Jump to content


Photo

Need help with Delta Search!


  • Please log in to reply
73 replies to this topic

#1 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 12 March 2013 - 10:45 PM

Hello,
It seems like my PC has been infected with the Delta Search search engine. It opens up automatically on starting Chrome and IE and there have been way too many pop ups in the last 2 days. I'm copy pasting my Hijack this log below. Would  really appreciate it if someone could take a look and help me out.
 
Thanks!
BB
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:14:33, on 13-03-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\louis\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\louis\Downloads\HijackThis.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.yahoo.com/?fr=fp-spt_gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Sing Along - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files\SingAlong\singalng.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Del11072248] cmd.exe /Q /D /c del "C:\Users\louis\AppData\Local\Temp\0.del"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1341] command.com /c del "C:\Program Files\Complitly\System.Data.SQLite.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1212] cmd.exe /c del "C:\Program Files\Complitly\System.Data.SQLite.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5070] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2727] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2894] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3919] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5854] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\utils.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC710] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\utils.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA960] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8667] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1170] command.com /c del "C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5045] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1530] command.com /c del "C:\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2531] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9360] command.com /c del "C:\Program Files\SweetIM\Messenger\SweetIM.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC474] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\SweetIM.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7196] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2651] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2516] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4649] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8580] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3704] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3245] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4332] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3672] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2782] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2181] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7237] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6256] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1472] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8460] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9437] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3736] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6702] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9421] command.com /c del "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6115] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4707] command.com /c del "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1615] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9698] command.com /c del "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5447] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2835] command.com /c del "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2243] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9240] command.com /c del "C:\Program Files\SweetIM\Messenger\default.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2786] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\default.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1075] command.com /c del "C:\Program Files\SweetIM\Messenger\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3589] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\msvcp71.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8419] command.com /c del "C:\Program Files\SweetIM\Messenger\msvcr71.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8698] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\msvcr71.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6694] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3061] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7528] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7668] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8392] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5312] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6366] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\GamesButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2513] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\GamesButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6129] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\KeyboardButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC334] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\KeyboardButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6259] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4184] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5920] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8563] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA114] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8651] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2639] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4142] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6208] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8408] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1158] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2889] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3493] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8527] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2434] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3987] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3685] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8383] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3677] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3440] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1526] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC553] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9464] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5335] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9782] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2801] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9565] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4272] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6667] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7441] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1043] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5073] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2446] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4616] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4027] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3753] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3576] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8056] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1217] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8875] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC359] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9092] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6311] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5744] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7573] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9646] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4905] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4184] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6469] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9773] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC684] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA521] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC674] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8792] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7203] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7353] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3557] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2131] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC951] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2749] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6792] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8866] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1994] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8661] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5659] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9487] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2386] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2684] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2496] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7609] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7880] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7511] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1858] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8898] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6190] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8053] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5095] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6504] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2282] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7589] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9577] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8024] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1480] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8594] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1533] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8244] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC433] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5375] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8084] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3545] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6677] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Users\louis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] ~"C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Rundll32] Rundll32.exe "C:\Users\louis\AppData\Roaming\Microsoft\Windows\unicode2.nls",0
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Users\louis\AppData\Local\Smartbar\Application\QuickShare.exe startup
O4 - HKCU\..\RunOnce: [Del11072248] cmd.exe /Q /D /c del "C:\Users\louis\AppData\Local\Temp\0.del"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6574] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6643] cmd.exe /c del "C:\Program Files\Complitly\System.Data.SQLite.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6618] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2234] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3638] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4159] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\options.xul"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7874] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\utils.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3248] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\chrome\content\utils.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8251] command.com /c del "C:\Program Files\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7637] cmd.exe /c del "C:\Program Files\Complitly\support@Complitly.com\defaults\preferences\predictad.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8498] command.com /c del "C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3568] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8813] command.com /c del "C:\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4678] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\ContentPackagesActivationHandler.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6149] command.com /c del "C:\Program Files\SweetIM\Messenger\SweetIM.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7400] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\SweetIM.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8631] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5950] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1849] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2002] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB97] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7262] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB118] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8214] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3301] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2092] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4634] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5111] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7115] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4433] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2154] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8974] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6337] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3683] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6259] command.com /c del "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1325] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\conf\sweetim.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9876] command.com /c del "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD872] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\conf\messages.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5907] command.com /c del "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7406] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2199] command.com /c del "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7011] cmd.exe /c del "C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB80] command.com /c del "C:\Program Files\SweetIM\Messenger\default.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7170] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\default.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8132] command.com /c del "C:\Program Files\SweetIM\Messenger\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2240] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\msvcp71.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4341] command.com /c del "C:\Program Files\SweetIM\Messenger\msvcr71.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3724] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\msvcr71.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1493] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4564] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1462] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7866] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3944] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9300] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5780] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\GamesButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3814] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\GamesButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4606] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\KeyboardButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7089] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\KeyboardButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9667] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8957] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9590] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8185] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB719] command.com /c del "C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6485] cmd.exe /c del "C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7367] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD954] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB820] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2122] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6521] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD409] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8563] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3745] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1789] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8827] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9493] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5878] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9609] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4461] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\bing.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7651] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4168] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3980] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8444] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB537] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6371] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5926] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8041] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4079] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2014] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6535] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4526] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5947] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6186] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9591] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2038] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2569] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4082] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5914] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5654] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3769] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8424] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1743] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9420] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4958] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1393] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8714] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9347] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5522] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6558] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1435] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8447] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD641] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8723] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4284] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4773] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3473] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6143] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3852] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5113] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3504] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6033] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7154] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6074] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7138] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7712] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1784] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingD534] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\options.html"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4423] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3962] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3354] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4080] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7400] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6555] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7755] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7926] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8474] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8066] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9038] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD819] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4985] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2812] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8137] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3369] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3137] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5674] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5121] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5470] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-toolbar.js"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7033] command.com /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4767] cmd.exe /c del "C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} (WebClientActiveX Control) - http://192.168.1.64/...ientActiveX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553440000} - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll 
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv32.exe (file missing)
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 54649 bytes
 
 
Edit: Please read the Instructions and post the other requested logs (MBAM, DDS, Security Check). We need the information in order to help you and HijackThis doesn't handle Windows 7 well.  

Duplicate topic deleted.


Edited by cnm, 12 March 2013 - 10:56 PM.


#2 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 13 March 2013 - 06:46 AM

Welcome burpingbutterfly to SpywareInfo. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :)

 


Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

 

=====

 

Also, please visit the Instructions for posting requested logs and post the logs from DDS, Malwarebytes Anti-Malware and Security Check.
 

=====

 

Please post the following in your reply:

  • ComboFix.txt.

  • DDS.txt.

  • MBAM log.

  • checkup.txt.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#3 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 13 March 2013 - 08:44 AM

Hello Dark Knight! Thanks so much for your help. Here are the logs you wanted to take a look at.

 

 

ComboFix 13-03-12.02 - louis 13-03-2013  18:27:13.1.2 - x86
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2046.933 [GMT 5.5:30]
Running from: c:\users\louis\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxAPI.dll
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DIFxInstallLog.txt
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspi.dll
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\GEARAspiWDM.inf
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\gearaspiwdmx86.cat
c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86\GEARAspiWDM.sys
c:\users\louis\AppData\Local\{F4ED2003-9FBB-49D3-8536-2646C3BE5209}
c:\users\louis\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\louis\AppData\Roaming\Microsoft\Windows\Recent\(BOM) Chhatrapati Shivaji International Airport Departures, Arrivals, and Information.url
c:\users\louis\AppData\Roaming\Microsoft\Windows\Recent\fltopsmail.url
c:\users\louis\Documents\~WRL0005.tmp
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-13 to 2013-03-13  )))))))))))))))))))))))))))))))
.
.
2013-03-13 13:08 . 2013-03-13 13:08    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-03-13 13:08 . 2013-03-13 13:08    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-13 09:31 . 2013-03-13 09:31    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD0879F2-1878-4822-99DB-F028D08B382D}\MpKsl43a56ef4.sys
2013-03-13 07:24 . 2013-02-08 00:45    6954968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD0879F2-1878-4822-99DB-F028D08B382D}\mpengine.dll
2013-03-12 18:37 . 2013-03-13 12:23    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-03-12 18:37 . 2013-03-12 18:38    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-03-12 18:35 . 2013-02-08 00:45    6954968    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-12 18:27 . 2013-03-12 18:29    --------    d-----w-    c:\users\louis\AppData\Roaming\Mipony
2013-03-12 18:26 . 2013-03-12 18:26    --------    d-----w-    c:\programdata\BrowserProtect
2013-03-12 18:26 . 2013-03-12 18:26    --------    d-----w-    c:\program files\Delta
2013-03-12 18:26 . 2013-03-12 18:26    --------    d-----w-    c:\users\louis\AppData\Roaming\BabSolution
2013-03-12 18:26 . 2013-03-12 18:26    --------    d-----w-    c:\users\louis\AppData\Roaming\Delta
2013-03-12 18:25 . 2013-03-12 18:25    --------    d-----w-    c:\users\louis\AppData\Roaming\DSite
2013-03-12 15:33 . 2012-11-28 13:30    740840    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6734F888-C722-4265-BF28-B52D8837ED64}\gapaengine.dll
2013-03-11 15:52 . 2013-03-12 15:21    --------    d-----w-    c:\program files\Iminent
2013-03-11 15:51 . 2013-03-11 15:51    --------    d-----w-    c:\windows\system32\searchplugins
2013-03-11 15:51 . 2013-03-11 15:51    --------    d-----w-    c:\windows\system32\Extensions
2013-03-11 15:49 . 2013-03-11 15:50    --------    d-----w-    c:\users\louis\AppData\Local\Smartbar
2013-03-11 15:49 . 2013-03-11 15:49    --------    d-----w-    c:\program files\SingAlong
2013-03-11 13:40 . 2013-02-05 08:54    37344    ----a-w-    c:\windows\system32\FsUsbExDisk.Sys
2013-03-11 13:40 . 2013-02-05 08:54    233472    ----a-w-    c:\windows\system32\FsUsbExService.Exe
2013-03-11 13:40 . 2012-08-28 04:35    110592    ----a-w-    c:\windows\system32\FsUsbExDevice.Dll
2013-03-05 08:21 . 2013-03-05 08:21    --------    d-----w-    c:\program files\iPod
2013-02-15 22:31 . 2013-02-15 22:31    186432    ----a-w-    c:\program files\Internet Explorer\Plugins\nppdf32.dll
2013-02-13 16:01 . 2013-02-13 16:01    --------    d-----w-    c:\program files\Common Files\Skype
2013-02-13 15:31 . 2013-01-08 22:01    768000    ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 09:07 . 2013-01-04 04:50    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-02-13 08:56 . 2013-01-04 03:00    2347008    ----a-w-    c:\windows\system32\win32k.sys
2013-02-13 08:41 . 2013-01-05 05:00    3967848    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-02-13 08:41 . 2013-01-05 05:00    3913064    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-02-13 08:37 . 2013-01-03 05:05    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-02-13 08:37 . 2013-01-03 05:04    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 20:59 . 2013-02-12 20:59    37064    ----a-w-    c:\windows\system32\drivers\taphss6.sys
2013-02-12 20:45 . 2013-02-12 20:45    36040    ----a-w-    c:\windows\system32\drivers\hssdrv6.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-04 08:07 . 2012-10-12 16:36    632656    ----a-w-    c:\windows\system32\msvcr80.dll
2013-03-04 08:07 . 2012-10-12 16:36    554832    ----a-w-    c:\windows\system32\msvcp80.dll
2013-03-04 08:07 . 2012-10-12 16:36    479232    ----a-w-    c:\windows\system32\msvcm80.dll
2013-03-04 08:07 . 2011-02-19 17:33    421200    ----a-w-    c:\windows\system32\msvcp100.dll
2013-03-04 08:07 . 2011-02-18 19:10    773968    ----a-w-    c:\windows\system32\msvcr100.dll
2013-02-28 16:47 . 2012-04-07 06:08    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-28 16:47 . 2011-09-15 12:47    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-09-15 06:59    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-20 10:29 . 2013-01-20 10:29    195296    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 10:29 . 2010-10-24 15:55    100328    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2012-12-16 14:13 . 2012-12-21 15:30    295424    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 15:30    34304    ----a-w-    c:\windows\system32\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}]
2013-02-28 16:24    109568    ----a-w-    c:\program files\SingAlong\singalng.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32    129272    ----a-w-    c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Browser Infrastructure Helper"="c:\users\louis\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-02-10 13824]
"<NO NAME>"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-11 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261095~1.52\{C16C1~1\BrowserProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35    946352    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28    38112    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 09:19    249064    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 MpKsl43a56ef4;MpKsl43a56ef4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD0879F2-1878-4822-99DB-F028D08B382D}\MpKsl43a56ef4.sys [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
HPService    REG_MULTI_SZ       HPSLPSVC
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 16:47]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000Core.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000UA.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-03-13 c:\windows\Tasks\Sing Along Update.job
- c:\program files\SingAlong\SingalngUpdater.exe [2013-02-28 16:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} - hxxp://192.168.1.64/codebase/WebClientActiveX.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
HKCU-Run-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2020)
c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\schtasks.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-03-13  18:46:14 - machine was rebooted
ComboFix-quarantined-files.txt  2013-03-13 13:16
.
Pre-Run: 9,547,776,000 bytes free
Post-Run: 9,781,837,824 bytes free
.
- - End Of File - - 07273DD1EF16A37CBB6C942BA8A9C355
 

 

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java™ 6 Update 24  
 Java version out of Date!
 Adobe Flash Player     11.6.602.171  
 Adobe Reader 10.1.6 Adobe Reader out of Date!
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.97  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````
 
 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2012.12.14.11
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
louis :: LOUIS-PC [administrator]
 
13-03-2013 19:06:22
mbam-log-2013-03-13 (19-06-22).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237802
Time elapsed: 5 minute(s), 4 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16464
Run by louis at 18:55:32 on 2013-03-13
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2046.568 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Windows\system32\FsUsbExService.Exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\louis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen
mURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
mURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - c:\program files\singalong\singalng.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Browser Infrastructure Helper] c:\users\louis\appdata\local\smartbar\application\QuickShare.exe startup
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\louis\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\louis\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} - hxxp://192.168.1.64/codebase/WebClientActiveX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553440000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9859995B-8DE4-47BD-B83D-6D84F5DDD61F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C63DAF12-2EC0-4186-89B5-7CDFD546DEDD} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\BrowserProtect.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2012-11-10 152576]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2012-11-10 49152]
R2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-12 2561488]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2010-1-11 155648]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-3-11 233472]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-1-31 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-9-15 2253176]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2013-3-11 37344]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-13 40776]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2012-11-10 247320]
S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe --> c:\windows\system32\afasrv32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-13 83168]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-31 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2012-3-3 52096]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-1-9 8576]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-13 181344]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-2-13 37064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-03-13 13:22:51    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-13 13:22:50    --------    d-----w-    c:\users\louis\appdata\roaming\Malwarebytes
2013-03-13 13:22:41    --------    d-----w-    c:\programdata\Malwarebytes
2013-03-13 13:22:40    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-13 13:22:40    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-13 13:22:32    --------    d-----w-    c:\users\louis\appdata\local\Programs
2013-03-13 13:14:11    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-13 12:54:23    98816    ----a-w-    c:\windows\sed.exe
2013-03-13 12:54:23    256000    ----a-w-    c:\windows\PEV.exe
2013-03-13 12:54:23    208896    ----a-w-    c:\windows\MBR.exe
2013-03-13 07:24:29    6954968    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{cd0879f2-1878-4822-99db-f028d08b382d}\mpengine.dll
2013-03-12 18:37:59    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-03-12 18:37:59    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-03-12 18:35:57    6954968    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-12 18:27:41    --------    d-----w-    c:\users\louis\appdata\roaming\Mipony
2013-03-12 18:26:30    --------    d-----w-    c:\programdata\BrowserProtect
2013-03-12 18:26:17    --------    d-----w-    c:\program files\Delta
2013-03-12 18:26:15    --------    d-----w-    c:\users\louis\appdata\roaming\BabSolution
2013-03-12 18:26:06    --------    d-----w-    c:\users\louis\appdata\roaming\Delta
2013-03-12 18:25:43    --------    d-----w-    c:\users\louis\appdata\roaming\DSite
2013-03-12 15:33:06    740840    ------w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{6734f888-c722-4265-bf28-b52d8837ed64}\gapaengine.dll
2013-03-12 15:22:46    --------    d-----w-    c:\users\louis\appdata\local\{236354CB-58A6-4AE9-9DDD-83CFEE9C4C37}
2013-03-11 15:52:37    --------    d-----w-    c:\program files\Iminent
2013-03-11 15:51:30    --------    d-----w-    c:\windows\system32\searchplugins
2013-03-11 15:51:30    --------    d-----w-    c:\windows\system32\Extensions
2013-03-11 15:49:53    --------    d-----w-    c:\users\louis\appdata\local\Smartbar
2013-03-11 15:49:17    --------    d-----w-    c:\program files\SingAlong
2013-03-11 13:40:43    37344    ----a-w-    c:\windows\system32\FsUsbExDisk.Sys
2013-03-11 13:40:43    233472    ----a-w-    c:\windows\system32\FsUsbExService.Exe
2013-03-11 13:40:43    110592    ----a-w-    c:\windows\system32\FsUsbExDevice.Dll
2013-03-11 06:48:21    --------    d-----w-    c:\users\louis\appdata\local\{C6F85BB4-5FD4-48CD-9B1A-B3AB7F072700}
2013-03-10 07:19:43    --------    d-----w-    c:\users\louis\appdata\local\{D02FAA88-9B72-4B47-808E-A8332AE6C9C5}
2013-03-09 07:13:26    --------    d-----w-    c:\users\louis\appdata\local\{1A052E8C-8DF2-4EFA-BAF2-DE00E1BDE7AF}
2013-03-08 03:15:12    --------    d-----w-    c:\users\louis\appdata\local\{CD4C6EE5-34F7-455C-A2AD-028267455455}
2013-03-07 05:24:39    --------    d-----w-    c:\users\louis\appdata\local\{8DBDCE01-993B-4EE6-975C-C243EC1CFA3F}
2013-03-05 08:21:24    --------    d-----w-    c:\program files\iPod
2013-03-05 06:39:30    --------    d-----w-    c:\users\louis\appdata\local\{6669907E-6845-45C8-BB1E-453A67C44977}
2013-03-04 03:25:07    --------    d-----w-    c:\users\louis\appdata\local\{7C2A64D2-C3AC-4234-8ABE-568B3B79601E}
2013-03-03 06:17:04    --------    d-----w-    c:\users\louis\appdata\local\{699C5894-D1A0-4775-9A41-A0B4BFC9D2D8}
2013-03-02 18:16:39    --------    d-----w-    c:\users\louis\appdata\local\{EB9CB247-90FB-4B38-B2F4-924B626C699A}
2013-03-02 03:32:53    --------    d-----w-    c:\users\louis\appdata\local\{656C07E9-A387-4E5B-8ED9-D7E0DBA46F6B}
2013-03-01 05:13:36    --------    d-----w-    c:\users\louis\appdata\local\{66F65A7C-BB75-43CA-8ECA-CD5A43B785A2}
2013-02-28 07:07:32    --------    d-----w-    c:\users\louis\appdata\local\{6F6194CA-9FB8-4594-A1A0-F36EF75FDD21}
2013-02-27 01:18:18    --------    d-----w-    c:\users\louis\appdata\local\{E248CB83-7989-4C8C-99C0-0785D0F73044}
2013-02-26 05:45:47    --------   

#4 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 13 March 2013 - 03:44 PM

Good morning burpingbutterfly,

 

Thank you for the logs.

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#5 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 13 March 2013 - 09:53 PM

Good Morning Dark Knight!

 

Here's the log

 

 

# AdwCleaner v2.114 - Logfile created 03/14/2013 at 08:18:29
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : louis - LOUIS-PC
# Boot Mode : Normal
# Running from : C:\Users\louis\Desktop\adwcleaner (1).exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Found : C:\END
File Found : C:\user.js
Folder Found : C:\Program Files\~BabylonToolbar
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Freecorder
Folder Found : C:\Program Files\Iminent
Folder Found : C:\Program Files\NCH_EN
Folder Found : C:\Program Files\Perion
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\Users\louis\AppData\Local\APN
Folder Found : C:\Users\louis\AppData\Local\Conduit
Folder Found : C:\Users\louis\AppData\Local\Smartbar
Folder Found : C:\Users\louis\AppData\Local\Temp\Smartbar
Folder Found : C:\Users\louis\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\louis\AppData\LocalLow\Conduit
Folder Found : C:\Users\louis\AppData\LocalLow\Delta
Folder Found : C:\Users\louis\AppData\LocalLow\Freecorder
Folder Found : C:\Users\louis\AppData\LocalLow\NCH_EN
Folder Found : C:\Users\louis\AppData\LocalLow\PriceGong
Folder Found : C:\Users\louis\AppData\LocalLow\Smartbar
Folder Found : C:\Users\louis\AppData\Roaming\BabSolution
Folder Found : C:\Users\louis\Documents\Freecorder
 
***** [Registry] *****
 
Key Found : HKCU\Software\a558b8ae168b941
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\NCH_EN
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\a558b8ae168b941
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05237C6D-7243-40C2-9C8A-069614C6FC9A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EB1CF95-31A0-4614-9139-950299271AE4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B565FD2-211C-4433-9B8D-51BBC0DF7A64}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2494C7D-F57F-426C-8110-027DC4E7845A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9E92257F-3F0A-451D-B231-6E2DB60CDC71}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7BC02AF-1128-4A31-BCF8-1A3EE803D3B3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A81A974F-8A22-43E6-9243-5198FF758DA1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\NCH_EN
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-3663218948-249224238-3298779809-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.152
 
File : C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [15624 octets] - [14/03/2013 08:18:29]
 
########## EOF - C:\AdwCleaner[R1].txt - [15685 octets] ##########


#6 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 14 March 2013 - 02:28 AM

Howdy burpingbutterfly,

 


Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

 

Does the issue remain?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#7 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 14 March 2013 - 10:53 PM

Hey Dark Knight,

That seems to have solved it (Yay!)

Here's the log after deletion:

 

 

# AdwCleaner v2.114 - Logfile created 03/15/2013 at 09:19:52
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : louis - LOUIS-PC
# Boot Mode : Normal
# Running from : C:\Users\louis\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [15755 octets] - [14/03/2013 08:18:29]
AdwCleaner[R2].txt - [906 octets] - [15/03/2013 09:19:30]
AdwCleaner[S1].txt - [15928 octets] - [14/03/2013 08:25:54]
AdwCleaner[S2].txt - [838 octets] - [15/03/2013 09:19:52]
 
########## EOF - C:\AdwCleaner[S2].txt - [897 octets] ##########


#8 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 15 March 2013 - 02:52 AM

Hello burpingbutterfly,

 

Great!

 

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#9 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 15 March 2013 - 10:54 AM

Hey Dark Knight,

 

Here you go:

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6a10e1610b55194b90bd15c9e0836197
# engine=13393
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-15 03:15:48
# local_time=2013-03-15 08:45:48 (+0530, India Standard Time)
# country="India"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5892 16777213 88 94 1469673 14602478 0 0
# scanned=411324
# found=10
# cleaned=0
# scan_time=17250
sh=1B2E938EAEA27B990355B6C3DB6C1C1A9F33BFB4 ft=1 fh=c71c0011ddfe20fa vn="a variant of Win32/Toolbar.Babylon application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3663218948-249224238-3298779809-1000\$R3K0IIW\~BabylonToolbar\~1.5.3.17\~BabylonToolbarApp.dll"
sh=7A18C5B083B2038CB2DE877694085DF633F40C46 ft=1 fh=c71c0011b1f6426d vn="Win32/Toolbar.Babylon application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3663218948-249224238-3298779809-1000\$R3K0IIW\~BabylonToolbar\~1.5.3.17\~BabylonToolbarEng.dll"
sh=AC056A6D25E04155BA23BF34670C3E6D2A85B248 ft=1 fh=c71c0011bbd638b2 vn="probably a variant of Win32/Toolbar.Babylon application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3663218948-249224238-3298779809-1000\$R3K0IIW\~BabylonToolbar\~1.5.3.17\~BabylonToolbarsrv.exe"
sh=C02A094933FD68AE44EAE0EA249EB6A981353C91 ft=1 fh=1cff81f31528b9a9 vn="Win32/Toolbar.Babylon application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3663218948-249224238-3298779809-1000\$R3K0IIW\~BabylonToolbar\~1.5.3.17\~BabylonToolbarTlbr.dll"
sh=9E60FE40C5BA463780413D5D22446858015EFF4B ft=1 fh=b2e9a257c367f009 vn="Win32/Toolbar.Babylon application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3663218948-249224238-3298779809-1000\$R3K0IIW\~BabylonToolbar\~1.5.3.17\~bh\~BabylonToolbar.dll"
sh=8965B7A3314E0FE18BCA46FFCCFD89B97D08C1C3 ft=1 fh=12de5b5201b65210 vn="a variant of Win32/Somoto.A application" ac=I fn="C:\Users\louis\Downloads\7ZipSetup.exe"
sh=A022A1DBA34584AE22437AC56CB786C579A6EE77 ft=1 fh=808526e049f33f03 vn="a variant of Win32/InstallCore.BF application" ac=I fn="C:\Users\louis\Downloads\DownloadManagerSetup.exe"
sh=29DD67E523859554B1D54103B11E8C8EF9C47515 ft=1 fh=5e100b0293628cc1 vn="multiple threats" ac=I fn="C:\Users\louis\Downloads\setup.exe"
sh=26FC3CA0DC5D4F2114D83A1833FF4C22CCB72FFD ft=1 fh=76ea2a8e5feed90c vn="a variant of Win32/Somoto.A application" ac=I fn="C:\Users\louis\Downloads\VLCMediaPlayerSetup.exe"
sh=2C63364B2B7DC07458B193F221F04431703D9B91 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="F:\Users\Patronage\Documents\Vivek\Vivek1\Vivek\Application Data\Adobe\Acrobat\WHAPI\WHA Library.dll"


#10 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 15 March 2013 - 05:14 PM

Hello burpingbutterfly,

 

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#11 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 16 March 2013 - 02:47 AM

Hey Dark Knight,

Here you go:

 

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java™ 6 Update 24  
 Java version out of Date! 
 Adobe Flash Player     11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2% 
````````````````````End of Log`````````````````````` 


#12 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 16 March 2013 - 03:22 AM

Good evening burpingbutterfly,

 

I notice that you have the User Account Control turned off. This is a very important security feature on Windows Vista and 7, as it allows you to restrict access to your computer and control programs that try to run. Please see below on how to turn it on:

http://windows.micro...ntrol-on-or-off

 

=====

 

Your version of Java is out of date. It's important to remove older versions of Java since it does not do so automatically and older versions can leave you vulnerable.

Please follow the instructions below to update Java:

  • Please go to the below link and download the latest Windows 7 version:

http://www.java.com/...load/manual.jsp
    
  • Save it to your Desktop.
  •     Please go to Start>Control Panel>Programs.
  •     Navigate to any versions of Java (J2SE Runtime Environment) you have installed. They will have this icon next to them:
  •      Select Uninstall.
  •     Please double-click the installer and follow the prompts to install the latest version once all the previous versions have been successfully removed.

 

=====

 

Also, your version of Adobe Reader is out of date. It could have security vulnerabilities, so please follow these instructions to update it:

  • Please go to Start>All Programs>Adobe Reader.
  • Open Adobe Reader and navigate to Help>Check for Updates.
  • Please follow the prompts to install the latest version.

 

=====

 

In your reply please let me know how the updates go.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#13 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 17 March 2013 - 06:18 AM

Hi Dark Knight,

 

I have turned on the User Account Control. I've also updated Java. When I tried to update Adobe, it gave me a message saying "No updates available". Also I've noticed that there are still quite a few popups and sometimes when I click on a link, it'll take me to a completely unrelated page. I have to then close the page and re-click the link to go to the right page. For eg: When I clicked on the link you gave me for the Java update, it opened up some ad page. I had to click on it again to reach the update page. \

 

Help!



#14 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 18 March 2013 - 04:25 AM

Hello burpingbutterfly,

 

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#15 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 20 March 2013 - 11:45 AM

Hey Dark Knight,

 

Sorry about the delayed response. Here are the two logs:

 

 

OTL logfile created on: 20-03-2013 22:00:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\louis\Desktop
 Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
 
2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.24% Memory free
4.00 Gb Paging File | 3.18 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 7.81 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 311.34 Gb Free Space | 84.58% Space Free | Partition Type: NTFS
Drive F: | 138.96 Gb Total Space | 10.85 Gb Free Space | 7.81% Space Free | Partition Type: NTFS
Drive G: | 10.00 Gb Total Space | 6.98 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
 
Computer Name: LOUIS-PC | User Name: louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-03-18 20:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\louis\Desktop\OTL.exe
PRC - [2013-02-05 14:24:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013-01-31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013-01-27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-12-18 19:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-23 08:18:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-08-01 16:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012-08-01 16:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012-08-01 16:07:00 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011-05-27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011-04-19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-01-25 19:31:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010-02-09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2010-01-11 23:50:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\afasrv32.exe -- (AfaService)
SRV - [2013-03-14 12:16:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-02-05 14:24:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013-01-31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013-01-27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-18 19:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-10-10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-08-01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011-05-27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011-04-19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2011-01-25 19:31:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-02-09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2010-01-11 23:50:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007-11-07 01:52:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\louis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013-02-13 02:29:12 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013-02-12 09:02:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2013-02-05 14:24:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013-01-20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-09-20 10:05:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012-09-20 10:05:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012-06-27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-01-18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012-01-09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-11-21 02:59:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-21 02:59:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-21 02:59:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-10-01 10:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2009-08-22 01:54:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009-06-22 16:49:00 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009-06-05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2007-11-07 01:52:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2005-03-03 23:23:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-02-23 21:29:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004-12-03 15:50:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.hotmail.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\louis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\louis\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\louis\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04 22:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2012-10-12 22:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2012-10-12 22:36:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04 22:07:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files\SingAlong\FF\ [2013-03-11 21:19:18 | 000,000,000 | ---D | M]
 
[2012-10-12 22:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\louis\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\louis\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\louis\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Sing Along = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.110_0\
CHR - Extension: Angry Birds = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YOUZEEK Free Music = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0\
CHR - Extension: +Music = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjklapimfghfjjinidpblloipjnnpgb\1.1.6_0\
CHR - Extension: Full Screen Weather = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: 8tracks = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbjgabefekpljmdhbifajgiamkpepnd\1.0.4_0\
CHR - Extension: Traffic Control = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpplppigijgifgajmlmndhpjmggbgij\1.3_0\
CHR - Extension: Skyrama = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.2_0\
CHR - Extension: Unit Convertor = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkaklafnbnpegjnlplfgadnobkgdkinf\1.9_0\
CHR - Extension: DriveTunes = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\labgcacinobdnkfndodfkfeabbjckbnj\3.2.4_0\
CHR - Extension: Cork Board = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
 
O1 HOSTS File: ([2013-03-13 18:40:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} http://192.168.1.64/...ientActiveX.cab (WebClientActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553440000} https://fpdownload.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9859995B-8DE4-47BD-B83D-6D84F5DDD61F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63DAF12-2EC0-4186-89B5-7CDFD546DEDD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browserprotect.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-03-19 20:01:54 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-03-19 20:01:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-03-19 20:01:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-03-19 20:01:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-03-19 20:01:53 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-03-19 20:01:53 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-03-19 20:01:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-03-19 20:01:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-03-19 20:01:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-03-19 20:01:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-03-19 20:01:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-03-19 20:01:52 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-03-19 20:01:52 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-03-19 20:01:52 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-03-19 20:01:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-03-19 20:01:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-03-19 20:01:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-03-19 20:01:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-03-19 20:01:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-03-19 20:01:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-03-19 20:01:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-03-19 20:01:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-03-19 20:01:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-03-19 20:01:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-03-19 20:01:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-03-19 20:01:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-03-19 20:01:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-03-19 20:01:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-03-19 20:01:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-03-19 20:01:51 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-03-19 20:01:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-03-19 20:01:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-03-19 20:01:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-03-19 20:01:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-03-19 20:01:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-03-19 20:01:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-03-19 20:00:10 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-03-19 20:00:09 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-03-19 20:00:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-03-19 20:00:09 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-03-19 20:00:09 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013-03-19 20:00:09 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-03-19 20:00:09 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-03-19 20:00:09 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-03-19 20:00:09 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-03-19 20:00:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-03-19 20:00:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-03-19 20:00:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-03-19 20:00:09 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-03-19 20:00:09 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-03-19 20:00:09 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-03-19 20:00:09 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-03-19 20:00:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-03-19 13:07:49 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{C349DC4C-300A-47FA-AF30-CBB0585C0D5D}
[2013-03-19 11:08:54 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\Mozilla
[2013-03-18 20:13:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\louis\Desktop\OTL.exe
[2013-03-17 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{DF4D9BE0-A27F-4A70-89C2-42D636FECEAE}
[2013-03-17 16:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-03-17 16:49:01 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-03-17 16:49:01 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-03-17 16:48:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-03-17 16:48:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-03-17 16:48:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-03-17 16:42:25 | 000,897,448 | ---- | C] (Oracle Corporation) -- C:\Users\louis\Desktop\jre-7u17-windows-i586-iftw (1).exe
[2013-03-15 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{8FED8E90-AFB7-4A5C-804E-FD6C7C83D836}
[2013-03-15 15:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-03-14 23:19:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013-03-13 18:55:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\louis\Desktop\dds.com
[2013-03-13 18:52:50 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\Malwarebytes
[2013-03-13 18:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-03-13 18:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-03-13 18:52:40 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013-03-13 18:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-03-13 18:52:32 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\Programs
[2013-03-13 18:44:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-03-13 18:24:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-03-13 18:24:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-03-13 18:24:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-03-13 18:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-03-13 18:23:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-03-13 00:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013-03-13 00:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013-03-13 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013-03-12 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\Mipony
[2013-03-12 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\DSite
[2013-03-12 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{236354CB-58A6-4AE9-9DDD-83CFEE9C4C37}
[2013-03-11 21:21:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013-03-11 21:21:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013-03-11 21:19:20 | 000,000,000 | ---D | C] -- C:\Users\louis\Documents\Downloads
[2013-03-11 21:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\SingAlong
[2013-03-11 19:11:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013-03-11 19:10:43 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2013-03-11 12:18:21 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{C6F85BB4-5FD4-48CD-9B1A-B3AB7F072700}
[2013-03-10 12:49:43 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{D02FAA88-9B72-4B47-808E-A8332AE6C9C5}
[2013-03-09 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{1A052E8C-8DF2-4EFA-BAF2-DE00E1BDE7AF}
[2013-03-08 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{CD4C6EE5-34F7-455C-A2AD-028267455455}
[2013-03-07 10:54:39 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{8DBDCE01-993B-4EE6-975C-C243EC1CFA3F}
[2013-03-05 13:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013-03-05 13:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013-03-05 12:09:30 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{6669907E-6845-45C8-BB1E-453A67C44977}
[2013-03-04 08:55:07 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{7C2A64D2-C3AC-4234-8ABE-568B3B79601E}
[2013-03-03 11:47:04 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{699C5894-D1A0-4775-9A41-A0B4BFC9D2D8}
[2013-03-02 23:46:39 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{EB9CB247-90FB-4B38-B2F4-924B626C699A}
[2013-03-02 09:02:53 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{656C07E9-A387-4E5B-8ED9-D7E0DBA46F6B}
[2013-03-01 10:43:36 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{66F65A7C-BB75-43CA-8ECA-CD5A43B785A2}
[2013-02-28 12:37:32 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{6F6194CA-9FB8-4594-A1A0-F36EF75FDD21}
[2013-02-27 21:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2013-02-27 06:48:18 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{E248CB83-7989-4C8C-99C0-0785D0F73044}
[2013-02-26 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{46AE903B-CA4C-4B4F-8EC8-8F0800ECE42B}
[2013-02-25 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{1ED60C03-0A19-4382-9453-201CB72E7757}
[2013-02-25 00:45:47 | 000,000,000 | ---D | C] -- C:\Users\louis\Documents\Misc random docs
[2013-02-24 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{211D595B-EAA3-4CEB-9572-EE25A71E8659}
[2013-02-23 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{F165B8D9-1CC1-41BA-8ACF-B5B60D5434ED}
[2013-02-22 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{33E61AB2-84D9-49B5-9E80-B384F3F17D29}
[2013-02-21 23:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-02-21 12:40:32 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{050996EC-944C-4D72-BDDA-934A24EEA8B5}
[2013-02-19 11:36:11 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{1E633AF9-72A2-4703-9608-45B7A5CB8ABA}
 
========== Files - Modified Within 30 Days ==========
 
[2013-03-20 22:04:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000UA.job
[2013-03-20 21:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-20 21:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-20 21:09:05 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013-03-20 19:51:14 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-20 19:51:14 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-20 19:49:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-20 19:46:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-20 19:44:50 | 1608,974,336 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-19 20:01:54 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-03-19 20:01:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-03-19 20:01:54 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-03-19 20:01:54 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-03-19 20:01:53 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-03-19 20:01:53 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-03-19 20:01:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-03-19 20:01:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-03-19 20:01:53 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-03-19 20:01:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-03-19 20:01:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-03-19 20:01:53 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-03-19 20:01:52 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-03-19 20:01:52 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-03-19 20:01:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-03-19 20:01:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-03-19 20:01:52 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-03-19 20:01:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-03-19 20:01:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-03-19 20:01:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-03-19 20:01:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-03-19 20:01:52 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-03-19 20:01:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-03-19 20:01:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-03-19 20:01:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-03-19 20:01:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-03-19 20:01:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-03-19 20:01:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-03-19 20:01:51 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-03-19 20:01:51 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-03-19 20:01:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-03-19 20:01:51 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-03-19 20:01:51 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-03-19 20:01:51 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-03-19 20:01:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-03-19 20:01:51 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-03-19 20:01:50 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-03-19 20:00:10 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-03-19 20:00:10 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-03-19 20:00:09 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-03-19 20:00:09 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-03-19 20:00:09 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-03-19 20:00:09 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013-03-19 20:00:09 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-03-19 20:00:09 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-03-19 20:00:09 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-03-19 20:00:09 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-03-19 20:00:09 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-03-19 20:00:09 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-03-19 20:00:09 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-03-19 20:00:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-03-19 20:00:09 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-03-19 20:00:09 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-03-19 20:00:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-03-19 17:50:41 | 000,631,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-03-19 17:50:41 | 000,111,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-03-18 20:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\louis\Desktop\OTL.exe
[2013-03-18 09:04:25 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000Core.job
[2013-03-17 16:48:39 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-03-17 16:48:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-03-17 16:48:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-03-17 16:48:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-03-17 16:48:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-03-17 16:48:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-03-17 16:42:28 | 000,897,448 | ---- | M] (Oracle Corporation) -- C:\Users\louis\Desktop\jre-7u17-windows-i586-iftw (1).exe
[2013-03-14 12:16:35 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-03-14 12:16:34 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-03-14 08:18:16 | 000,597,667 | ---- | M] () -- C:\Users\louis\Desktop\adwcleaner (1).exe
[2013-03-13 22:58:28 | 261,200,500 | ---- | M] () -- C:\Users\louis\Desktop\registry backup.reg
[2013-03-13 18:56:47 | 000,890,798 | ---- | M] () -- C:\Users\louis\Desktop\SecurityCheck.exe
[2013-03-13 18:55:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\louis\Desktop\dds.com
[2013-03-13 18:52:42 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-13 18:43:50 | 000,030,208 | ---- | M] () -- C:\Users\louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-13 18:43:50 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013-03-13 18:40:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-03-13 13:36:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-03-13 13:36:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-03-13 09:14:33 | 000,054,651 | ---- | M] () -- C:\Users\louis\Desktop\hijackthis log
[2013-03-13 08:22:21 | 000,006,924 | ---- | M] () -- C:\Windows\wininit.ini
[2013-03-13 00:08:27 | 000,001,249 | ---- | M] () -- C:\Users\louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013-03-13 00:08:27 | 000,001,225 | ---- | M] () -- C:\Users\louis\Desktop\Spybot - Search & Destroy.lnk
[2013-03-11 21:32:48 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013-03-08 18:29:29 | 000,622,227 | ---- | M] () -- C:\Users\louis\Desktop\photo 1.JPG
[2013-03-04 13:37:26 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013-03-04 13:37:26 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013-03-04 13:37:26 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013-03-04 13:37:24 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013-03-04 13:37:24 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013-02-26 21:01:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-02-24 22:51:12 | 000,913,539 | ---- | M] () -- C:\Users\louis\Desktop\DSC_4140.JPG
[2013-02-24 22:51:08 | 000,766,191 | ---- | M] () -- C:\Users\louis\Desktop\DSC_4137.JPG
[2013-02-20 23:16:16 | 000,000,968 | ---- | M] () -- C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013-03-19 20:01:51 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-03-14 08:18:15 | 000,597,667 | ---- | C] () -- C:\Users\louis\Desktop\adwcleaner (1).exe
[2013-03-13 22:57:19 | 261,200,500 | ---- | C] () -- C:\Users\louis\Desktop\registry backup.reg
[2013-03-13 18:56:41 | 000,890,798 | ---- | C] () -- C:\Users\louis\Desktop\SecurityCheck.exe
[2013-03-13 18:52:42 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-13 18:24:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-03-13 18:24:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-03-13 18:24:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-03-13 18:24:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-03-13 18:24:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-03-13 13:36:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013-03-13 13:36:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013-03-13 09:14:33 | 000,054,651 | ---- | C] () -- C:\Users\louis\Desktop\hijackthis log
[2013-03-13 08:21:20 | 000,006,924 | ---- | C] () -- C:\Windows\wininit.ini
[2013-03-13 00:08:27 | 000,001,249 | ---- | C] () -- C:\Users\louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013-03-13 00:08:27 | 000,001,225 | ---- | C] () -- C:\Users\louis\Desktop\Spybot - Search & Destroy.lnk
[2013-03-11 21:22:53 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013-03-11 21:19:21 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013-03-11 19:10:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013-03-11 19:10:43 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013-03-08 18:29:27 | 000,622,227 | ---- | C] () -- C:\Users\louis\Desktop\photo 1.JPG
[2013-02-27 21:42:35 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[2013-02-24 22:51:10 | 000,913,539 | ---- | C] () -- C:\Users\louis\Desktop\DSC_4140.JPG
[2013-02-24 22:50:55 | 000,766,191 | ---- | C] () -- C:\Users\louis\Desktop\DSC_4137.JPG
[2013-02-24 22:44:52 | 001,229,694 | ---- | C] () -- C:\Users\louis\Desktop\DSC_3973.JPG
[2013-02-24 22:44:52 | 001,203,419 | ---- | C] () -- C:\Users\louis\Desktop\DSC_3972.JPG
[2012-11-10 16:12:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012-10-13 00:26:11 | 000,030,208 | ---- | C] () -- C:\Users\louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012-08-28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012-08-28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012-08-28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-08-28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012-01-18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012-01-18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012-01-18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012-01-18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-04 21:58:00 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011-10-04 21:58:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011-09-18 12:30:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011-09-15 12:48:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-09-15 12:48:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-09-15 12:48:34 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-09-15 12:48:34 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-09-15 12:48:33 | 000,074,752 | ---- | C

#16 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 21 March 2013 - 01:57 AM

Hey butterfly,

 

There should be more to the log.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#17 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 21 March 2013 - 07:42 AM

Should there?

Let me try posting it in two separate messages:

 

 

OTL logfile created on: 20-03-2013 22:00:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\louis\Desktop
 Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
 
2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.24% Memory free
4.00 Gb Paging File | 3.18 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 7.81 Gb Free Space | 8.00% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 311.34 Gb Free Space | 84.58% Space Free | Partition Type: NTFS
Drive F: | 138.96 Gb Total Space | 10.85 Gb Free Space | 7.81% Space Free | Partition Type: NTFS
Drive G: | 10.00 Gb Total Space | 6.98 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
 
Computer Name: LOUIS-PC | User Name: louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-03-18 20:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\louis\Desktop\OTL.exe
PRC - [2013-02-05 14:24:40 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013-01-31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013-01-27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012-12-18 19:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-23 08:18:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-08-01 16:07:16 | 000,724,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012-08-01 16:07:06 | 000,174,488 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012-08-01 16:07:00 | 000,126,872 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011-05-27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011-04-19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-01-25 19:31:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010-02-09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2010-01-11 23:50:48 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\afasrv32.exe -- (AfaService)
SRV - [2013-03-14 12:16:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-02-05 14:24:40 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013-01-31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013-01-27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013-01-27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-18 19:58:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-10-10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-08-01 16:07:16 | 000,724,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012-01-18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011-05-27 15:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2011-04-19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2011-01-25 19:31:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-02-09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2010-01-11 23:50:48 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007-11-07 01:52:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\louis\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013-02-13 02:29:12 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2013-02-12 09:02:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2013-02-05 14:24:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013-01-20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012-10-10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-09-20 10:05:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012-09-20 10:05:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012-06-27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012-01-18 06:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012-01-09 17:28:20 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012-01-09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012-01-09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012-01-09 17:28:20 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012-01-09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010-11-21 02:59:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-21 02:59:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-21 02:59:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-10-01 10:07:44 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2009-08-22 01:54:03 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009-06-22 16:49:00 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2009-06-05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2007-11-07 01:52:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2005-03-03 23:23:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
DRV - [2005-02-23 21:29:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2004-12-03 15:50:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.hotmail.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\louis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\louis\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\louis\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04 22:07:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2012-10-12 22:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2012-10-12 22:36:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-04 22:07:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files\SingAlong\FF\ [2013-03-11 21:19:18 | 000,000,000 | ---D | M]
 
[2012-10-12 22:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\louis\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\louis\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\louis\AppData\Local\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\louis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: Sing Along = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.110_0\
CHR - Extension: Angry Birds = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YOUZEEK Free Music = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0\
CHR - Extension: +Music = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddjklapimfghfjjinidpblloipjnnpgb\1.1.6_0\
CHR - Extension: Full Screen Weather = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: 8tracks = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbjgabefekpljmdhbifajgiamkpepnd\1.0.4_0\
CHR - Extension: Traffic Control = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihpplppigijgifgajmlmndhpjmggbgij\1.3_0\
CHR - Extension: Skyrama = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap\1.0.2_0\
CHR - Extension: Unit Convertor = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkaklafnbnpegjnlplfgadnobkgdkinf\1.9_0\
CHR - Extension: DriveTunes = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\labgcacinobdnkfndodfkfeabbjckbnj\3.2.4_0\
CHR - Extension: Cork Board = C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
 
O1 HOSTS File: ([2013-03-13 18:40:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} http://192.168.1.64/...ientActiveX.cab (WebClientActiveX Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553440000} https://fpdownload.m...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9859995B-8DE4-47BD-B83D-6D84F5DDD61F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63DAF12-2EC0-4186-89B5-7CDFD546DEDD}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browserprotect.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006-09-19 03:13:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-03-19 20:01:54 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-03-19 20:01:54 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-03-19 20:01:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-03-19 20:01:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-03-19 20:01:53 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-03-19 20:01:53 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-03-19 20:01:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-03-19 20:01:53 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-03-19 20:01:53 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-03-19 20:01:53 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-03-19 20:01:53 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-03-19 20:01:52 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-03-19 20:01:52 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-03-19 20:01:52 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-03-19 20:01:52 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-03-19 20:01:52 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-03-19 20:01:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-03-19 20:01:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-03-19 20:01:52 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-03-19 20:01:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-03-19 20:01:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-03-19 20:01:52 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-03-19 20:01:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-03-19 20:01:51 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-03-19 20:01:51 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-03-19 20:01:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-03-19 20:01:51 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-03-19 20:01:51 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-03-19 20:01:51 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-03-19 20:01:51 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-03-19 20:01:51 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-03-19 20:01:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-03-19 20:01:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-03-19 20:01:51 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-03-19 20:01:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-03-19 20:01:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-03-19 20:00:10 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-03-19 20:00:09 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-03-19 20:00:09 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-03-19 20:00:09 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-03-19 20:00:09 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013-03-19 20:00:09 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-03-19 20:00:09 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-03-19 20:00:09 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-03-19 20:00:09 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-03-19 20:00:09 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-03-19 20:00:09 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-03-19 20:00:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-03-19 20:00:09 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-03-19 20:00:09 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-03-19 20:00:09 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-03-19 20:00:09 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-03-19 20:00:09 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-03-19 13:07:49 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{C349DC4C-300A-47FA-AF30-CBB0585C0D5D}
[2013-03-19 11:08:54 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\Mozilla
[2013-03-18 20:13:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\louis\Desktop\OTL.exe
[2013-03-17 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{DF4D9BE0-A27F-4A70-89C2-42D636FECEAE}
[2013-03-17 16:58:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013-03-17 16:49:01 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-03-17 16:49:01 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-03-17 16:48:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-03-17 16:48:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-03-17 16:48:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-03-17 16:42:25 | 000,897,448 | ---- | C] (Oracle Corporation) -- C:\Users\louis\Desktop\jre-7u17-windows-i586-iftw (1).exe
[2013-03-15 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{8FED8E90-AFB7-4A5C-804E-FD6C7C83D836}
[2013-03-15 15:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013-03-14 23:19:54 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013-03-13 18:55:13 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\louis\Desktop\dds.com
[2013-03-13 18:52:50 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\Malwarebytes
[2013-03-13 18:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013-03-13 18:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013-03-13 18:52:40 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013-03-13 18:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013-03-13 18:52:32 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\Programs
[2013-03-13 18:44:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-03-13 18:24:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013-03-13 18:24:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013-03-13 18:24:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013-03-13 18:24:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-03-13 18:23:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-03-13 00:08:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2013-03-13 00:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013-03-13 00:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013-03-12 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\Mipony
[2013-03-12 23:55:43 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Roaming\DSite
[2013-03-12 20:52:46 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{236354CB-58A6-4AE9-9DDD-83CFEE9C4C37}
[2013-03-11 21:21:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[2013-03-11 21:21:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013-03-11 21:19:20 | 000,000,000 | ---D | C] -- C:\Users\louis\Documents\Downloads
[2013-03-11 21:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\SingAlong
[2013-03-11 19:11:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013-03-11 19:10:43 | 000,233,472 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2013-03-11 12:18:21 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{C6F85BB4-5FD4-48CD-9B1A-B3AB7F072700}
[2013-03-10 12:49:43 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{D02FAA88-9B72-4B47-808E-A8332AE6C9C5}
[2013-03-09 12:43:26 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{1A052E8C-8DF2-4EFA-BAF2-DE00E1BDE7AF}
[2013-03-08 08:45:12 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{CD4C6EE5-34F7-455C-A2AD-028267455455}
[2013-03-07 10:54:39 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{8DBDCE01-993B-4EE6-975C-C243EC1CFA3F}
[2013-03-05 13:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013-03-05 13:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013-03-05 12:09:30 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{6669907E-6845-45C8-BB1E-453A67C44977}
[2013-03-04 08:55:07 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{7C2A64D2-C3AC-4234-8ABE-568B3B79601E}
[2013-03-03 11:47:04 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{699C5894-D1A0-4775-9A41-A0B4BFC9D2D8}
[2013-03-02 23:46:39 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{EB9CB247-90FB-4B38-B2F4-924B626C699A}
[2013-03-02 09:02:53 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{656C07E9-A387-4E5B-8ED9-D7E0DBA46F6B}
[2013-03-01 10:43:36 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{66F65A7C-BB75-43CA-8ECA-CD5A43B785A2}
[2013-02-28 12:37:32 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{6F6194CA-9FB8-4594-A1A0-F36EF75FDD21}
[2013-02-27 21:42:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2013-02-27 06:48:18 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{E248CB83-7989-4C8C-99C0-0785D0F73044}
[2013-02-26 11:15:47 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{46AE903B-CA4C-4B4F-8EC8-8F0800ECE42B}
[2013-02-25 11:18:36 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{1ED60C03-0A19-4382-9453-201CB72E7757}
[2013-02-25 00:45:47 | 000,000,000 | ---D | C] -- C:\Users\louis\Documents\Misc random docs
[2013-02-24 10:26:33 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{211D595B-EAA3-4CEB-9572-EE25A71E8659}
[2013-02-23 09:03:59 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{F165B8D9-1CC1-41BA-8ACF-B5B60D5434ED}
[2013-02-22 10:53:07 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{33E61AB2-84D9-49B5-9E80-B384F3F17D29}
[2013-02-21 23:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013-02-21 12:40:32 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{050996EC-944C-4D72-BDDA-934A24EEA8B5}
[2013-02-19 11:36:11 | 000,000,000 | ---D | C] -- C:\Users\louis\AppData\Local\{1E633AF9-72A2-4703-9608-45B7A5CB8ABA}
 
========== Files - Modified Within 30 Days ==========
 
[2013-03-20 22:04:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000UA.job
[2013-03-20 21:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-03-20 21:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-03-20 21:09:05 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013-03-20 19:51:14 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-03-20 19:51:14 | 000,021,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-03-20 19:49:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-03-20 19:46:29 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-03-20 19:44:50 | 1608,974,336 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-19 20:01:54 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013-03-19 20:01:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013-03-19 20:01:54 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013-03-19 20:01:54 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013-03-19 20:01:53 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-03-19 20:01:53 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-03-19 20:01:53 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013-03-19 20:01:53 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013-03-19 20:01:53 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013-03-19 20:01:53 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-03-19 20:01:53 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013-03-19 20:01:53 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-03-19 20:01:52 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-03-19 20:01:52 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-03-19 20:01:52 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013-03-19 20:01:52 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013-03-19 20:01:52 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013-03-19 20:01:52 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013-03-19 20:01:52 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013-03-19 20:01:52 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013-03-19 20:01:52 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013-03-19 20:01:52 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013-03-19 20:01:52 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013-03-19 20:01:51 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-03-19 20:01:51 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013-03-19 20:01:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013-03-19 20:01:51 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013-03-19 20:01:51 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013-03-19 20:01:51 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013-03-19 20:01:51 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013-03-19 20:01:51 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-03-19 20:01:51 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013-03-19 20:01:51 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013-03-19 20:01:51 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013-03-19 20:01:51 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013-03-19 20:01:51 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013-03-19 20:01:50 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013-03-19 20:00:10 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013-03-19 20:00:10 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013-03-19 20:00:10 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013-03-19 20:00:10 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013-03-19 20:00:10 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013-03-19 20:00:09 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013-03-19 20:00:09 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013-03-19 20:00:09 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013-03-19 20:00:09 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013-03-19 20:00:09 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013-03-19 20:00:09 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013-03-19 20:00:09 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013-03-19 20:00:09 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013-03-19 20:00:09 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013-03-19 20:00:09 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013-03-19 20:00:09 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013-03-19 20:00:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013-03-19 20:00:09 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013-03-19 20:00:09 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013-03-19 20:00:09 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013-03-19 17:50:41 | 000,631,318 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-03-19 17:50:41 | 000,111,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-03-18 20:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\louis\Desktop\OTL.exe
[2013-03-18 09:04:25 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000Core.job
[2013-03-17 16:48:39 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013-03-17 16:48:35 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013-03-17 16:48:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013-03-17 16:48:35 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013-03-17 16:48:33 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013-03-17 16:48:33 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013-03-17 16:42:28 | 000,897,448 | ---- | M] (Oracle Corporation) -- C:\Users\louis\Desktop\jre-7u17-windows-i586-iftw (1).exe
[2013-03-14 12:16:35 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-03-14 12:16:34 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013-03-14 08:18:16 | 000,597,667 | ---- | M] () -- C:\Users\louis\Desktop\adwcleaner (1).exe
[2013-03-13 22:58:28 | 261,200,500 | ---- | M] () -- C:\Users\louis\Desktop\registry backup.reg
[2013-03-13 18:56:47 | 000,890,798 | ---- | M] () -- C:\Users\louis\Desktop\SecurityCheck.exe
[2013-03-13 18:55:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\louis\Desktop\dds.com
[2013-03-13 18:52:42 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-13 18:43:50 | 000,030,208 | ---- | M] () -- C:\Users\louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-03-13 18:43:50 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013-03-13 18:40:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-03-13 13:36:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-03-13 13:36:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-03-13 09:14:33 | 000,054,651 | ---- | M] () -- C:\Users\louis\Desktop\hijackthis log
[2013-03-13 08:22:21 | 000,006,924 | ---- | M] () -- C:\Windows\wininit.ini
[2013-03-13 00:08:27 | 000,001,249 | ---- | M] () -- C:\Users\louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013-03-13 00:08:27 | 000,001,225 | ---- | M] () -- C:\Users\louis\Desktop\Spybot - Search & Destroy.lnk
[2013-03-11 21:32:48 | 000,000,830 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013-03-08 18:29:29 | 000,622,227 | ---- | M] () -- C:\Users\louis\Desktop\photo 1.JPG
[2013-03-04 13:37:26 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013-03-04 13:37:26 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013-03-04 13:37:26 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013-03-04 13:37:24 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr100.dll
[2013-03-04 13:37:24 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp100.dll
[2013-02-26 21:01:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013-02-24 22:51:12 | 000,913,539 | ---- | M] () -- C:\Users\louis\Desktop\DSC_4140.JPG
[2013-02-24 22:51:08 | 000,766,191 | ---- | M] () -- C:\Users\louis\Desktop\DSC_4137.JPG
[2013-02-20 23:16:16 | 000,000,968 | ---- | M] () -- C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013-03-19 20:01:51 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013-03-14 08:18:15 | 000,597,667 | ---- | C] () -- C:\Users\louis\Desktop\adwcleaner (1).exe
[2013-03-13 22:57:19 | 261,200,500 | ---- | C] () -- C:\Users\louis\Desktop\registry backup.reg
[2013-03-13 18:56:41 | 000,890,798 | ---- | C] () -- C:\Users\louis\Desktop\SecurityCheck.exe
[2013-03-13 18:52:42 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013-03-13 18:24:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013-03-13 18:24:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013-03-13 18:24:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013-03-13 18:24:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013-03-13 18:24:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013-03-13 13:36:13 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2013-03-13 13:36:13 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2013-03-13 09:14:33 | 000,054,651 | ---- | C] () -- C:\Users\louis\Desktop\hijackthis log
[2013-03-13 08:21:20 | 000,006,924 | ---- | C] () -- C:\Windows\wininit.ini
[2013-03-13 00:08:27 | 000,001,249 | ---- | C] () -- C:\Users\louis\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2013-03-13 00:08:27 | 000,001,225 | ---- | C] () -- C:\Users\louis\Desktop\Spybot - Search & Destroy.lnk
[2013-03-11 21:22:53 | 000,000,830 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013-03-11 21:19:21 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
[2013-03-11 19:10:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013-03-11 19:10:43 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2013-03-08 18:29:27 | 000,622,227 | ---- | C] () -- C:\Users\louis\Desktop\photo 1.JPG
[2013-02-27 21:42:35 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk
[2013-02-24 22:51:10 | 000,913,539 | ---- | C] () -- C:\Users\louis\Desktop\DSC_4140.JPG
[2013-02-24 22:50:55 | 000,766,191 | ---- | C] () -- C:\Users\louis\Desktop\DSC_4137.JPG
[2013-02-24 22:44:52 | 001,229,694 | ---- | C] () -- C:\Users\louis\Desktop\DSC_3973.JPG
[2013-02-24 22:44:52 | 001,203,419 | ---- | C] () -- C:\Users\louis\Desktop\DSC_3972.JPG
[2012-11-10 16:12:39 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012-10-13 00:26:11 | 000,030,208 | ---- | C] () -- C:\Users\louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-08-28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012-08-28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012-08-28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012-08-28 10:04:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-08-28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012-01-18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012-01-18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012-01-18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012-01-18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-04 21:58:00 | 000,221,304 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011-10-04 21:58:00 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011-09-18 12:30:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011-09-15 12:48:42 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-09-15 12:48:40 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-09-15 12:48:34 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-09-15 12:48:34 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-09-15 12:48:33 | 000,074,752 | ---- | C] () -- C:\Windows\System3

#18 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 21 March 2013 - 07:46 AM

[2011-09-15 12:48:33 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-09-15 12:46:38 | 000,001,024 | ---- | C] () -- C:\Users\louis\.rnd
 
========== ZeroAccess Check ==========
 
[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 02:59:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013-03-14 08:18:42 | 000,015,755 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013-03-15 09:19:43 | 000,000,906 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013-03-14 08:26:16 | 000,015,928 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013-03-15 09:20:18 | 000,000,965 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2009-06-11 03:12:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2013-03-13 18:46:15 | 000,024,515 | ---- | M] () -- C:\ComboFix.txt
[2009-06-11 03:12:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013-03-20 19:44:50 | 1608,974,336 | -HS- | M] () -- C:\hiberfil.sys
[2013-03-13 13:36:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013-03-13 13:36:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-03-20 19:44:50 | 2145,300,480 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-03-19 14:33:48
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\louis\Documents\Passport Copies:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\louis\Documents\JET AIRWAYS CIRCULARS:Roxio EMC Stream
@Alternate Data Stream - 200 bytes -> C:\Users\louis\Desktop\DSC_3973.JPG:com.dropbox.attributes
@Alternate Data Stream - 199 bytes -> C:\Users\louis\Desktop\DSC_3972.JPG:com.dropbox.attributes
 
< End of report >
 

OTL Extras logfile created on: 18-03-2013 20:16:00 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\louis\Desktop
 Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy
 
2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.34% Memory free
4.00 Gb Paging File | 2.72 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.56 Gb Total Space | 7.88 Gb Free Space | 8.08% Space Free | Partition Type: NTFS
Drive D: | 368.10 Gb Total Space | 311.34 Gb Free Space | 84.58% Space Free | Partition Type: NTFS
Drive F: | 138.96 Gb Total Space | 10.85 Gb Free Space | 7.81% Space Free | Partition Type: NTFS
Drive G: | 10.00 Gb Total Space | 6.98 Gb Free Space | 69.77% Space Free | Partition Type: NTFS
 
Computer Name: LOUIS-PC | User Name: louis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019F52A1-FCFE-46C8-8CBC-29DC8238B837}" = lport=138 | protocol=17 | dir=in | app=system | 
"{13D78E1E-47AB-4727-B359-1B548612046A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2A94E2A0-1A40-4C2D-ABD0-04214DB6D1C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DB10DD8-4C8F-47D2-B2EE-6DBF9A91E747}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{38343F95-7BC4-4646-AF3A-89D28ECE9483}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{43364BD5-AD31-49B5-AF97-408F2E9A8C2E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{48BB78E3-652A-41F4-9C38-6AFC90C20BB0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{558B9C41-C3E1-4F69-AD7C-EBA58775084D}" = lport=19540 | protocol=17 | dir=in | name=sxuptp | 
"{5E55C164-8308-4C5C-A2F7-F2EFA20AF3B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{61B1917C-F8F4-4123-983F-2E3699573562}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{65EFC216-E217-456E-82CD-0E8D6A6C1582}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{728EAC79-BEC7-416B-9EE2-DE874BEA5976}" = rport=137 | protocol=17 | dir=out | app=system | 
"{78251C46-BD3C-4C45-8052-897AC1AC7571}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{7B574D8D-A1A4-4957-B55C-4FD0A94BACCF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{80308748-AC19-46E9-942A-8B43E4B8F38E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8A21C8CB-A423-4299-839F-A5CBB3371E42}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A0C1CC67-793E-4C50-B586-5429EB02148C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A94E4516-DDA6-4EA7-8E2F-941E5FFB10C6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{ACDB8616-45B6-420E-B90A-31973FC3B3D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CAB79A8B-2E0E-4B40-B800-4DB070DDB98E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CCE730CB-40A7-4E82-A4D3-5070BA9A43B4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CFCDAA86-3AD7-4384-88ED-858109B79076}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DBE4412F-3BB7-4E63-860E-A319418A9390}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E19F90FE-A414-4C9D-BFFC-D1BDD71069BE}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D778D6-A540-45B5-8C7D-EEC2AE64A980}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{0609A60C-FD68-424E-8126-1E2F00197D60}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{084D2078-3A0D-4E66-847A-7ACE08BA4DEA}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{0DF02FA2-E67E-414A-88A5-3FD4A8A3323F}" = protocol=6 | dir=in | app=c:\users\louis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{127A4ABD-7F2C-4170-8ECC-E7A3C71FB0DD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{1B7BF3DF-5324-4A7D-844F-69325DE3064E}" = protocol=17 | dir=in | app=c:\users\louis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2504E363-8C1D-4181-B8EC-5118FEF9C130}" = protocol=17 | dir=in | app=c:\users\louis\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{2BACFF8A-7186-41E5-A497-6947BABE843E}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{2E1A6882-7BB5-40A2-8346-114A23B27950}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3100050A-5D62-4EFF-9741-0B66E96FA95C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{37175D07-543F-4430-9FEF-C4B74CB3194F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{3BB2DCFE-284D-45A3-9057-DBE6C9464294}" = protocol=17 | dir=in | app=c:\program files\tango\tango.exe | 
"{415E5B16-032E-4161-820B-95C271FB933C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{417E0671-F9FC-4A1E-8DE0-5B4B94892A16}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{41A722C4-9FBD-4618-A0AF-E005BE64B793}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{42E5C208-0793-4A2B-8121-BB6428328A28}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{4BE44092-7127-4F20-A85F-CFC41100144E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{50249C13-F9BD-4EE8-ACA8-1B6E8532CC1A}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{534E5FD0-5B3F-4729-9ADE-69E55C84A9C1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{53C60742-69E7-4031-A079-B435D0F0DB80}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54A25A58-FEE4-4FB3-B2F7-5B41873A6486}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{5678AF2D-EABE-46B0-8DDE-27634E12BA62}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{5B464BBE-4ECC-40D5-9D9F-998810086F57}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{5B99197E-2E8F-4924-A440-852F541469B8}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{5CDBC4FC-E838-4668-876D-4C778F91C27E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5DAA260F-42D5-4B37-9D00-33D326A4C4DB}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{5DB47E15-EF0E-44B0-BE66-608E715AEC34}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{6106E971-E3FC-44F9-BAA6-EA13895C8FEB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{6119B591-858B-42D2-AEF2-3155D3E94D03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{62B41FB3-A278-4F7A-AB85-0EEFD6819977}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{62D2B90F-B7B5-4EE3-8548-5556F250CB5B}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{64D6DC24-A513-40B7-A6F1-AF573416CA58}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{67BDC7AA-D7FE-4EA3-9E55-976CED02D34D}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicator.exe | 
"{67FABB72-4E00-495E-929C-15B946961359}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{6CDBC830-2863-48A5-A59B-874BC93321BD}" = protocol=6 | dir=in | app=c:\program files\tango\tango.exe | 
"{75A63043-AB3D-49A4-BA34-403B83263D73}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{7A9129A0-E0CF-449F-B5C1-9767AB1CE0AB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{7C12B317-60C8-4B8E-8198-E4BF83B1B794}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{83A13DAB-D296-4EE7-AED8-159F3CA352DF}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{89395C00-289E-4D70-947F-D47A1BDF2836}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{8D967CDA-E8DE-4FFD-9DD7-6D3D322AA15C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{8F264F76-F21A-4073-A87E-3E6649ECF1CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{9090696D-1FD7-427E-A90B-3E8E04E81D8A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{926B0028-D02E-49A2-83B4-B1993742177D}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\devicesetup.exe | 
"{95AB0394-3054-412A-8ACE-3AFC4C693EA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{96934C98-FAFC-464B-AB07-00B536972B65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{9944A743-3203-4057-A408-BB30BC0E4DA1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{9AB47765-5CE7-49B3-9DF2-AFCD034C3EE3}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe | 
"{A552EE36-B690-4D7E-9AD3-C88644E24CF8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{A62C5A79-C08E-4029-B36C-9E737F274C88}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{A9D53DC6-2447-4D59-8D36-F8751C53633B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA261CF4-4DFA-4C6A-87B0-21ECBCE76EA9}" = dir=in | app=c:\program files\hp\hp deskjet 3510 series\bin\hpnetworkcommunicatorcom.exe | 
"{AF4F15C7-E07D-4510-BDE6-958BD13A05DD}" = protocol=17 | dir=in | app=c:\users\louis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B1DE0CA6-E220-4DA8-91C5-8464800ADF04}" = protocol=6 | dir=in | app=c:\users\louis\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B4AC8618-8626-455F-AB2F-A96CB2064038}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{B9C7E858-C154-4FE8-ABBC-25C033795211}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{C53F3221-7462-4F2E-AC67-621B39551521}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{C67261B3-DCCE-4CE3-A806-988BDC2626AC}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{CB0CA83F-9345-4388-A776-5B9C7C227BF7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D1FE723B-CD0A-4207-B78E-0BB8BFDE485E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D5FCFF5A-06AE-455B-8E58-E46C0C070D23}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DE62FB7C-87E0-4036-A4A7-B7DC2B85039E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{E2B426D0-6ECA-4D2B-88D6-492B28085096}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E36C1553-BE19-4672-84F1-F06309C6FFEC}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{E599035E-E944-4B3A-95A7-1932E67A501C}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{E96D19E6-9894-4D76-A0ED-B240F5A703B3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{EE515447-8A05-4CE9-A693-CB255DD55396}" = protocol=6 | dir=in | app=c:\users\louis\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{F5049D5D-8680-41BA-B095-9031EF095746}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{FB5FE2C4-7CF3-46B8-98EB-C9AFF8886EC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{FE05C3A3-D019-45A1-8EC0-BA6E7865B3F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{1C8B427C-7836-4325-99AB-AC9ED7E7AF90}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{1EC1C096-B007-4311-96AA-29126224BF49}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{F11FFFB5-2D74-4E33-96A3-367656784C55}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{2D804EE4-31EB-4AEA-8C89-EB18CCF0BA12}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{62A94295-9DF5-40BC-94C8-D7E00F1B21ED}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{98151A85-339C-48D1-8FC2-AF87604A2ED9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FAC4FDE-4E93-42CE-866B-5831395A025B}" = iVMS-4000(v2.0)
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{509E7E30-8EC3-449B-8C59-B952E7489B0F}" = D-Link DSLs
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5FF6DDD0-72CD-4915-9515-BF2C7CAF1F5D}" = SIMCardReaderPro
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9262B08F-E183-4FED-A2BD-23FF1A84EB67}" = HPDiagnosticCoreDll
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E5D4DF-E42D-4E26-9B27-BB6A3CA5AF0C}" = HP Deskjet 3510 series Basic Device Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}" = HP Deskjet 3510 series Help
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DD60885C-0CBE-40D8-AA14-11D8EDD7D97C}" = Citrix Receiver Inside
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5930634-77B2-46FF-B5B1-EFD86D41E2E9}" = HP Deskjet 3510 series Product Improvement Study
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EAC98582-5ED4-3BCA-BCD5-9E1A328BD7BE}" = Google Talk Plugin
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F7D739D1-B597-4802-A4CB-E1FBF326C9B0}" = QuickShare
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem  (02/25/2011 7.01.0.9)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BitTorrent" = BitTorrent
"Card Reader Driver and USIM Editor Program_is1" = USIM Editor 1.0.35.0
"CitrixOnlinePluginPackWeb" = Citrix Receiver
"CrashCarRacer_is1" = Crash Car Racer
"Crescendo" = Crescendo Music Notation Editor
"Cross Racing Championship 2005" = Cross Racing Championship 2005
"Dell Dock" = Dell Dock
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem  (02/25/2011 4.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressZip" = Express Zip
"Freecorder5.11" = Freecorder 5
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MediaCoder iPhone Edition" = MediaCoder iPhone Edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MixPad" = MixPad Audio Mixer
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStage" = PhotoStage Slideshow Producer
"Safelog - CAA/JAA Logbook_is1" = Safelog - CAA/JAA Logbook
"Shop for HP Supplies" = Shop for HP Supplies
"singalong@xenophesoft.com" = Sing Along
"Supercross Kings" = Supercross Kings
"TeamViewer 6" = TeamViewer 6
"Video Mover_is1" = Video Mover
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 2.0.4
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17-03-2013 13:13:41 | Computer Name = louis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17-03-2013 13:13:41 | Computer Name = louis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1061
 
Error - 17-03-2013 13:13:41 | Computer Name = louis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1061
 
Error - 17-03-2013 13:13:42 | Computer Name = louis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17-03-2013 13:13:42 | Computer Name = louis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059
 
Error - 17-03-2013 13:13:42 | Computer Name = louis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059
 
Error - 17-03-2013 23:34:17 | Computer Name = louis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567, 
time stamp: 0x4d6727a7  Faulting module name: Explorer.EXE, version: 6.1.7601.17567,
 time stamp: 0x4d6727a7  Exception code: 0xc0000005  Fault offset: 0x0005f739  Faulting
 process id: 0x684  Faulting application start time: 0x01ce23896631570c  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\Explorer.EXE  Report
 Id: b619bf34-8f7c-11e2-9d6a-0019d1655ec4
 
Error - 17-03-2013 23:35:25 | Computer Name = louis-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18-03-2013 10:40:46 | Computer Name = louis-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NMIndexStoreSvr.exe, version: 3.3.8.0, 
time stamp: 0x4860cce5  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x00000100  Faulting process id:
 0xd4c  Faulting application start time: 0x01ce23e68c652f7a  Faulting application path:
 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe  Faulting module path:
 unknown  Report Id: d14d285c-8fd9-11e2-b0fc-0019d1655ec4
 
Error - 18-03-2013 10:42:04 | Computer Name = louis-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17-03-2013 23:33:49 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7000
Description = The Afa Card Reader Service service failed to start due to the following
 error:   %%2
 
Error - 17-03-2013 23:34:06 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sfdrv01  sfsync02
 
Error - 17-03-2013 23:36:07 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 17-03-2013 23:36:07 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
Error - 18-03-2013 10:40:06 | Computer Name = louis-PC | Source = Application Popup | ID = 875
Description = Driver sfsync02.sys has been blocked from loading.
 
Error - 18-03-2013 10:40:07 | Computer Name = louis-PC | Source = Application Popup | ID = 875
Description = Driver sfdrv01.sys has been blocked from loading.
 
Error - 18-03-2013 10:40:25 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7000
Description = The Afa Card Reader Service service failed to start due to the following
 error:   %%2
 
Error - 18-03-2013 10:40:36 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   sfdrv01  sfsync02
 
Error - 18-03-2013 10:42:36 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7038
Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
 with the currently configured password due to the following error:   %%1330    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 18-03-2013 10:42:36 | Computer Name = louis-PC | Source = Service Control Manager | ID = 7000
Description = The NVIDIA Update Service Daemon service failed to start due to the
 following error:   %%1069
 
 
< End of report >
 


#19 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 22 March 2013 - 06:08 PM

Hey burpingbutterfly,

 

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#20 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 23 March 2013 - 08:59 AM

Hey Dark Knight,

 

Here you go:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Home Basic x86
Ran by louis on 23-03-2013 at 19:16:30.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} 
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin
Successfully deleted: [Registry Key] hkey_classes_root\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\recipehub_2jei"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23-03-2013 at 19:20:24.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#21 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 24 March 2013 - 02:55 AM

Does the issue remain?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#22 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 24 March 2013 - 11:16 AM

Hey Dark Knight,

 

Yes it still remains :(

 

In fact I just got a popup even from this website. Anything else I can do??



#23 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 26 March 2013 - 03:28 PM

Hello burpingbutterfly,

 

Please download to the Desktop (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#24 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 29 March 2013 - 09:31 AM

Hello Dark Knight,

 

Sorry about the delayed response. My internet was giving me trouble.

 

Ran Roguekiller and here's the report:

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : louis [Admin rights]
Mode : Scan -- Date : 03/29/2013 19:58:05
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT
-> F:\Users\Default User\NTUSER.DAT
-> F:\Users\Patronage\NTUSER.DAT
-> F:\Users\Public\NTUSER.DAT
-> F:\Documents and Settings\Default\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> G:\windows\system32\config\SOFTWARE
-> G:\windows\system32\config\SYSTEM
-> G:\Users\Default\NTUSER.DAT
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST500DM002-1BC142 +++++
--- User ---
[MBR] 124ebff38bbea8a119fda342e66a97ca
[BSP] ad850edd0ca1f19b7e120c512b261b2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 376939 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: Hitachi HDS721616PLA380 +++++
--- User ---
[MBR] fdef7da84f5db4c043ef7d4ae8326629
[BSP] bdf99326810b3ea5b3c85f61013cb3ba : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_03292013_02d1958.txt >>
RKreport[1]_S_03292013_02d1958.txt


#25 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 29 March 2013 - 05:06 PM

Hey burpingbutterfly,

 

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.

 

=====

 

Then, please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.
Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.
Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.
Once it has finished select the Report tab.
Select the Detected threats report from the left and press the Save button.
Save it to your Desktop and post the contents in your next reply.

 

=====

 

Please provide both logs in your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#26 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 31 March 2013 - 12:56 AM

Hey dark knight,

 

Okay so I did what you asked with roguekiller. It worked fine. However, I'm not sure if it's my computer or Kaspersky but every time I run it, it just hangs. The first time however, it did find three threats which I deleted but the app hung by the time I got to Reports. I've been trying to run it again but it wont work. Here's the roguekiller report:

 

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : louis [Admin rights]
Mode : Remove -- Date : 03/30/2013 11:13:26
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT
-> F:\Users\Default User\NTUSER.DAT
-> F:\Users\Patronage\NTUSER.DAT
-> F:\Users\Public\NTUSER.DAT
-> F:\Documents and Settings\Default\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> G:\windows\system32\config\SOFTWARE
-> G:\windows\system32\config\SYSTEM
-> G:\Users\Default\NTUSER.DAT
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST500DM002-1BC142 +++++
--- User ---
[MBR] 124ebff38bbea8a119fda342e66a97ca
[BSP] ad850edd0ca1f19b7e120c512b261b2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 376939 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: Hitachi HDS721616PLA380 +++++
--- User ---
[MBR] fdef7da84f5db4c043ef7d4ae8326629
[BSP] bdf99326810b3ea5b3c85f61013cb3ba : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[4]_D_03302013_02d1113.txt >>
RKreport[1]_S_03292013_02d1958.txt ; RKreport[2]_S_03292013_02d2003.txt ; RKreport[3]_S_03302013_02d1111.txt ; RKreport[4]_D_03302013_02d1113.txt


#27 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 31 March 2013 - 09:36 PM

Hello burpingbutterfly,

 

Please try RogueKiller in Safe Mode and let me know how you get on.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#28 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 01 April 2013 - 01:14 AM

Hello Dark Knight,
Belated Easter wishes. So, I ran roguekiller in safe mode. Attached is the report. 
 
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode
User : louis [Admin rights]
Mode : Scan -- Date : 04/01/2013 11:27:21
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ Extern Hives: ¤¤¤
-> F:\windows\system32\config\SOFTWARE
-> F:\windows\system32\config\SYSTEM
-> F:\Users\Default\NTUSER.DAT
-> F:\Users\Default User\NTUSER.DAT
-> F:\Users\Patronage\NTUSER.DAT
-> F:\Users\Public\NTUSER.DAT
-> F:\Documents and Settings\Default\NTUSER.DAT
-> F:\Documents and Settings\Default User\NTUSER.DAT
-> F:\Documents and Settings\UpdatusUser\NTUSER.DAT
-> G:\windows\system32\config\SOFTWARE
-> G:\windows\system32\config\SYSTEM
-> G:\Users\Default\NTUSER.DAT
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST500DM002-1BC142 +++++
--- User ---
[MBR] 124ebff38bbea8a119fda342e66a97ca
[BSP] ad850edd0ca1f19b7e120c512b261b2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 376939 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: Hitachi HDS721616PLA380 +++++
--- User ---
[MBR] fdef7da84f5db4c043ef7d4ae8326629
[BSP] bdf99326810b3ea5b3c85f61013cb3ba : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[5]_S_04012013_02d1127.txt >>
RKreport[1]_S_03292013_02d1958.txt ; RKreport[2]_S_03292013_02d2003.txt ; RKreport[3]_S_03302013_02d1111.txt ; RKreport[4]_D_03302013_02d1113.txt ; RKreport[5]_S_04012013_02d1127.txt


#29 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 02 April 2013 - 03:31 PM

Hey burpingbutterfly,

 

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.


Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#30 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 03 April 2013 - 10:35 PM

Hello!

 

It looks like it didn't detect anything. Here are the logs:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
 
Database version: v2012.12.14.11
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
louis :: LOUIS-PC [administrator]
 
13-03-2013 18:54:14
mbam-log-2013-03-13 (18-54-14).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237830
Time elapsed: 6 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.04.03.07
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
louis :: LOUIS-PC [administrator]
 
Protection: Enabled
 
03-04-2013 23:55:11
mbam-log-2013-04-03 (23-55-11).txt
 
Scan type: Full scan (C:\|D:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 634707
Time elapsed: 4 hour(s), 16 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#31 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 03 April 2013 - 10:55 PM

Hey burpingbutterfly,

 

There should be another log from the actual rootkit scanner part of MBAR.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#32 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 04 April 2013 - 04:54 AM

Hello Dark Knight,

this is from the MBAR. scan finished with no malware found! 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16521
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145300480, free: 881000448
 
------------ Kernel report ------------
     04/04/2013 14:29:10
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\sfhlp02.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\FsUsbExDisk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff87cd9ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8771bca8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87cd9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff877194f8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87cd8030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff87c7ab80
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87cd75c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff87ccf030
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86d81a20
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff85f88028
Lower Device Driver Name: \Driver\iaStorV\
Driver name found: iaStorV
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86d802e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85f76028
Lower Device Driver Name: \Driver\iaStorV\
Driver name found: iaStorV
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16521
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145300480, free: 865423360
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16521
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 2145300480, free: 862273536
 
------------ Kernel report ------------
     04/04/2013 14:29:33
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStorV.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\sfhlp02.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1e6232.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\sxuptp.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStorV.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\FsUsbExDisk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\ole32.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff87cd9ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff8771bca8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff886ec688
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff87cd9030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006e\
Lower Device Object: 0xffffffff877194f8
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff886e7048
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff87cd8030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff87c7ab80
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff886ee478
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87cd75c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff87ccf030
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xffffffff8861f288
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86d81a20
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xffffffff85f88028
Lower Device Driver Name: \Driver\iaStorV\
Device already Exists: 0xffffffff88407af8
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86d802e0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85f76028
Lower Device Driver Name: \Driver\iaStorV\
Device already Exists: 0xffffffff86d55728
Downloaded database version: v2013.04.04.02
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86d802e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d81020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d802e0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85f76028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa6784058, 0xffffffff86d802e0, 0xffffffff859a2ac8
Lower DeviceData: 0xffffffffa6a0b2d8, 0xffffffff85f76028, 0xffffffff86d55728
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BB50EAEA
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 204593152
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204800000  Numsec = 771971072
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff86d81a20, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d81658, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d81a20, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85f88028, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStorV\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffa7ffcf88, 0xffffffff86d81a20, 0xffffffff88a54ac8
Lower DeviceData: 0xffffffff8abc1090, 0xffffffff85f88028, 0xffffffff88407af8
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 30000000
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 112392
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 112640  Numsec = 20971520
 
    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 21084160  Numsec = 291411968
    Partition file system is NTFS
    Partition is bootable
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 160000000000 bytes
Sector size: 512 bytes
 
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff87cd75c8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87cd53f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87cd75c8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87ccf030, DeviceName: \Device\0000006c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff87cd8030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87cd7d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87cd8030, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff87c7ab80, DeviceName: \Device\0000006d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff87cd9030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87cd8d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87cd9030, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff877194f8, DeviceName: \Device\0000006e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff87cd9ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87cd97a8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87cd9ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8771bca8, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
=======================================
 
 
Read File: File "c:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.lan" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\instance.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.dat" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.lan" is compressed (flags = 1)
Read File: File "c:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\instance.dat" is compressed (flags = 1)
Done!
Scan finished


#33 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 04 April 2013 - 06:32 AM

Hey burpingbutterfly,

 

OK thank you.

 

Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif
  • Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select Run as administrator).

  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
  • on the next button.
  • Click on the "Export scan results to XML file".
  • Save that file to your Desktop and zip and attach it in your next reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#34 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 06 April 2013 - 11:29 AM

Hi Dark Knight,

 

I did as you asked. I didn't come across a "Export Scan Results to XML file" option but there was a "Save log" option . Here it is:

 

 

HitmanPro 3.7.3.193
www.hitmanpro.com
 
   Computer name . . . . : LOUIS-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : louis-PC\louis
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2013-04-06 21:52:11
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 24s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 64
 
   Objects scanned . . . : 1,153,308
   Files scanned . . . . : 31,241
   Remnants scanned  . . : 263,469 files / 858,598 keys
 
Malware _____________________________________________________________________
 
   C:\Users\louis\Downloads\setup.exe
      Size . . . . . . . : 15,349,744 bytes
      Age  . . . . . . . : 26.0 days (2013-03-11 21:17:16)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 9BBF74A61B660289944DAB44166A53E00EA6F3AB7FB6E7C5B4620364296FDFAF
      Product  . . . . . : Media converter                                             
      Publisher  . . . . :                                                             
      Description  . . . : Media converter Setup                                       
      Version
      Copyright  . . . . :                                                                                                     
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Emsisoft . . . . . : Trojan.Win32.Amonetize.AMN!A2
      Fuzzy  . . . . . . : 99.0
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}\ (Babylon)
   HKU\S-1-5-21-3663218948-249224238-3298779809-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
 
Cookies _____________________________________________________________________
 
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:adinterax.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.admarvel.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.gamesbannernet.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ibibo.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:bshg.122.2o7.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:care2.112.2o7.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:content-ssl.yieldmanager.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:emjcd.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.adotube.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.gawker.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.in.omgpm.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:winzip.122.2o7.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.burstnet.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
 
 


#35 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 06 April 2013 - 07:38 PM

Howdy burpingbutterfly,

 

Please re-run AdwCleaner and post a fresh log in your reply.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#36 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 07 April 2013 - 02:39 AM

Hi there,

 

Here's the log:

 

 

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 13:09:06
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : louis - LOUIS-PC
# Boot Mode : Normal
# Running from : C:\Users\louis\Downloads\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Users\louis\AppData\Local\PackageAware
 
***** [Registry] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16521
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.43
 
File : C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [15755 octets] - [14/03/2013 08:18:29]
AdwCleaner[R2].txt - [906 octets] - [15/03/2013 09:19:30]
AdwCleaner[R3].txt - [2283 octets] - [07/04/2013 13:09:06]
AdwCleaner[S1].txt - [15928 octets] - [14/03/2013 08:25:54]
AdwCleaner[S2].txt - [965 octets] - [15/03/2013 09:19:52]
 
########## EOF - C:\AdwCleaner[R3].txt - [2463 octets] ##########


#37 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 07 April 2013 - 05:44 AM

Hey burpingbutterfly,

 

Please use the delete function. Post the new log.

 

Are you still being redirected?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#38 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 07 April 2013 - 06:23 AM

Hi!

 

Here's the new log:

 

# AdwCleaner v2.200 - Logfile created 04/07/2013 at 16:44:22
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (32 bits)
# User : louis - LOUIS-PC
# Boot Mode : Normal
# Running from : C:\Users\louis\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\Users\louis\AppData\Local\PackageAware
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16521
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.43
 
File : C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [15755 octets] - [14/03/2013 08:18:29]
AdwCleaner[R2].txt - [906 octets] - [15/03/2013 09:19:30]
AdwCleaner[R3].txt - [2532 octets] - [07/04/2013 13:09:06]
AdwCleaner[R4].txt - [2592 octets] - [07/04/2013 13:27:00]
AdwCleaner[R5].txt - [2652 octets] - [07/04/2013 16:43:55]
AdwCleaner[S1].txt - [15928 octets] - [14/03/2013 08:25:54]
AdwCleaner[S2].txt - [965 octets] - [15/03/2013 09:19:52]
AdwCleaner[S3].txt - [2621 octets] - [07/04/2013 16:44:22]
 
########## EOF - C:\AdwCleaner[S3].txt - [2681 octets] ##########
 
 
I haven't been redirected yet nor have there been any popups so far but there are still ads on my Google and yahoo pages that say "ads not by this site". The kinds that say "Work from home..." and a couple with jumping iPhones. 


#39 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 07 April 2013 - 04:38 PM

Good morning burpingbutterfly,

 

What is this program: C:\Program Files\SingAlong


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#40 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 08 April 2013 - 12:31 AM

Good morning Dark Knight,
Online research says that - SingAlong seems to be an adware popup. Oh, and the popups started again.. 
Also sometimes 'https' popup windows open.. copied the link from one of the popups for reference! 
 
[url=hxxp://ad.adserverplus.com/rw?title=&qs=iframe3?zVWlCb3lPQAhsfcAAAAAANzOKgAAAAAAAgAIAAAAAAAAAP8AAAACC1gcTAAAAAAA92oNAAAAAABAEzgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNBcAAAAAAAICAwAAgD8AAAAAAAAAAADXo3DdikDGPwAAAAAAAAAAMzMz8-rJzz8AAAAAAAAAAAAAAIAKfNw.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABj.Tm4JjqrDc.bA8ujBagnOMODdK8-HkIt0HUJAAAAAA
 
 
EDIT: disabled live link. Please do not post live links as users may click on them and become infected.

Edited by Rocket Grannie, 08 April 2013 - 07:46 AM.
disabled live link


#41 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 09 April 2013 - 04:24 PM

Hey burpingbutterfly,

 

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::

    File::
    c:\windows\Tasks\Sing Along Update.job

    Folders::
    c:\program files\SingAlong

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}]

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.
 

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#42 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 April 2013 - 10:08 AM

Hi Dark Knight,

 

I did as you asked. Here is the log:

 

ComboFix 13-03-12.02 - louis 10-04-2013  20:11:15.2.2 - x86
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2046.1308 [GMT 5.5:30]
Running from: c:\users\louis\Downloads\ComboFix.exe
Command switches used :: c:\users\louis\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\windows\Tasks\Sing Along Update.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\louis\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-10 to 2013-04-10  )))))))))))))))))))))))))))))))
.
.
2013-04-10 14:50 . 2013-04-10 14:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-10 14:50 . 2013-04-10 14:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-10 05:59 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{252A5DA8-B106-4E22-8059-DD52ADE61F59}\mpengine.dll
2013-04-09 05:59 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-06 16:21 . 2013-04-06 16:28 -------- d-----w- c:\programdata\HitmanPro
2013-04-04 08:54 . 2013-04-04 08:55 -------- d-----w- c:\users\louis\AppData\Local\WinZip
2013-04-04 08:54 . 2013-04-04 08:54 -------- d-----w- c:\programdata\WinZip
2013-03-30 08:02 . 2013-03-30 08:02 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-29 06:08 . 2013-03-29 06:08 -------- d-----w- c:\users\louis\AppData\Local\Diagnostics
2013-03-23 13:46 . 2013-03-26 14:59 -------- d-----w- C:\JRT
2013-03-21 06:49 . 2012-11-28 13:30 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FED3EA6E-B062-4446-8243-3A1F1F43B6D6}\gapaengine.dll
2013-03-19 14:30 . 2013-03-19 14:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-17 11:28 . 2013-03-17 11:28 -------- d-----w- c:\program files\Common Files\Java
2013-03-17 11:19 . 2013-03-17 11:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 11:18 . 2013-03-17 11:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 10:20 . 2013-03-15 10:20 -------- d-----w- c:\program files\ESET
2013-03-14 17:49 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 13:22 . 2013-03-13 13:22 -------- d-----w- c:\users\louis\AppData\Roaming\Malwarebytes
2013-03-13 13:22 . 2013-03-13 13:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-13 13:22 . 2013-04-03 18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-13 13:22 . 2012-12-14 11:19 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-13 13:22 . 2013-03-13 13:22 -------- d-----w- c:\users\louis\AppData\Local\Programs
2013-03-12 18:37 . 2013-03-13 12:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-12 18:37 . 2013-03-12 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-03-12 18:27 . 2013-03-12 18:29 -------- d-----w- c:\users\louis\AppData\Roaming\Mipony
2013-03-12 18:25 . 2013-03-12 18:25 -------- d-----w- c:\users\louis\AppData\Roaming\DSite
2013-03-11 15:51 . 2013-03-11 15:51 -------- d-----w- c:\windows\system32\searchplugins
2013-03-11 15:51 . 2013-03-11 15:51 -------- d-----w- c:\windows\system32\Extensions
2013-03-11 15:49 . 2013-03-11 15:49 -------- d-----w- c:\program files\SingAlong
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2011-09-15 06:59 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-17 11:18 . 2011-09-15 07:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-14 06:46 . 2012-04-07 06:08 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 06:46 . 2011-09-15 12:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-04 08:07 . 2012-10-12 16:36 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-03-04 08:07 . 2012-10-12 16:36 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-03-04 08:07 . 2012-10-12 16:36 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-03-04 08:07 . 2011-02-19 17:33 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-04 08:07 . 2011-02-18 19:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-02-12 20:59 . 2013-02-12 20:59 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-12 20:45 . 2013-02-12 20:45 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-12 04:48 . 2013-03-13 12:37 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-05 08:54 . 2013-03-11 13:40 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-02-05 08:54 . 2013-03-11 13:40 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-01-20 10:29 . 2013-01-20 10:29 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 10:29 . 2010-10-24 15:55 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"<NO NAME>"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-11 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 03:34 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:46]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000Core.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000UA.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-04-10 c:\windows\Tasks\Sing Along Update.job
- c:\program files\SingAlong\SingalngUpdater.exe [2013-02-28 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} - hxxp://192.168.1.64/codebase/WebClientActiveX.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Freecorder5.11 - c:\program files\Freecorder\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2388)
c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-04-10  20:28:49 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-10 14:58
ComboFix2.txt  2013-03-13 13:16
.
Pre-Run: 7,180,935,168 bytes free
Post-Run: 7,127,183,360 bytes free
.
- - End Of File - - C0FDF5C308AEC0CBCB79E49A0DB039BB


#43 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 10 April 2013 - 12:32 PM

Dark Knight,

 

Internet explorer so far seems to be clean but the problem persists with Chrome. While running Combofix, it did say "All files could not be deleted". Just thought I'd let you know



#44 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 10 April 2013 - 04:42 PM

Hey burpingbutterfly,

 

Please uninstall and reinstall Chrome:

 

http://support.googl...en&answer=95319

 

Did that remove the issue?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#45 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 11 April 2013 - 11:29 AM

Hello!

 

I uninstalled and reinstalled Chrome but the problem persists! :(



#46 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 11 April 2013 - 04:32 PM

Hello burpingbutterfly,

 

Please boot into Safe Mode (restart and tap F8 repeatedly).

 

Then, please follow these instructions to remove the remaining malicious entries:
 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

     

    killall::

    File::
    c:\windows\Tasks\Sing Along Update.job

    Folders::
    c:\program files\SingAlong

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}]

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.


Please post the ComboFix.txt in your next reply.

 

How are things on your computer now?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#47 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 12 April 2013 - 01:18 PM

Hi Dark Knight,

 

I did as asked but the problem still remains! Just opened yahoo's homepage and saw a Babylon ad. Internet Explorer seems clean. Not sure why. Here's the log:

 

 

ComboFix 13-04-12.02 - louis 12-04-2013  23:27:30.3.2 - x86 MINIMAL
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2046.1233 [GMT 5.5:30]
Running from: c:\users\louis\Downloads\ComboFix.exe
Command switches used :: c:\users\louis\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
FILE ::
"c:\windows\Tasks\Sing Along Update.job"
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-12 to 2013-04-12  )))))))))))))))))))))))))))))))
.
.
2013-04-12 18:05 . 2013-04-12 18:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-12 18:05 . 2013-04-12 18:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-12 18:05 . 2013-04-12 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 06:30 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-12 06:30 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-12 06:30 . 2012-08-23 14:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-12 06:30 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-12 06:30 . 2012-08-23 14:41 27136 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-04-12 06:30 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-12 06:22 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-04-12 06:22 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-12 06:22 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-12 06:22 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-04-12 06:22 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-12 06:21 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 07:08 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-11 06:07 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 06:07 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 06:07 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 06:07 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 06:07 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 06:07 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-06 16:21 . 2013-04-06 16:28 -------- d-----w- c:\programdata\HitmanPro
2013-04-04 08:54 . 2013-04-04 08:55 -------- d-----w- c:\users\louis\AppData\Local\WinZip
2013-04-04 08:54 . 2013-04-04 08:54 -------- d-----w- c:\programdata\WinZip
2013-03-30 08:02 . 2013-03-30 08:02 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-29 06:08 . 2013-03-29 06:08 -------- d-----w- c:\users\louis\AppData\Local\Diagnostics
2013-03-23 13:46 . 2013-03-26 14:59 -------- d-----w- C:\JRT
2013-03-21 06:49 . 2012-11-28 13:30 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FED3EA6E-B062-4446-8243-3A1F1F43B6D6}\gapaengine.dll
2013-03-19 14:30 . 2013-03-19 14:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-17 11:28 . 2013-03-17 11:28 -------- d-----w- c:\program files\Common Files\Java
2013-03-17 11:19 . 2013-03-17 11:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 11:18 . 2013-03-17 11:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-15 10:20 . 2013-03-15 10:20 -------- d-----w- c:\program files\ESET
2013-03-14 17:49 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 06:20 . 2012-04-07 06:08 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 06:20 . 2011-09-15 12:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 09:20 . 2013-03-13 13:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33 . 2011-09-15 06:59 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-17 11:18 . 2011-09-15 07:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-04 08:07 . 2012-10-12 16:36 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-03-04 08:07 . 2012-10-12 16:36 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-03-04 08:07 . 2012-10-12 16:36 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-03-04 08:07 . 2011-02-19 17:33 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-04 08:07 . 2011-02-18 19:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-02-25 18:52 . 2013-02-25 18:52 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 18:52 . 2012-10-10 15:44 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-25 18:52 . 2013-02-25 18:52 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 18:52 . 2012-10-10 15:44 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-25 18:52 . 2011-09-15 06:53 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-25 18:52 . 2011-09-15 06:53 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-25 18:52 . 2011-05-21 00:31 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-25 18:52 . 2013-02-25 18:52 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 18:52 . 2013-02-25 18:52 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 18:52 . 2013-02-25 18:52 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-25 18:52 . 2013-02-25 18:52 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 18:52 . 2013-02-25 18:52 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-18 03:52 . 2013-02-18 03:52 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-02-18 03:52 . 2013-02-18 03:52 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-18 03:52 . 2013-02-18 03:52 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-02-12 20:59 . 2013-02-12 20:59 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-12 20:45 . 2013-02-12 20:45 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-12 04:48 . 2013-03-13 12:37 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-05 08:54 . 2013-03-11 13:40 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-02-05 08:54 . 2013-03-11 13:40 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-01-20 10:29 . 2013-01-20 10:29 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 10:29 . 2010-10-24 15:55 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 14:21 . 2009-09-27 12:17 3005728 ----a-w- c:\windows\system32\nvsvc.dll
2013-01-18 14:21 . 2009-09-27 12:16 4133664 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 14:20 . 2009-09-27 12:17 639776 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 14:20 . 2009-09-27 12:17 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 14:20 . 2009-09-27 12:17 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 14:20 . 2009-09-27 12:17 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 02:45 . 2013-01-18 02:45 550176 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"<NO NAME>"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-11 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 03:34 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ   GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 11:44 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:20]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000Core.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000UA.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-04-12 c:\windows\Tasks\Sing Along Update.job
- c:\program files\SingAlong\SingalngUpdater.exe [2013-02-28 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} - hxxp://192.168.1.64/codebase/WebClientActiveX.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3024)
c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-04-12  23:41:58 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-12 18:11
ComboFix2.txt  2013-04-10 14:58
ComboFix3.txt  2013-03-13 13:16
.
Pre-Run: 6,276,182,016 bytes free
Post-Run: 6,215,692,288 bytes free
.
- - End Of File - - B188C8D98514DC175309075346066ACE


#48 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 12 April 2013 - 07:05 PM

Hey burpingbutterfly,

 

I notice that you have Spybot's TeaTimer running.  While this is normally a wonderful tool to protect against hijackers, it can also interfere with many fixes and tools you may run. Please disable TeaTimer by doing the following:

  • Run Spybot-S&D.
  • Go to the Mode menu, and make sure Advanced Mode is selected.
  • On the left hand side, choose Tools -> Resident.
  • Uncheck Resident TeaTimer and OK any prompts.
I will give you instructions on how to re-enable TeaTimer once your system is clean.
 

=====

 

Then, please follow these instructions to remove the remaining malicious entries:
 

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:

    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

     

    killall::

    File::
    c:\windows\Tasks\Sing Along Update.job

    Folders::
    c:\program files\SingAlong

    Registry::
    [-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}]

  • Save this as CFScript.txt, in the same location as ComboFix.exe.

    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

 

How are things on your computer now?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif


#49 burpingbutterfly

burpingbutterfly

    Member

  • Full Member
  • Pip
  • 39 posts

Posted 14 April 2013 - 12:42 PM

Hi Dark Knight,

 

I did as you asked but " Resident TeaTimer" was already unchecked. Ran Combofix anyway but the problem persists. Should I delete Spybot and try again? Here's the log:

 

 

ComboFix 13-04-14.01 - louis 14-04-2013  22:39:28.4.2 - x86
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2046.1303 [GMT 5.5:30]
Running from: c:\users\louis\Downloads\ComboFix.exe
Command switches used :: c:\users\louis\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Sing Along Update.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\louis\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-14 to 2013-04-14  )))))))))))))))))))))))))))))))
.
.
2013-04-14 17:19 . 2013-04-14 17:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-14 17:19 . 2013-04-14 17:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-04-14 17:19 . 2013-04-14 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-14 09:52 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AE77731-2759-40EF-838B-6A91160185C5}\mpengine.dll
2013-04-12 20:03 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-12 06:30 . 2012-08-23 14:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-12 06:30 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2013-04-12 06:30 . 2012-08-23 14:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-12 06:30 . 2012-08-23 13:52 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2013-04-12 06:30 . 2012-08-23 14:41 27136 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2013-04-12 06:30 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-04-12 06:29 . 2012-08-23 14:48 221184 ----a-w- c:\windows\system32\rdpudd.dll
2013-04-12 06:29 . 2012-08-23 13:47 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-04-12 06:29 . 2012-08-23 13:46 16896 ----a-w- c:\windows\system32\wksprtPS.dll
2013-04-12 06:29 . 2012-08-23 13:32 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-04-12 06:29 . 2012-08-23 13:18 37376 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-12 06:29 . 2012-08-23 11:40 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-04-12 06:29 . 2012-08-23 11:32 317440 ----a-w- c:\windows\system32\wksprt.exe
2013-04-12 06:29 . 2012-08-23 11:15 269312 ----a-w- c:\windows\system32\aaclient.dll
2013-04-12 06:29 . 2012-08-23 11:12 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll
2013-04-12 06:29 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\system32\mstsc.exe
2013-04-12 06:29 . 2012-08-23 10:08 2739712 ----a-w- c:\windows\system32\rdpcorets.dll
2013-04-12 06:29 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2013-04-12 06:22 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-04-12 06:22 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-04-12 06:22 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-04-12 06:22 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-04-12 06:22 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-04-12 06:21 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-11 06:07 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 06:07 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 06:07 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-11 06:07 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 06:07 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 06:07 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-06 16:21 . 2013-04-06 16:28 -------- d-----w- c:\programdata\HitmanPro
2013-04-04 08:54 . 2013-04-04 08:55 -------- d-----w- c:\users\louis\AppData\Local\WinZip
2013-04-04 08:54 . 2013-04-04 08:54 -------- d-----w- c:\programdata\WinZip
2013-03-30 08:02 . 2013-03-30 08:02 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-29 06:08 . 2013-03-29 06:08 -------- d-----w- c:\users\louis\AppData\Local\Diagnostics
2013-03-23 13:46 . 2013-03-26 14:59 -------- d-----w- C:\JRT
2013-03-21 06:49 . 2012-11-28 13:30 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FED3EA6E-B062-4446-8243-3A1F1F43B6D6}\gapaengine.dll
2013-03-19 14:30 . 2013-03-19 14:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-17 11:28 . 2013-03-17 11:28 -------- d-----w- c:\program files\Common Files\Java
2013-03-17 11:19 . 2013-03-17 11:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-17 11:18 . 2013-03-17 11:18 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-12 06:20 . 2012-04-07 06:08 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-12 06:20 . 2011-09-15 12:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-04 09:20 . 2013-03-13 13:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-02 10:33 . 2011-09-15 06:59 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-03-17 11:18 . 2011-09-15 07:06 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-04 08:07 . 2012-10-12 16:36 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-03-04 08:07 . 2012-10-12 16:36 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-03-04 08:07 . 2012-10-12 16:36 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-03-04 08:07 . 2011-02-19 17:33 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-03-04 08:07 . 2011-02-18 19:10 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-02-25 18:52 . 2013-02-25 18:52 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 18:52 . 2012-10-10 15:44 1017120 ----a-w- c:\windows\system32\nvdispco32.dll
2013-02-25 18:52 . 2013-02-25 18:52 6262608 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 18:52 . 2012-10-10 15:44 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll
2013-02-25 18:52 . 2011-09-15 06:53 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll
2013-02-25 18:52 . 2011-09-15 06:53 2505144 ----a-w- c:\windows\system32\nvapi.dll
2013-02-25 18:52 . 2011-05-21 00:31 15129960 ----a-w- c:\windows\system32\nvd3dum.dll
2013-02-25 18:52 . 2013-02-25 18:52 7932256 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 18:52 . 2013-02-25 18:52 17560352 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 18:52 . 2013-02-25 18:52 20449056 ----a-w- c:\windows\system32\nvoglv32.dll
2013-02-25 18:52 . 2013-02-25 18:52 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 18:52 . 2013-02-25 18:52 2720544 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-18 03:52 . 2013-02-18 03:52 884072 ----a-w- c:\windows\system32\nvhdagenco3220103.dll
2013-02-18 03:52 . 2013-02-18 03:52 28008 ----a-w- c:\windows\system32\nvhdap32.dll
2013-02-18 03:52 . 2013-02-18 03:52 149352 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
2013-02-12 20:59 . 2013-02-12 20:59 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-12 20:45 . 2013-02-12 20:45 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-12 04:48 . 2013-03-13 12:37 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-14 17:49 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 08:54 . 2013-03-11 13:40 37344 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2013-02-05 08:54 . 2013-03-11 13:40 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2013-01-20 10:29 . 2013-01-20 10:29 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 10:29 . 2010-10-24 15:55 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-18 14:21 . 2009-09-27 12:17 3005728 ----a-w- c:\windows\system32\nvsvc.dll
2013-01-18 14:21 . 2009-09-27 12:16 4133664 ----a-w- c:\windows\system32\nvcpl.dll
2013-01-18 14:20 . 2009-09-27 12:17 639776 ----a-w- c:\windows\system32\nvvsvc.exe
2013-01-18 14:20 . 2009-09-27 12:17 62752 ----a-w- c:\windows\system32\nvshext.dll
2013-01-18 14:20 . 2009-09-27 12:17 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-01-18 14:20 . 2009-09-27 12:17 108832 ----a-w- c:\windows\system32\nvmctray.dll
2013-01-18 02:45 . 2013-01-18 02:45 550176 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-02-13 1509232]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-02-06 578560]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"<NO NAME>"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-02-13 844144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-09 49208]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\louis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-11 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-18 14:28 38112 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 03:34 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [x]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ   GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 11:44 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 06:20]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-17 09:30]
.
2013-04-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000Core.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3663218948-249224238-3298779809-1000UA.job
- c:\users\louis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-15 08:38]
.
2013-04-14 c:\windows\Tasks\Sing Along Update.job
- c:\program files\SingAlong\SingalngUpdater.exe [2013-02-28 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} - hxxp://192.168.1.64/codebase/WebClientActiveX.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4692)
c:\users\louis\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-04-14  22:56:21 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-14 17:26
ComboFix2.txt  2013-04-12 18:11
ComboFix3.txt  2013-04-10 14:58
ComboFix4.txt  2013-03-13 13:16
.
Pre-Run: 6,377,123,840 bytes free
Post-Run: 6,351,499,264 bytes free
.
- - End Of File - - 9DDC0BD58472F7A1CB4547BCC3210D7D


#50 The Dark Knight

The Dark Knight

    Malware Vigilante

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,214 posts

Posted 14 April 2013 - 04:40 PM

Good morning burpingbutterfly,

 

No need to delete Spybot.

Please download to your Desktop SystemLook by jpshortstuff from here.
Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan:

:regfind
6492E171-2427-4932-B414-33574A089F5E
*Delta Search*
Delta

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!

If I have helped you please consider donating to help keep this forum running; see this topic for more details.

unite_zpse83e3a16.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button