBytes) [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2013/04/04 14:50:32 \| 000,022,856 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/04/28 07:44:02 \| 000,054,760 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2010/01/29 01:04:28 \| 002,074,480 \| ---- \| M] (Microsoft Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000) DRV - [2008/04/14 06:00:00 \| 000,088,320 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 06:00:00 \| 000,063,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 06:00:00 \| 000,055,936 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2007/06/06 12:51:04 \| 000,161,792 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E C9 C0 F4 B6 39 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{2B13BBF1-312A-4365-B80F-53DD098E0A9A}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA457 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1275;https=127.0.0.1:1275; [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@ei.DailyFitnessCenter_53.com/Plugin: C:\Program Files\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISB.dll (Daily Fitness Center) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2012/12/07 00:30:57 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Extensions [2013/09/21 18:00:33 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions [2013/09/10 14:00:10 \| 000,004,229 \| ---- \| M] () (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions\{ab728073-1a39-11e3-8277-b8ac6f996f26}.xpi [2013/08/17 01:44:34 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/08/17 01:44:49 \| 000,000,000 \| ---D \| M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAIN USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\00UBWAZ9.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.1.0.2210\ O1 HOSTS File: ([2008/04/14 06:00:00 \| 000,000,734 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation ) O4 - HKCU..\Run: [EPSON NX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Main User\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D666106F-B683-4422-8F03-0E9FE1A2102A}: DhcpNameServer = 172.16.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/28 10:11:02 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/09/22 13:22:14 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERUNT [2013/09/22 13:21:39 \| 001,030,038 \| ---- \| C] (Thisisu) -- C:\Documents and Settings\Main User\Desktop\JRT.exe [2013/09/22 13:16:01 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard [2013/09/22 12:37:57 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) [2013/09/22 12:36:51 \| 000,048,728 \| ---- \| C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/09/22 12:36:36 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\mbar [2013/09/22 12:22:44 \| 000,000,000 \| ---D \| C] -- C:\Avenger [2013/09/21 17:30:54 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2013/09/21 17:29:17 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/09/21 17:28:54 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013/09/21 17:28:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/09/21 15:37:57 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2013/09/21 13:44:59 \| 000,000,000 \| ---D \| C] -- C:\AdwCleaner [2013/09/21 13:19:34 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2013/09/21 09:06:25 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\Cleanup [2013/09/21 07:42:24 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Application Data\Malwarebytes [2013/09/21 07:42:19 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/09/21 07:42:18 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/09/21 07:42:17 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/09/21 07:42:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/09/21 07:29:29 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\CSC [2013/09/10 13:02:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro [2013/09/10 10:56:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/09/22 14:42:00 \| 000,000,830 \| ---- \| M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/09/22 14:24:01 \| 000,001,014 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003UA.job [2013/09/22 13:24:44 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2013/09/22 13:24:21 \| 000,000,644 \| ---- \| M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013/09/22 13:23:48 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2013/09/22 13:21:45 \| 001,030,038 \| ---- \| M] (Thisisu) -- C:\Documents and Settings\Main User\Desktop\JRT.exe [2013/09/22 13:17:56 \| 000,001,945 \| ---- \| M] () -- C:\WINDOWS\epplauncher.mif [2013/09/22 13:16:02 \| 000,000,694 \| ---- \| M] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job [2013/09/22 12:36:52 \| 000,048,728 \| ---- \| M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/09/22 11:37:39 \| 000,000,430 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7B09058B-9D4E-4995-98D2-4BA13ABAB3DF}.job [2013/09/21 17:31:07 \| 000,000,616 \| ---- \| M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/09/21 17:31:07 \| 000,000,446 \| ---- \| M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013/09/21 17:24:00 \| 000,000,992 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003Core.job [2013/09/21 17:11:13 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/09/21 13:20:54 \| 000,000,211 \| -HS- \| M] () -- C:\boot.ini [2013/09/21 13:16:46 \| 000,503,082 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2013/09/21 13:16:46 \| 000,087,182 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2013/09/21 13:15:51 \| 000,004,566 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2013/09/21 08:44:50 \| 000,692,616 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/09/21 08:44:49 \| 000,071,048 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/09/20 01:14:00 \| 000,000,418 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| M] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/08 16:48:09 \| 000,015,717 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\jackies resume.odt [2013/09/06 22:51:51 \| 000,100,900 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/09/01 01:01:01 \| 000,013,332 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/08/31 15:25:28 \| 000,001,255 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\BARRED.rtf [2013/08/27 15:23:09 \| 000,014,656 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER + WINE STORE.ods [2013/08/27 15:11:03 \| 000,013,385 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER +WINE STORE P2.ods [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/09/22 13:16:02 \| 000,000,694 \| ---- \| C] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job [2013/09/21 17:31:03 \| 000,000,446 \| ---- \| C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013/09/21 17:31:01 \| 000,000,616 \| ---- \| C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/09/21 17:30:59 \| 000,000,644 \| ---- \| C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013/09/21 17:29:26 \| 000,001,842 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| C] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/06 22:51:50 \| 000,100,900 \| ---- \| C] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/08/31 23:54:20 \| 000,013,332 \| ---- \| C] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/06/29 19:54:12 \| 000,003,715 \| ---- \| C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013/05/16 14:23:21 \| 000,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2012/04/27 03:02:35 \| 000,026,168 \| -H-- \| C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/04/25 10:16:24 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\HPPLVS.dll [2012/02/16 08:04:57 \| 000,003,072 \| ---- \| C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/16 06:02:32 \| 000,001,043 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml [2011/11/12 23:01:12 \| 000,008,192 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/12 11:03:39 \| 000,000,337 \| ---- \| C] () -- C:\WINDOWS\lgfwup.ini [2011/11/11 03:21:56 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\EEventManager.INI [2011/11/10 08:33:59 \| 000,073,220 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/10 08:33:59 \| 000,031,053 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/10 08:33:59 \| 000,029,114 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/10 08:33:59 \| 000,027,417 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/10 08:33:59 \| 000,021,021 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/10 08:33:59 \| 000,015,670 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/10 08:33:59 \| 000,013,280 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/10 08:33:59 \| 000,010,673 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/10 08:33:59 \| 000,004,943 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/10 08:33:59 \| 000,001,137 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/10 08:33:59 \| 000,001,104 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/10 08:33:59 \| 000,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/11/10 08:28:16 \| 000,000,044 \| ---- \| C] () -- C:\WINDOWS\EPNX210.ini [2011/07/06 13:46:16 \| 000,017,408 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\WebpageIcons.db [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/04/28 11:33:16 \| 000,000,227 \| RHS- \| M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 07:51:57 \| 001,510,400 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 \| 000,473,600 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 \| 000,273,920 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/09/10 11:05:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/01 16:07:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\1D128 [2012/01/25 11:33:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\27EA [2013/09/21 16:11:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/22 12:24:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/01/16 07:01:43 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/11/10 08:35:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/09/22 12:15:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/02/01 01:11:48 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MGS [2012/10/24 08:07:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC [2012/11/01 08:57:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Temp [2012/01/18 16:38:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/01/16 06:53:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{DDDBACA1-459C-43AE-9BD3-116CB222273D} [2012/09/20 01:07:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\DVDVideoSoft [2011/11/11 03:14:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Epson [2011/11/10 08:36:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Leadertech [2011/11/07 19:46:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\MSNInstaller [2012/04/06 13:36:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\OpenOffice.org [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\PC Cleaner [2012/11/01 09:00:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Pogo Games [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\RegistryKeys [2012/09/19 16:41:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\wincorebsband [2011/04/28 11:36:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Desktop Search [2011/12/05 19:45:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Search [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1
	hey mods · actions · 2013-Sep-22 5:34 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 edit	TheJoker VIP,MVM reply to ez2cy quote: Ran junkware, hooked internet up. Connected, but won't let me connect to anything. Ran Diagnostics, says cannot connect using HTTP, HTTPS, or FTP. Check firewall setting for the HTTP port (80) HTTPS port (443) and the FTP port (21). Have you rebooted the system since running Junkware Removal Tool? Are you still unable to connect with this system? It doesn't look like OTL deleted anything, let's try again. Rerun OTL - Copy the text in the quote box below to the clipboard by highlighting all the text inside the box and pressing CTRL + C (or, after highlighting, right-click and choose Copy): quote: [2013/09/10 13:02:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro [2013/09/10 10:56:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/10 10:55:52 \| 000,331,776 \| ---- \| C] (Technology Inc.) -- C:\Documents and Settings\Main User\Application Data\apofpr.dll [2013/09/10 10:55:45 \| 000,573,440 \| ---- \| C] (Technology,Inc) -- C:\Documents and Settings\Main User\Application Data\wdmas.dll [2013/09/20 01:14:00 \| 000,000,418 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1 - Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. - Click the red Run Fix button. - A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. - Close OTL.exe Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: »www.bleepingcomputer.com/combofi···combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled. Please post the logs from OTL and ComboFix, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-22 8:51 pm ·
ez2cy join:2008-03-05	ez2cy ok...problem. Can not connect to internet. It says I am, but I can't get to any site. Therefor, I cannot copy and paste your quote into OTL. It won't let me copy and paste it onto a flash drive so I can go back and forth with it. Does not make sense to me as I can copy and paste it here. example; [2013/09/10 13:02:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro [2013/09/10 10:56:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/10 10:55:52 \| 000,331,776 \| ---- \| C] (Technology Inc.) -- C:\Documents and Settings\Main User\Application Data\apofpr.dll [2013/09/10 10:55:45 \| 000,573,440 \| ---- \| C] (Technology,Inc) -- C:\Documents and Settings\Main User\Application Data\wdmas.dll [2013/09/20 01:14:00 \| 000,000,418 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1 I know I'll get the "is your computer plugged into the modem etc." So...I have a monitor icon in the lower bottom right, flashes. Click on it, says "Local area Connection 2 Status. Connected speed 100.0 Mbps Then, how much has sent and how much received. But....can not get Google.....this site ...or any others I try. When I try the "diagnose problem, I get what I posted above about the ports.. Almost impossible to do this now without internet access. Going from one computer to another. Post Last OTL scan in a moment.
	hey mods · actions · 2013-Sep-22 10:04 pm ·
ez2cy join:2008-03-05	ez2cy OTL logfile created on: 9/22/2013 7:57:41 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Main User\Desktop\Cleanup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1013.54 Mb Total Physical Memory \| 448.96 Mb Available Physical Memory \| 44.30% Memory free 2.38 Gb Paging File \| 1.92 Gb Available in Paging File \| 80.59% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 149.04 Gb Total Space \| 126.80 Gb Free Space \| 85.08% Space Free \| Partition Type: NTFS Computer Name: MAIN-3C119DCCFC \| User Name: Main User \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/09/21 14:39:18 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Main User\Desktop\Cleanup\OTL.exe PRC - [2013/07/25 11:19:26 \| 005,624,784 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/05/16 10:56:34 \| 001,033,688 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 \| 001,817,560 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/18 08:02:58 \| 000,871,536 \| ---- \| M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe PRC - [2011/01/17 18:37:40 \| 011,322,880 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 \| 011,314,688 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/06/29 15:15:18 \| 000,073,728 \| ---- \| M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2010/01/29 01:04:26 \| 000,764,784 \| ---- \| M] (Microsoft Corporation ) -- C:\WINDOWS\vVX6000.exe PRC - [2009/06/03 20:59:02 \| 000,103,720 \| ---- \| M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 23:52:06 \| 000,091,432 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/12/04 13:24:30 \| 000,665,424 \| ---- \| M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008/04/14 06:00:00 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/05/16 10:55:28 \| 000,161,112 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 \| 000,113,496 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 \| 000,416,600 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/08/23 10:38:24 \| 000,574,840 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012/04/06 01:21:39 \| 000,985,088 \| ---- \| M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012/04/03 17:06:14 \| 000,565,640 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll MOD - [2011/11/01 23:26:32 \| 000,087,912 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 \| 001,242,472 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/19 20:34:22 \| 000,056,224 \| ---- \| M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll MOD - [2009/08/20 12:35:48 \| 007,745,536 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/08/20 12:35:46 \| 002,121,728 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/08/20 12:35:46 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/06/03 20:59:14 \| 000,013,096 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 \| 000,619,816 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/12/03 14:05:26 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/26 10:56:02 \| 000,057,344 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0) SRV - File not found [Auto \| Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/09/21 08:45:13 \| 000,257,416 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) [Auto \| Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (WDICA) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\uupimudt.sys -- (uupimudt) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDCOMP) DRV - File not found [Kernel \| System \| Stopped] -- -- (PCIDump) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\lmzrxvqd.sys -- (lmzrxvqd) DRV - File not found [Kernel \| System \| Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\kjszbvlm.sys -- (kjszbvlm) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\jhootmkw.sys -- (jhootmkw) DRV - File not found [Kernel \| System \| Stopped] -- -- (i2omgmt) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\hdkuvrkw.sys -- (hdkuvrkw) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\dxjfjdav.sys -- (dxjfjdav) DRV - File not found [Kernel \| System \| Stopped] -- -- (Changer) DRV - [2013/09/22 12:36:52 \| 000,048,728 \| ---- \| M] (MalwareBytes) [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2013/04/04 14:50:32 \| 000,022,856 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/04/28 07:44:02 \| 000,054,760 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2010/01/29 01:04:28 \| 002,074,480 \| ---- \| M] (Microsoft Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000) DRV - [2008/04/14 06:00:00 \| 000,088,320 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 06:00:00 \| 000,063,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 06:00:00 \| 000,055,936 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2007/06/06 12:51:04 \| 000,161,792 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E C9 C0 F4 B6 39 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{2B13BBF1-312A-4365-B80F-53DD098E0A9A}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA457 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1275;https=127.0.0.1:1275 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@ei.DailyFitnessCenter_53.com/Plugin: C:\Program Files\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISB.dll (Daily Fitness Center) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2012/12/07 00:30:57 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Extensions [2013/09/21 18:00:33 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions [2013/09/10 14:00:10 \| 000,004,229 \| ---- \| M] () (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions\{ab728073-1a39-11e3-8277-b8ac6f996f26}.xpi [2013/08/17 01:44:34 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/08/17 01:44:49 \| 000,000,000 \| ---D \| M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAIN USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\00UBWAZ9.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.1.0.2210\ O1 HOSTS File: ([2008/04/14 06:00:00 \| 000,000,734 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation ) O4 - HKCU..\Run: [EPSON NX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Main User\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D666106F-B683-4422-8F03-0E9FE1A2102A}: DhcpNameServer = 172.16.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/28 10:11:02 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/09/22 13:22:14 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERUNT [2013/09/22 13:21:39 \| 001,030,038 \| ---- \| C] (Thisisu) -- C:\Documents and Settings\Main User\Desktop\JRT.exe [2013/09/22 13:16:01 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard [2013/09/22 12:37:57 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) [2013/09/22 12:36:51 \| 000,048,728 \| ---- \| C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/09/22 12:36:36 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\mbar [2013/09/22 12:22:44 \| 000,000,000 \| ---D \| C] -- C:\Avenger [2013/09/21 17:30:54 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2013/09/21 17:29:17 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/09/21 17:28:54 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013/09/21 17:28:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/09/21 15:37:57 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2013/09/21 13:44:59 \| 000,000,000 \| ---D \| C] -- C:\AdwCleaner [2013/09/21 13:19:34 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2013/09/21 09:06:25 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\Cleanup [2013/09/21 07:42:24 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Application Data\Malwarebytes [2013/09/21 07:42:19 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/09/21 07:42:18 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/09/21 07:42:17 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/09/21 07:42:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/09/21 07:29:29 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\CSC [2013/09/10 13:02:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro [2013/09/10 10:56:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/09/22 19:49:23 \| 000,000,430 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7B09058B-9D4E-4995-98D2-4BA13ABAB3DF}.job [2013/09/22 19:42:16 \| 000,000,830 \| ---- \| M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/09/22 19:36:27 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2013/09/22 19:36:05 \| 000,000,644 \| ---- \| M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013/09/22 19:35:29 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2013/09/22 17:24:02 \| 000,001,014 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003UA.job [2013/09/22 17:24:00 \| 000,000,992 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003Core.job [2013/09/22 13:21:45 \| 001,030,038 \| ---- \| M] (Thisisu) -- C:\Documents and Settings\Main User\Desktop\JRT.exe [2013/09/22 13:17:56 \| 000,001,945 \| ---- \| M] () -- C:\WINDOWS\epplauncher.mif [2013/09/22 13:16:02 \| 000,000,694 \| ---- \| M] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job [2013/09/22 12:36:52 \| 000,048,728 \| ---- \| M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/09/21 17:31:07 \| 000,000,616 \| ---- \| M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/09/21 17:31:07 \| 000,000,446 \| ---- \| M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013/09/21 17:11:13 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/09/21 13:20:54 \| 000,000,211 \| -HS- \| M] () -- C:\boot.ini [2013/09/21 13:16:46 \| 000,503,082 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2013/09/21 13:16:46 \| 000,087,182 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2013/09/21 13:15:51 \| 000,004,566 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2013/09/21 08:44:50 \| 000,692,616 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/09/21 08:44:49 \| 000,071,048 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/09/20 01:14:00 \| 000,000,418 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| M] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/08 16:48:09 \| 000,015,717 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\jackies resume.odt [2013/09/06 22:51:51 \| 000,100,900 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/09/01 01:01:01 \| 000,013,332 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/08/31 15:25:28 \| 000,001,255 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\BARRED.rtf [2013/08/27 15:23:09 \| 000,014,656 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER + WINE STORE.ods [2013/08/27 15:11:03 \| 000,013,385 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER +WINE STORE P2.ods [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/09/22 13:16:02 \| 000,000,694 \| ---- \| C] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job [2013/09/21 17:31:03 \| 000,000,446 \| ---- \| C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013/09/21 17:31:01 \| 000,000,616 \| ---- \| C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/09/21 17:30:59 \| 000,000,644 \| ---- \| C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013/09/21 17:29:26 \| 000,001,842 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| C] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/06 22:51:50 \| 000,100,900 \| ---- \| C] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/08/31 23:54:20 \| 000,013,332 \| ---- \| C] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/06/29 19:54:12 \| 000,003,715 \| ---- \| C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013/05/16 14:23:21 \| 000,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2012/04/27 03:02:35 \| 000,026,168 \| -H-- \| C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/04/25 10:16:24 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\HPPLVS.dll [2012/02/16 08:04:57 \| 000,003,072 \| ---- \| C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/16 06:02:32 \| 000,001,043 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml [2011/11/12 23:01:12 \| 000,008,192 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/12 11:03:39 \| 000,000,337 \| ---- \| C] () -- C:\WINDOWS\lgfwup.ini [2011/11/11 03:21:56 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\EEventManager.INI [2011/11/10 08:33:59 \| 000,073,220 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/10 08:33:59 \| 000,031,053 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/10 08:33:59 \| 000,029,114 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/10 08:33:59 \| 000,027,417 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/10 08:33:59 \| 000,021,021 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/10 08:33:59 \| 000,015,670 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/10 08:33:59 \| 000,013,280 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/10 08:33:59 \| 000,010,673 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/10 08:33:59 \| 000,004,943 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/10 08:33:59 \| 000,001,137 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/10 08:33:59 \| 000,001,104 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/10 08:33:59 \| 000,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/11/10 08:28:16 \| 000,000,044 \| ---- \| C] () -- C:\WINDOWS\EPNX210.ini [2011/07/06 13:46:16 \| 000,017,408 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\WebpageIcons.db [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/04/28 11:33:16 \| 000,000,227 \| RHS- \| M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 07:51:57 \| 001,510,400 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 \| 000,473,600 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 \| 000,273,920 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/09/10 11:05:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/01 16:07:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\1D128 [2012/01/25 11:33:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\27EA [2013/09/21 16:11:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/22 12:24:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/01/16 07:01:43 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/11/10 08:35:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/09/22 12:15:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/02/01 01:11:48 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MGS [2012/10/24 08:07:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC [2012/11/01 08:57:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Temp [2012/01/18 16:38:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/01/16 06:53:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{DDDBACA1-459C-43AE-9BD3-116CB222273D} [2012/09/20 01:07:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\DVDVideoSoft [2011/11/11 03:14:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Epson [2011/11/10 08:36:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Leadertech [2011/11/07 19:46:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\MSNInstaller [2012/04/06 13:36:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\OpenOffice.org [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\PC Cleaner [2012/11/01 09:00:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Pogo Games [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\RegistryKeys [2012/09/19 16:41:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\wincorebsband [2011/04/28 11:36:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Desktop Search [2011/12/05 19:45:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Search [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1
	hey mods · actions · 2013-Sep-22 10:07 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM reply to ez2cy Go to start > run and type cmd A cmd (DOS) Window will appear. Now type the following in the cmd window: netsh winsock reset catalog Hit enter. Reboot your computer Is your Internet connection back? -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-23 12:16 am ·
ez2cy join:2008-03-05	ez2cy No, same. Connected to internet but will not display any webpages. Ran diagnose Connection problem again, got same message.
	hey mods · actions · 2013-Sep-23 6:27 am ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5	TheJoker VIP,MVM reply to ez2cy Since you are connected, what browser are you using where you are not displaying webpages? If Firefox, does Internet Explorer work? -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-23 11:44 am ·
ez2cy join:2008-03-05 1 edit	ez2cy Using IE, it does not have Firefox on it. Problem came after we did the scan where I unhooked the internet and re hooked after the scan. Which, I'm sure you know. I'll download Firefox via this computer (mine) onto a flash drive and try it on her tower.
	hey mods · actions · 2013-Sep-23 8:02 pm ·
ez2cy join:2008-03-05	ez2cy Firefox works on the tower I'll log off here, log on it and do the scan's you asked for.
	hey mods · actions · 2013-Sep-23 8:29 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM Don't run or install anything else at this point. Please go to Start > Control Panel > Add or Remove Programs, and uninstall Firefox (the below procedure will wipe out registry entries related to that install). You can reinstall it later. Next, do you see the folder C:\Windows\ERUNT\JRT There should be a file in there called ERDNT.EXE. Double-click the ERDNT.EXE file to restore your registry to the state it was in when you ran Junkware Removal Tool. Reboot your system. Does Internet Explorer now work properly. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-23 8:58 pm ·
ez2cy join:2008-03-05	ez2cy Damn...I just ran the combofix and the OTL (didn't work though) I'll do what you just said.
	hey mods · actions · 2013-Sep-23 9:16 pm ·
ez2cy join:2008-03-05	ez2cy Nope...same thing . Even when I do the diagnostic, get the same message as before. I think she'd be ok with Firefox though. Not sure if this is a big deal or not.
	hey mods · actions · 2013-Sep-23 9:29 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5	TheJoker VIP,MVM reply to ez2cy Do you have the logs from ComboFix and OTL to post?
	hey mods · actions · 2013-Sep-23 9:47 pm ·
ez2cy join:2008-03-05	ez2cy Yes..I'll have to re install firefox on it
	hey mods · actions · 2013-Sep-23 10:04 pm ·
ez2cy join:2008-03-05	ez2cy reply to TheJoker OTL logfile created on: 9/22/2013 7:57:41 PM - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Main User\Desktop\Cleanup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1013.54 Mb Total Physical Memory \| 448.96 Mb Available Physical Memory \| 44.30% Memory free 2.38 Gb Paging File \| 1.92 Gb Available in Paging File \| 80.59% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 149.04 Gb Total Space \| 126.80 Gb Free Space \| 85.08% Space Free \| Partition Type: NTFS Computer Name: MAIN-3C119DCCFC \| User Name: Main User \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/09/21 14:39:18 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Main User\Desktop\Cleanup\OTL.exe PRC - [2013/07/25 11:19:26 \| 005,624,784 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/05/16 10:56:34 \| 001,033,688 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013/05/16 10:56:30 \| 001,817,560 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/18 08:02:58 \| 000,871,536 \| ---- \| M] (BitLeader) -- C:\Program Files\lg_fwupdate\fwupdate.exe PRC - [2011/01/17 18:37:40 \| 011,322,880 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:37:40 \| 011,314,688 \| ---- \| M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/06/29 15:15:18 \| 000,073,728 \| ---- \| M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE PRC - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe PRC - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe PRC - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe PRC - [2010/01/29 01:04:26 \| 000,764,784 \| ---- \| M] (Microsoft Corporation ) -- C:\WINDOWS\vVX6000.exe PRC - [2009/06/03 20:59:02 \| 000,103,720 \| ---- \| M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009/04/15 23:52:06 \| 000,091,432 \| ---- \| M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe PRC - [2008/12/04 13:24:30 \| 000,665,424 \| ---- \| M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe PRC - [2008/04/14 06:00:00 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/05/16 10:55:28 \| 000,161,112 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013/05/16 10:55:26 \| 000,113,496 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013/05/16 10:55:24 \| 000,416,600 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012/08/23 10:38:24 \| 000,574,840 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll MOD - [2012/04/06 01:21:39 \| 000,985,088 \| ---- \| M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012/04/03 17:06:14 \| 000,565,640 \| ---- \| M] () -- C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll MOD - [2011/11/01 23:26:32 \| 000,087,912 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/01 23:26:12 \| 001,242,472 \| ---- \| M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/19 20:34:22 \| 000,056,224 \| ---- \| M] () -- \\?\C:\Program Files\Spybot - Search & Destroy 2\av\avxdisk.dll MOD - [2009/08/20 12:35:48 \| 007,745,536 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/08/20 12:35:46 \| 002,121,728 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/08/20 12:35:46 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/06/03 20:59:14 \| 000,013,096 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/06/03 20:59:02 \| 000,619,816 \| ---- \| M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2008/12/03 14:05:26 \| 000,135,168 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll MOD - [2008/11/26 10:56:02 \| 000,057,344 \| ---- \| M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0) SRV - File not found [Auto \| Stopped] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/09/21 08:45:13 \| 000,257,416 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/12 21:45:17 \| 000,182,184 \| ---- \| M] (Oracle Corporation) [Auto \| Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010/04/08 16:46:20 \| 000,154,152 \| ---- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts) SRV - [2010/04/08 16:46:18 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps) SRV - [2010/04/08 16:46:12 \| 000,117,288 \| R--- \| M] (Authentium, Inc) [Auto \| Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (WDICA) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\uupimudt.sys -- (uupimudt) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDCOMP) DRV - File not found [Kernel \| System \| Stopped] -- -- (PCIDump) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\lmzrxvqd.sys -- (lmzrxvqd) DRV - File not found [Kernel \| System \| Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\kjszbvlm.sys -- (kjszbvlm) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\jhootmkw.sys -- (jhootmkw) DRV - File not found [Kernel \| System \| Stopped] -- -- (i2omgmt) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\hdkuvrkw.sys -- (hdkuvrkw) DRV - File not found [Kernel \| System \| Stopped] -- C:\WINDOWS\system32\drivers\dxjfjdav.sys -- (dxjfjdav) DRV - File not found [Kernel \| System \| Stopped] -- -- (Changer) DRV - [2013/09/22 12:36:52 \| 000,048,728 \| ---- \| M] (MalwareBytes) [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon) DRV - [2013/04/04 14:50:32 \| 000,022,856 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/04/28 07:44:02 \| 000,054,760 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2010/01/29 01:04:28 \| 002,074,480 \| ---- \| M] (Microsoft Corporation ) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000) DRV - [2008/04/14 06:00:00 \| 000,088,320 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 06:00:00 \| 000,063,232 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 06:00:00 \| 000,055,936 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2007/06/06 12:51:04 \| 000,161,792 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?lang=en-ca IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.bing.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E C9 C0 F4 B6 39 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{2B13BBF1-312A-4365-B80F-53DD098E0A9A}: "URL" = http://www.google.ca/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enCA457 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1275;https=127.0.0.1:1275 [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF - HKLM\Software\MozillaPlugins\@ei.DailyFitnessCenter_53.com/Plugin: C:\Program Files\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISB.dll (Daily Fitness Center) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) [2012/12/07 00:30:57 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Extensions [2013/09/21 18:00:33 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions [2013/09/10 14:00:10 \| 000,004,229 \| ---- \| M] () (No name found) -- C:\Documents and Settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions\{ab728073-1a39-11e3-8277-b8ac6f996f26}.xpi [2013/08/17 01:44:34 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/08/17 01:44:49 \| 000,000,000 \| ---D \| M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MAIN USER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\00UBWAZ9.DEFAULT\EXTENSIONS\APPBAR@ALOT.COM [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Documents and Settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.1.0.2210\ O1 HOSTS File: ([2008/04/14 06:00:00 \| 000,000,734 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\lgfw.exe (Bitleader) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation ) O4 - HKCU..\Run: [EPSON NX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [Facebook Update] C:\Documents and Settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found O4 - Startup: C:\Documents and Settings\Main User\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Main User\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D666106F-B683-4422-8F03-0E9FE1A2102A}: DhcpNameServer = 172.16.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Main User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/04/28 10:11:02 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/09/22 13:22:14 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\ERUNT [2013/09/22 13:21:39 \| 001,030,038 \| ---- \| C] (Thisisu) -- C:\Documents and Settings\Main User\Desktop\JRT.exe [2013/09/22 13:16:01 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard [2013/09/22 12:37:57 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) [2013/09/22 12:36:51 \| 000,048,728 \| ---- \| C] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/09/22 12:36:36 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\mbar [2013/09/22 12:22:44 \| 000,000,000 \| ---D \| C] -- C:\Avenger [2013/09/21 17:30:54 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2013/09/21 17:29:17 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/09/21 17:28:54 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe [2013/09/21 17:28:21 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/09/21 15:37:57 \| 000,000,000 \| ---D \| C] -- C:\Program Files\ESET [2013/09/21 13:44:59 \| 000,000,000 \| ---D \| C] -- C:\AdwCleaner [2013/09/21 13:19:34 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\pss [2013/09/21 09:06:25 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Desktop\Cleanup [2013/09/21 07:42:24 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Application Data\Malwarebytes [2013/09/21 07:42:19 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/09/21 07:42:18 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/09/21 07:42:17 \| 000,022,856 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/09/21 07:42:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/09/21 07:29:29 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\CSC [2013/09/10 13:02:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro [2013/09/10 10:56:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/09/22 19:49:23 \| 000,000,430 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7B09058B-9D4E-4995-98D2-4BA13ABAB3DF}.job [2013/09/22 19:42:16 \| 000,000,830 \| ---- \| M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/09/22 19:36:27 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2013/09/22 19:36:05 \| 000,000,644 \| ---- \| M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013/09/22 19:35:29 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2013/09/22 17:24:02 \| 000,001,014 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003UA.job [2013/09/22 17:24:00 \| 000,000,992 \| ---- \| M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003Core.job [2013/09/22 13:21:45 \| 001,030,038 \| ---- \| M] (Thisisu) -- C:\Documents and Settings\Main User\Desktop\JRT.exe [2013/09/22 13:17:56 \| 000,001,945 \| ---- \| M] () -- C:\WINDOWS\epplauncher.mif [2013/09/22 13:16:02 \| 000,000,694 \| ---- \| M] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job [2013/09/22 12:36:52 \| 000,048,728 \| ---- \| M] (MalwareBytes) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013/09/21 17:31:07 \| 000,000,616 \| ---- \| M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/09/21 17:31:07 \| 000,000,446 \| ---- \| M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013/09/21 17:11:13 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/09/21 13:20:54 \| 000,000,211 \| -HS- \| M] () -- C:\boot.ini [2013/09/21 13:16:46 \| 000,503,082 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2013/09/21 13:16:46 \| 000,087,182 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2013/09/21 13:15:51 \| 000,004,566 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2013/09/21 08:44:50 \| 000,692,616 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/09/21 08:44:49 \| 000,071,048 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/09/20 01:14:00 \| 000,000,418 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| M] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/08 16:48:09 \| 000,015,717 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\jackies resume.odt [2013/09/06 22:51:51 \| 000,100,900 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/09/01 01:01:01 \| 000,013,332 \| ---- \| M] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/08/31 15:25:28 \| 000,001,255 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\BARRED.rtf [2013/08/27 15:23:09 \| 000,014,656 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER + WINE STORE.ods [2013/08/27 15:11:03 \| 000,013,385 \| ---- \| M] () -- C:\Documents and Settings\Main User\My Documents\NEW PRICES AND BOOK BEER +WINE STORE P2.ods [1 C:\Documents and Settings\Main User\Desktop\.tmp files -> C:\Documents and Settings\Main User\Desktop\.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/09/22 13:16:02 \| 000,000,694 \| ---- \| C] () -- C:\WINDOWS\tasks\BrowserSafeguard Update Task.job [2013/09/21 17:31:03 \| 000,000,446 \| ---- \| C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job [2013/09/21 17:31:01 \| 000,000,616 \| ---- \| C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/09/21 17:30:59 \| 000,000,644 \| ---- \| C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013/09/21 17:29:26 \| 000,001,842 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/09/10 10:57:14 \| 000,000,000 \| ---- \| C] () -- C:\Documents and Settings\Main User\Application Data\SharedSettings.ccs [2013/09/06 22:51:50 \| 000,100,900 \| ---- \| C] () -- C:\Documents and Settings\Main User\My Documents\sask_order_form.pdf [2013/08/31 23:54:20 \| 000,013,332 \| ---- \| C] () -- C:\Documents and Settings\Main User\Desktop\Order form.ods [2013/06/29 19:54:12 \| 000,003,715 \| ---- \| C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml [2013/05/16 14:23:21 \| 000,000,754 \| ---- \| C] () -- C:\WINDOWS\WORDPAD.INI [2012/04/27 03:02:35 \| 000,026,168 \| -H-- \| C] () -- C:\WINDOWS\System32\mlfcache.dat [2012/04/25 10:16:24 \| 000,065,536 \| ---- \| C] () -- C:\WINDOWS\System32\HPPLVS.dll [2012/02/16 08:04:57 \| 000,003,072 \| ---- \| C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/16 06:02:32 \| 000,001,043 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\repository.xml [2011/11/12 23:01:12 \| 000,008,192 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/12 11:03:39 \| 000,000,337 \| ---- \| C] () -- C:\WINDOWS\lgfwup.ini [2011/11/11 03:21:56 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\EEventManager.INI [2011/11/10 08:33:59 \| 000,073,220 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011/11/10 08:33:59 \| 000,031,053 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011/11/10 08:33:59 \| 000,029,114 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011/11/10 08:33:59 \| 000,027,417 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011/11/10 08:33:59 \| 000,021,021 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011/11/10 08:33:59 \| 000,015,670 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011/11/10 08:33:59 \| 000,013,280 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011/11/10 08:33:59 \| 000,010,673 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011/11/10 08:33:59 \| 000,004,943 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011/11/10 08:33:59 \| 000,001,140 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011/11/10 08:33:59 \| 000,001,137 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011/11/10 08:33:59 \| 000,001,130 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011/11/10 08:33:59 \| 000,001,104 \| ---- \| C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011/11/10 08:33:59 \| 000,000,097 \| ---- \| C] () -- C:\WINDOWS\System32\PICSDK.ini [2011/11/10 08:28:16 \| 000,000,044 \| ---- \| C] () -- C:\WINDOWS\EPNX210.ini [2011/07/06 13:46:16 \| 000,017,408 \| ---- \| C] () -- C:\Documents and Settings\Main User\Local Settings\Application Data\WebpageIcons.db [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/04/28 11:33:16 \| 000,000,227 \| RHS- \| M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 07:51:57 \| 001,510,400 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 \| 000,473,600 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 \| 000,273,920 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/09/10 11:05:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/09/01 16:07:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\1D128 [2012/01/25 11:33:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\27EA [2013/09/21 16:11:14 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\3XVrn37a [2013/09/22 12:24:46 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2012/01/16 07:01:43 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/11/10 08:35:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/09/22 12:15:00 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/02/01 01:11:48 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MGS [2012/10/24 08:07:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PogoDGC [2012/11/01 08:57:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Temp [2012/01/18 16:38:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2012/01/16 06:53:58 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{DDDBACA1-459C-43AE-9BD3-116CB222273D} [2012/09/20 01:07:32 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\DVDVideoSoft [2011/11/11 03:14:34 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Epson [2011/11/10 08:36:44 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Leadertech [2011/11/07 19:46:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\MSNInstaller [2012/04/06 13:36:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\OpenOffice.org [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\PC Cleaner [2012/11/01 09:00:08 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Pogo Games [2012/12/10 10:48:35 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\RegistryKeys [2012/09/19 16:41:13 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\wincorebsband [2011/04/28 11:36:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Desktop Search [2011/12/05 19:45:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Main User\Application Data\Windows Search [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:B3D2CFF1 ComboFix 13-09-23.02 - Main User 09/23/2013 18:49:00.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.419 [GMT -6:00] Running from: c:\documents and settings\Main User\My Documents\Downloads\ComboFix.exe AV: AVG Internet Security 2012 Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2012 Enabled {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe c:\documents and settings\Main User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences c:\program files\DailyFitnessCenter_53EI c:\program files\DailyFitnessCenter_53EI\Installr\1.bin\53EIPlug.dll c:\program files\DailyFitnessCenter_53EI\Installr\1.bin\53EZSETP.dll c:\program files\DailyFitnessCenter_53EI\Installr\1.bin\NP53EISb.dll c:\windows\system32\Cache c:\windows\system32\Cache\25cbf5a60a975b9f.fb c:\windows\system32\Cache\26c630d098e22dd5.fb c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28aed2eb06d5faa4.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\413113c8f04cd775.fb c:\windows\system32\Cache\4f10e7f01c68438a.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\64ba5fa7beb4450c.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\683c525315e5f682.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\89deafccfd0a4ee4.fb c:\windows\system32\Cache\95f567698be8a182.fb c:\windows\system32\Cache\9a21e04d5d4defa4.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\b36371dc243b6c61.fb c:\windows\system32\Cache\be7384ee7170267e.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d52468a8871260e6.fb c:\windows\system32\Cache\d58f293d9383e967.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb c:\windows\system32\Cache\e73c332a81897c9c.fb c:\windows\system32\Cache\e9659042829daf25.fb c:\windows\system32\Cache\ee7c4f5cd385be38.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\Cache\fb3439c58298c2e5.fb c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-08-24 to 2013-09-24 ))))))))))))))))))))))))))))))) . . 2013-09-24 00:46 . 2013-09-24 00:46 -------- d-----w- c:\windows\LastGood 2013-09-23 11:13 . 2013-09-23 11:13 -------- d-----w- c:\documents and settings\Main User\Application Data\Product_RM 2013-09-23 11:13 . 2013-09-23 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2013-09-22 19:22 . 2013-09-22 19:22 -------- d-----w- c:\windows\ERUNT 2013-09-22 18:37 . 2013-09-22 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-09-21 23:30 . 2013-09-22 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2013-09-21 21:37 . 2013-09-21 21:37 -------- d-----w- c:\program files\ESET 2013-09-21 19:44 . 2013-09-21 20:32 -------- d-----w- C:\AdwCleaner 2013-09-21 13:42 . 2013-09-21 13:42 -------- d-----w- c:\documents and settings\Main User\Application Data\Malwarebytes 2013-09-21 13:42 . 2013-09-21 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-09-10 16:56 . 2013-09-21 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\3XVrn37a . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-21 14:44 . 2012-09-20 07:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-21 14:44 . 2011-11-08 23:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-07 10:22 . 2011-12-06 23:26 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-03 20:18 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-26 02:47 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-07-26 02:47 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-07-26 02:47 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-07-25 15:52 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "Facebook Update"="c:\documents and settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-30 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-30 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-30 141848] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424] "VX6000"="c:\windows\vVX6000.exe" [2010-01-29 764784] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-18 27760] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\documents and settings\Main User\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableVirtualization"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= . R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 4:46 PM 117288] R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 4:46 PM 117288] R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 4:46 PM 154152] S1 dxjfjdav;dxjfjdav;\??\c:\windows\system32\drivers\dxjfjdav.sys --> c:\windows\system32\drivers\dxjfjdav.sys [?] S1 hdkuvrkw;hdkuvrkw;\??\c:\windows\system32\drivers\hdkuvrkw.sys --> c:\windows\system32\drivers\hdkuvrkw.sys [?] S1 jhootmkw;jhootmkw;\??\c:\windows\system32\drivers\jhootmkw.sys --> c:\windows\system32\drivers\jhootmkw.sys [?] S1 kjszbvlm;kjszbvlm;\??\c:\windows\system32\drivers\kjszbvlm.sys --> c:\windows\system32\drivers\kjszbvlm.sys [?] S1 lmzrxvqd;lmzrxvqd;\??\c:\windows\system32\drivers\lmzrxvqd.sys --> c:\windows\system32\drivers\lmzrxvqd.sys [?] S1 uupimudt;uupimudt;\??\c:\windows\system32\drivers\uupimudt.sys --> c:\windows\system32\drivers\uupimudt.sys [?] S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [?] S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [1/29/2010 1:04 AM 2074480] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 14:45] . 2013-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . 2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003Core.job - c:\documents and settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-01 23:19] . 2013-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003UA.job - c:\documents and settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-01 23:19] . 2013-09-23 c:\windows\Tasks\User_Feed_Synchronization-{7B09058B-9D4E-4995-98D2-4BA13ABAB3DF}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = IE: Free YouTube Download - c:\documents and settings\Main User\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 172.16.1.254 FF - ProfilePath - c:\documents and settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\ FF - ExtSQL: 2013-09-10 13:59; {ab728073-1a39-11e3-8277-b8ac6f996f26}; c:\documents and settings\Main User\Application Data\Mozilla\Firefox\Profiles\00ubwaz9.default\extensions\{ab728073-1a39-11e3-8277-b8ac6f996f26}.xpi . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-!{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) c:\documents and settings\Main User\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe /remind /language=ENU /PRNM="00881" . . . *********************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-23 18:55 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-09-23 18:58:25 ComboFix-quarantined-files.txt 2013-09-24 00:58 . Pre-Run: 135,827,673,088 bytes free Post-Run: 135,830,605,824 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 3FA79C1F648D3F2C52CBFF50285B1FE9 8F558EB6672622401DA993E1E865C861
	hey mods · actions · 2013-Sep-23 10:12 pm ·
ez2cy join:2008-03-05	ez2cy reply to TheJoker I should mention, suppose to disable all the programs it had listed. there is no AVG on the tower, searched for it, but kept showing up it's there; ?????
	hey mods · actions · 2013-Sep-23 10:13 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 recommendation	TheJoker VIP,MVM quote: I should mention, suppose to disable all the programs it had listed. there is no AVG on the tower, searched for it, but kept showing up it's there; ????? There were parts of AVG there, it may have been uninstalled improperly, or the uninstall failed. We'll worry about that later. We need to make sure you have the most recent version of ComboFix. Delete your current copy of ComboFix.exe. Download ComboFix© by sUBs from this link: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Save the file to your Desktop. Close any open browsers. Close your AntiVirus and any anti-spyware programs you may be running. For this next step, please ensure that ComboFix.exe is on your desktop: Please open NotepadDo Not Use Wordpad!(Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below: Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop. quote: Driver:: dxjfjdav hdkuvrkw jhootmkw kjszbvlm lmzrxvqd uupimudt vToolbarUpdater15.5.0 Folder:: C:\Documents and Settings\Main User\Start Menu\Programs\Antivirus Security Pro C:\Documents and Settings\All Users\Application Data\3XVrn37a File:: C:\Documents and Settings\Main User\Application Data\apofpr.dll C:\Documents and Settings\Main User\Application Data\wdmas.dll C:\WINDOWS\tasks\At1.job ADS:: C:\Documents and Settings\All Users\Application Data\Temp Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-24 9:35 pm ·
ez2cy join:2008-03-05	ez2cy Not sure how this will work. Tried downloading Firefox back on the tower and it kept getting interrupted. I had this problem the first time, can't remember what was stopping it. It was something simple like turning off the firewall (wasn't that though) or something. Anyway, downloaded to flash drive, the combofix and the script in notepad and transferred it to the tower, then dragged the script over. Scanning now, got the AVG warning still. Going to work, will post log this evening. Thanks
	hey mods · actions · 2013-Sep-25 7:24 am ·
ez2cy join:2008-03-05	ez2cy reply to ez2cy ComboFix 13-09-24.02 - Main User 09/25/2013 5:19.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.627 [GMT -6:00] Running from: E:\ComboFix.exe Command switches used :: E:\CFScript.txt AV: AVG Internet Security 2012 Enabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2012 Enabled {17DDD097-36FF-435F-9E1B-52D74245D6BF} . FILE :: "c:\documents and settings\Main User\Application Data\apofpr.dll" "c:\documents and settings\Main User\Application Data\wdmas.dll" "c:\windows\tasks\At1.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\3XVrn37a c:\documents and settings\All Users\Application Data\3XVrn37a\3XVrn37a.exe.manifest c:\documents and settings\All Users\Application Data\3XVrn37a\3XVrn37a.ico c:\documents and settings\All Users\Application Data\3XVrn37a\3XVrn37aaaxDg9vs.in c:\documents and settings\All Users\Application Data\3XVrn37a\3XVrn37aaaxDg9vs.lg c:\documents and settings\All Users\Application Data\3XVrn37a\DD1 c:\documents and settings\All Users\Application Data\3XVrn37a\DD2 c:\documents and settings\All Users\Application Data\3XVrn37a\DD3 c:\documents and settings\All Users\Application Data\3XVrn37a\DD4 . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache\services.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_VTOOLBARUPDATER15.5.0 -------\Service_dxjfjdav -------\Service_hdkuvrkw -------\Service_jhootmkw -------\Service_kjszbvlm -------\Service_lmzrxvqd -------\Service_uupimudt -------\Service_vToolbarUpdater15.5.0 . . ((((((((((((((((((((((((( Files Created from 2013-08-25 to 2013-09-25 ))))))))))))))))))))))))))))))) . . 2013-09-24 01:14 . 2013-09-24 01:14 -------- d-----w- C:\_OTL 2013-09-23 11:13 . 2013-09-23 11:13 -------- d-----w- c:\documents and settings\Main User\Application Data\Product_RM 2013-09-23 11:13 . 2013-09-23 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2013-09-22 19:22 . 2013-09-22 19:22 -------- d-----w- c:\windows\ERUNT 2013-09-22 18:37 . 2013-09-22 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable) 2013-09-21 23:30 . 2013-09-22 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2013-09-21 21:37 . 2013-09-21 21:37 -------- d-----w- c:\program files\ESET 2013-09-21 19:44 . 2013-09-21 20:32 -------- d-----w- C:\AdwCleaner 2013-09-21 13:42 . 2013-09-21 13:42 -------- d-----w- c:\documents and settings\Main User\Application Data\Malwarebytes 2013-09-21 13:42 . 2013-09-21 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-21 14:44 . 2012-09-20 07:37 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-21 14:44 . 2011-11-08 23:19 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll 2013-08-08 06:05 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-08-08 06:05 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-08-08 06:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-08-08 06:05 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll 2013-08-08 01:27 . 2008-04-14 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys 2013-08-08 00:02 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2013-08-07 10:22 . 2011-12-06 23:26 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-05 13:30 . 2008-04-14 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll 2013-08-03 20:18 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll 2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- c:\windows\system32\usp10.dll 2013-07-04 03:03 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392] "Facebook Update"="c:\documents and settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-30 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-30 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-30 141848] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-03 1044480] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424] "VX6000"="c:\windows\vVX6000.exe" [2010-01-29 764784] "UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720] "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408] "LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-18 27760] "UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\documents and settings\Main User\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableVirtualization"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\Main User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP::Disabled:Windows Remote Management . R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [4/8/2010 4:46 PM 117288] R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [4/8/2010 4:46 PM 117288] R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [4/8/2010 4:46 PM 154152] S2 MBAMScheduler;MBAMScheduler;"c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe" --> c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [?] S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?] S2 SDScannerService;Spybot-S&D 2 Scanner Service;"c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe" --> c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [?] S2 SDUpdateService;Spybot-S&D 2 Updating Service;"c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe" --> c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [?] S2 SDWSCService;Spybot-S&D 2 Security Center Service;"c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe" --> c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [?] S3 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?] S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?] S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [1/29/2010 1:04 AM 2074480] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-08-20 19:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-09-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 14:45] . 2013-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57] . 2013-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003Core.job - c:\documents and settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-01 23:19] . 2013-09-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2025429265-884357618-1417001333-1003UA.job - c:\documents and settings\Main User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-01 23:19] . 2013-09-25 c:\windows\Tasks\User_Feed_Synchronization-{7B09058B-9D4E-4995-98D2-4BA13ABAB3DF}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 10:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = http=127.0.0.1:1275;https=127.0.0.1:1275; uInternet Settings,ProxyOverride = IE: Free YouTube Download - c:\documents and settings\Main User\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) Toolbar-!{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) HKCU-Run-BrowserSafeguard - c:\program files\Browsersafeguard\Browsersafeguard.exe HKLM-Run-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe Notify-SDWinLogon - SDWinLogon.dll AddRemove-Browsersafeguard - c:\program files\Browsersafeguard\uninstall.browsersafeguard.exe AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files\Malwarebytes' Anti-Malware\unins000.exe AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 - c:\program files\Spybot - Search & Destroy 2\unins000.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-09-25 17:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2960) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\SearchIndexer.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE c:\windows\system32\igfxsrvc.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\lg_fwupdate\fwupdate.exe . ************************************************************************ . Completion time: 2013-09-25 17:19:53 - machine was rebooted ComboFix-quarantined-files.txt 2013-09-25 23:19 ComboFix2.txt 2013-09-24 00:58 . Pre-Run: 135,999,639,552 bytes free Post-Run: 135,717,183,488 bytes free . - - End Of File - - 76206EFF916A6355B48EF40542EC666D 8F558EB6672622401DA993E1E865C861
	hey mods · actions · 2013-Sep-25 7:41 pm ·
ez2cy join:2008-03-05	ez2cy I have internet with IE and can surf all her favorites etc.
	hey mods · actions · 2013-Sep-25 7:43 pm ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56 Reviews: ·Comcast	lilhurricane Mod ..stand by ez2cy , Note that many of the utilities utilized require a formal uninstall process to return your system to a normal operating state. Therefore, we ask you please see this through a bit more - till your "helper" deems you "clean". Please await final instruction from TheJoker -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	hey mods · actions · 2013-Sep-25 8:08 pm ·
TheJoker Premium,VIP,MVM join:2001-04-26 Charlottesville, VA kudos:5 1 edit 1 recommendation	TheJoker VIP,MVM reply to ez2cy quote: I have internet with IE and can surf all her favorites etc. Excellent! :) If you have the time, I would run one more scan with Sophos Virus Removal Tool. I think running another scan without an infected Services.exe running is important. Download the Sophos Virus Removal Tool and save it to your desktop: - Be sure to view the 3 short How-to videos on that page. - Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run. - Follow the prompts to accept the license agreement, and accept the default location. - A message will appear "InstallShield Wizard Completed". - Click 'Finish' to start the program. - After it updates and a "Start Scanning" button appears in the lower right: -- Disconnect from the Internet or physically unplug you Internet cable connection. -- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. -- Temporarily disable your anti-virus and real-time anti-spyware protection. - Click the "Start Scanning" button in the lower right to start the scan. - After starting the scan, do not use the computer until the scan has completed. - When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. - When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. - A log will be in the following location: - Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log 2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log - Please post the log in your next reply and let me know if your problem continues. Your Java version is outdated and vulnerable. Please go to Start > Control Panel > Programs and Features, and uninstall the following: Java 7 Update 25 Next, because Java has had so many vulnerabilities, if you don't have a program that requires Java, or a web site you visit that requires it, I recommend leaving it uninstalled. Your system will be more secure. If you decide to reinstall, or find that a program or website requires it, you can download the latest version from here: »java.com/en/download/manual.jsp If you do need it for a program (but have no website that requires it), you can make it more secure when you browse by going to the Java Control Panel (Start > Control Panel > Java), selecting the Security tab, and UNchecking the box for "Enable Java content in the browser". Don't do that if you have a website that requires it. Next, you need to remove the remnants of AVG 2012. Please download this program, save it to the Desktop, and run it and follow any prompts. http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe Go to start > run and copy and paste the next command in the field: ComboFix /uninstall Make sure there's a space between ComboFix and / Then hit enter. This will uninstall ComboFix, implement some cleanup procedures, and reset System Restore points. Next, you need to delete the utilities we used, and any logs they created. DDS Security Check AdwCleaner (run the program and click the Uninstall button) Malwarebytes Anti-Rootkit OTL Junkware Removal Tool Sophos Virus Removal Tool (uninstall from Control Panel's Add or Remove Programs And finally, you can delete the AVG remover utility after you have run it. I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »Security Cleanup FAQ Finally, if that last Sophos scan detected anything, please go ahead and post it. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	hey mods · actions · 2013-Sep-25 9:39 pm ·

Forums → Broadband Tech → Security → Security Cleanup	« (topic move) PC doctor locks up with Sept 2013 security update • [Malware] Help Please. »
page: 1 · 2 · next