View Full Version : Search Babylon redirect plus slow PC
marcus89
2012-12-04, 15:38
I haven't used this PC for a while but need to do so over the next few weeks. Whenever I open up an internet browser I am redirected to a search babylon page. Not sure if this is related but I also have some strange flashing blue/yellow lines that resemble barcodes going down my screen making things a little hard to see although I guess that's more of a hardware issue.
Here is my DDS log:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22
Run by Marcus at 12:58:44 on 2012-12-04
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.598 [GMT 0:00]
.
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft\BingBar\BBSvc.EXE
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Marcus\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\vssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files\Ask.com\SaUpdate.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\users\marcus\appdata\roaming\media finder\extensions\gencrawler_gc.dll
BHO: Complitly: {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - c:\users\marcus\appdata\roaming\complitly\Complitly.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [IHateThisKey] c:\program files\bytegems.com\i hate this key\IHateThisKey.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [BitTorrent DNA] "c:\users\marcus\program files\dna\btdna.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [NltYsmms] c:\users\marcus\appdata\local\ficmijdg\nltysmms.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
StartupFolder: c:\users\marcus\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E} : DHCPNameServer = 208.67.220.220,208.67.222.222
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - component: c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\marcus\program files\dna\plugins\npbtdna.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\mozilla firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.BabylonToolbar_i.id - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.hardId - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:32:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111576&tt=050412_30b~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-10-18 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-31 207280]
R2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-31 112592]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-27 1439744]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-27 6400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-1 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [2001-11-27 10880]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-20 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-7 38224]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-27 27192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-31 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-31 1141200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-04 12:52:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-04 12:52:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 13:07:08.03 ===============
Followed by aswMBR log:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-04 13:11:06
-----------------------------
13:11:06.172 OS Version: Windows 6.0.6001 Service Pack 1
13:11:06.172 Number of processors: 2 586 0xF0B
13:11:06.172 ComputerName: MARCUS-PC UserName: Marcus
13:11:08.293 Initialize success
13:12:00.339 AVAST engine defs: 12120301
13:15:54.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:15:54.735 Disk 0 Vendor: ST3320820AS 3.AHG Size: 305245MB BusType: 3
13:15:54.746 Disk 0 MBR read successfully
13:15:54.749 Disk 0 MBR scan
13:15:54.754 Disk 0 unknown MBR code
13:15:54.757 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 297163 MB offset 63
13:15:54.785 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8079 MB offset 608590395
13:15:54.806 Disk 0 scanning sectors +625137345
13:15:54.875 Disk 0 scanning C:\Windows\system32\drivers
13:16:11.873 Service scanning
13:16:42.741 Modules scanning
13:16:52.557 Disk 0 trace - called modules:
13:16:52.600 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll ataport.SYS pciide.sys
13:16:52.627 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89b1d820]
13:16:52.628 3 CLASSPNP.SYS[8cf9d745] -> nt!IofCallDriver -> [0x89b06050]
13:16:52.628 5 PCTCore.sys[807c388f] -> nt!IofCallDriver -> [0x89a0a918]
13:16:52.629 7 acpi.sys[8c8c56a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x899f8ba0]
13:16:57.623 AVAST engine scan C:\Windows
13:17:05.026 AVAST engine scan C:\Windows\system32
13:21:34.420 AVAST engine scan C:\Windows\system32\drivers
13:21:53.478 AVAST engine scan C:\Users\Marcus
13:32:01.289 File: C:\Users\Marcus\AppData\Local\Temp\ftotuoodnwwgkpja.exe **INFECTED** Win32:Katusha-FK [Trj]
14:10:25.405 File: C:\Users\Marcus\Downloads\Bobafett\BOBAFETT.EXE **INFECTED** Win32:CIH-C
14:12:16.524 File: C:\Users\Marcus\Downloads\XvidSetup(2).exe **INFECTED** Win32:HotBar-BL [Adw]
14:12:16.665 File: C:\Users\Marcus\Downloads\XvidSetup(3).exe **INFECTED** Win32:HotBar-BL [Adw]
14:12:16.774 File: C:\Users\Marcus\Downloads\XvidSetup(4).exe **INFECTED** Win32:HotBar-BL [Adw]
14:12:16.852 File: C:\Users\Marcus\Downloads\XvidSetup.exe **INFECTED** Win32:HotBar-BL [Adw]
14:26:56.493 AVAST engine scan C:\ProgramData
14:30:21.477 Scan finished successfully
14:34:17.099 Disk 0 MBR has been saved successfully to "C:\Users\Marcus\Desktop\MBR.dat"
14:34:17.131 The log file has been saved successfully to "C:\Users\Marcus\Desktop\aswMBR.txt"
Hello marcus89,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Important Note for Vista and Windows 7 users:
These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")
Please stay with this topic until I let you know that your system appears to be "All Clear"
Hi marcus89,
IMPORTANT NOTE: Unfortunately, one or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
Next
Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Right click DeFogger and select "Run as Administrator" to run the tool.
The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
If it needs to, DeFogger may ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Next
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
In your next post please provide the following:
ComboFix log
marcus89
2012-12-08, 12:47
Hi, apologies for the late reply. I've followed your instructions and will copy and paste the combofix log:
ComboFix 12-12-07.01 - Marcus 08/12/2012 11:01:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.503 [GMT 0:00]
Running from: c:\users\Marcus\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\users\Marcus\AppData\Local\ficmijdg\nltysmms.exe
c:\users\Marcus\AppData\Roaming\Rewire.dll
c:\users\Marcus\AppData\Roaming\REX Shared Library.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-12-08 11:20 . 2012-12-08 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-08 10:55 . 2012-12-08 10:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-04 13:47 . 2012-04-09 13:22 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-04 13:47 . 2011-06-17 12:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"IHateThisKey"="c:\program files\ByteGems.com\I Hate This Key\IHateThisKey.exe" [2008-11-08 716800]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"BitTorrent DNA"="c:\users\Marcus\Program Files\DNA\btdna.exe" [2011-12-27 342848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:47]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_Marcus.job
- c:\users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.BabylonToolbar_i.id - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.hardId - d6db8b98000000000000001bfcdfb611
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15439
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111576&tt=050412_30b~171011_prot
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NltYsmms - c:\users\Marcus\AppData\Local\ficmijdg\nltysmms.exe
AddRemove-Complitly_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 11:30
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\¬ î*�*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:98,8b,c0,2a,df,b6,11,00
DUMPHIVE0.003 (REGF)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3072)
c:\program files\ByteGems.com\I Hate This Key\ihtkh.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\hp\kbd\kbd.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-12-08 11:41:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-08 11:41
ComboFix2.txt 2011-12-15 23:05
.
Pre-Run: 63,909,015,552 bytes free
Post-Run: 63,172,444,160 bytes free
.
- - End Of File - - 6114F177685C2C9F732AC04018C0AC5B
Hi marcus89,
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
Next
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
To run OTL, Right click and select "Run as Administrator". Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
In your next post please provide the following:
JRT.txt
OTL.txt
Extras.txt
How is your computer running at the moment?
Hi marcus89,
Just checking in to see if you still need help?
marcus89
2012-12-13, 15:03
Hi, sorry again for my late reply, here is the JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.0 (12.12.2012:3)
OS: Windows Vista (TM) Home Premium x86
Ran by Marcus on 13/12/2012 at 13:25:16.63
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1589503311-819724082-689753091-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1589503311-819724082-689753091-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\complitly"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\mediafinder"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\download with &media finder"
Successfully deleted: [Registry Key] "hkey_current_user\software\softonic"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\complitly.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\dnu.exe"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\conduit.engine"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdate"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloaduibrowser"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloaduibrowser.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloadupdcontroller"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\dnupdater.downloadupdcontroller.1"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\gencrawler_gc.gencrawler"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\mf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{443789b7-f39c-4b5c-9287-da72d38f4fe6}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd"
Successfully deleted: [Registry Key] "hkey_classes_root\genericasktoolbar.toolbarwnd.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
~~~ Files
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npdnupdater2.xpt"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Marcus\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Marcus\AppData\Roaming\complitly"
Successfully deleted: [Folder] "C:\Users\Marcus\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\local\speedapps"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\locallow\speedapps"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\Users\Marcus\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\user.js
Successfully deleted: [File] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\engine@conduit.com
Successfully deleted the following from C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\prefs.js
user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"02992a2cf51639933e67422a185fcf4c1\"");
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"4b06e7159f6e9dd4b6a070ffb76b2f931\"");
user_pref("CommunityToolbar.ETag.http://Translation.engine.conduit-services.com/?browser=FF&lut=5/12/2011 4:15:34 PM&locale=en-GB", "\"2554-3c64e4c0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1182482/1178159/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1194029/1189706/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/UK", "\"0\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", "\"1318881119\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"0\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "L+tncv4eqt6Qm5T3dzChdA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "QmycQXJXVyFVAzIiNllWhQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "SuMy8xgBA7+FodOxmk9aiQ==");
user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2790392", "\"2554-3c64e4c0\"");
user_pref("CommunityToolbar.ETag.http://newtab.conduit-hosting.com/newtab/?ctid=CT2801948", "\"2554-3c64e4c0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"75babe825203d7a8eecb898dcf55bf17\"");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634285417620000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=1/11/2011 5:25:10 PM", "634303635100000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2010 12:43:05 PM", "634293235860000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2010 4:33:06 PM", "634303635100000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/17/2011 12:59:49 PM", "634339976460000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=2/22/2011 6:54:06 PM", "634356118310000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2790392&octid=CT2790392", "\"1321973041\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.conduit-services.com/?ctid=CT2801948&octid=CT2801948", "\"1321973107\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2790392/CT2790392", "\"1311168866\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"1311168850\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634351849102130000\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en", "\"ced64c3c2c583b79e12b73d4f9b02d35\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"7332ceccda78fecf0735910f5095f094\"");
user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2790392");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{88c7f2aa-f93f-432c-8f0e-b7d85967a527}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 08 2012 11:46:43 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 08 2012 11:46:43 GMT+0000 (GMT Standard Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "f211d5b2-d336-4725-a62c-2a2adfd7f340");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Apr 09 2012 14:23:38 GMT+0100 (GMT Daylight Time)");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801948");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.FirstServerDate", "12/27/2010 18");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.FixPageNotFoundErrors", false);
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.HideEngineAfterRestart", false);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
user_pref("ConduitEngine.InstalledDate", "Mon Dec 27 2010 15:29:11 GMT+0000 (GMT Standard Time)");
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", false);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.LastLogin_3.2.3.3", "Tue Feb 08 2011 20:09:39 GMT+0000 (GMT Standard Time)");
user_pref("ConduitEngine.LastLogin_3.2.5.2", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.PublisherContainerWidth", 0);
user_pref("ConduitEngine.SavedHomepage", "www.google.com");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.UserID", "UN28780611490878959");
user_pref("ConduitEngine.engineLocale", "en-GB");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Apr 09 2012 14:23:40 GMT+0100 (GMT Daylight Time)");
user_pref("ConduitEngine.initDone", true);
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.defaultthis.engineName", "NCH EN Customized Web Search");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=HP_ss&mntrId=d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=111576&tt=050412_30b~171011_prot");
user_pref("extensions.BabylonToolbar.bbDpng", 9);
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.dfltSrch", true);
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar.instlDay", "15439");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.keyWordUrl", "http://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=KW_ss&mntrId=d6db8b98000000000000001bfcdfb611&q=");
user_pref("extensions.BabylonToolbar.lastDP", 9);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:32:18");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.0");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.newTabUrl", "http://search.babylon.com/?affID=111576&tt=050412_30b~171011_prot&babsrc=NT_ss&mntrId=d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 72541320);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:32:18");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111576&tt=050412_30b~171011_prot");
user_pref("extensions.BabylonToolbar_i.hardId", "d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar_i.id", "d6db8b98000000000000001bfcdfb611");
user_pref("extensions.BabylonToolbar_i.instlDay", "15439");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:32:18");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.apn_dbr", "ff_3.0.19");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "9D");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.crumb", "2011.12.08+11.42.41-toolbar008iad-GB-TG9uZG9uLFVuaXRlZCBLaW5nZG9t");
user_pref("extensions.asktb.default-channel-url-mask", "http://uk.ask.com/web?qsrc={qsrc}&o={o}&l={l}&q={query}&dm=all&gct=bar");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dtid", "YYYYYYYYGB");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "UKXX0085");
user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
user_pref("extensions.asktb.ff-original-keyword-url", "chrome://browser-region/locale/region.properties");
user_pref("extensions.asktb.first-launch-url", "http://go.microsoft.com/fwlink/?LinkId=54729");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "0E65DD15-E42A-49C2-8C22-D65774416CB3");
user_pref("extensions.asktb.hpr", "YES");
user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"http
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1333977815784");
user_pref("extensions.asktb.last-v", "3.14.0.100009");
user_pref("extensions.asktb.locale", "en_UK");
user_pref("extensions.asktb.location", "London,United Kingdom");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-enabled", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "41648107");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "5");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "5C1275F6-A498-49EA-A05C-C73F5EFD2463");
user_pref("extensions.asktb.search-plugin-suggestions-url", "http://ss.websearch.uk.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "10000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "08/12/2011 19:43:07");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.14.1.100010");
user_pref("extensions.asktb.volume", "");
user_pref("extensions.enabledItems", "engine@conduit.com:3.2.3.3,gencrawler@some.com:2.0,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{20a82645-c095-46ed-80e3-08825760534b}:1
user_pref("keyword.URL", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&q=");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/12/2012 at 13:30:06.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And the OTL log:
OTL logfile created on: 13/12/2012 13:32:50 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.60% Memory free
4.24 Gb Paging File | 2.88 Gb Available in Paging File | 68.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 58.17 Gb Free Space | 20.04% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Marcus\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (SYMTDIv) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://playbox.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_en-GB
IE - HKCU\..\SearchScopes\{9F7C261E-CA8A-4667-8904-2F99F0A06BE3}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BLP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/13 13:25:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}
[2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/12/13 13:30:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/09 13:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\staged
[2012/03/17 15:41:38 | 000,021,906 | ---- | M] () (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\staged\coupons@chilicoupon.com.xpi
[2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\live-search.xml
[2012/04/09 14:21:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2011/12/08 21:26:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/15 18:19:32 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
[2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
O1 HOSTS File: ([2012/12/08 11:30:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Marcus\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/13 13:24:43 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/08 11:41:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/08 11:30:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/04 13:11:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr
========== Files - Modified Within 30 Days ==========
[2012/12/13 13:28:38 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/13 13:28:37 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/13 13:28:11 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2012/12/13 13:24:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 13:24:30 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/13 13:21:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/13 13:21:25 | 2144,673,792 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 11:47:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 11:30:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/08 10:55:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/08 10:46:10 | 000,000,138 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:47:23 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/04 13:47:23 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/04 13:31:08 | 000,605,098 | ---- | M] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2012/12/04 13:11:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr
========== Files Created - No Company Name ==========
[2012/12/08 10:46:08 | 000,000,138 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | C] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2011/12/15 22:34:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 22:34:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 22:34:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 22:34:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 22:34:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
[2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
[2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
[2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/08/27 12:22:59 | 000,053,760 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 07:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/07/13 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ableton
[2007/10/16 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\acccore
[2011/07/10 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Antares
[2011/11/28 01:23:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent
[2008/03/13 08:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent DNA
[2010/12/27 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CheeseSoft
[2012/04/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ChiliCoupon
[2012/07/09 07:50:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools
[2012/12/13 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DNA
[2007/12/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Grisoft
[2012/04/09 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\IE ChiliCoupon
[2010/04/17 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ImgBurn
[2010/05/03 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ManyCam
[2011/02/08 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\NCH Swift Sound
[2011/01/26 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Neuratron
[2008/05/13 09:42:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Propellerhead Software
[2007/11/29 19:20:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\RhythmRascal
[2008/09/14 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SecondLife
[2012/05/20 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Spotify
[2010/03/17 20:10:27 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Steinberg
[2012/01/07 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Synthesia
[2011/05/26 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SystemRequirementsLab
[2012/01/14 15:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Thinstall
[2009/04/07 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2008/03/04 11:41:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/04/29 20:40:25 | 000,010,222 | ---- | M] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2012/04/29 20:40:21 | 000,010,222 | ---- | C] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
I'm afraid I couldn't find the extras text, I had a look in my C drive and downloads folder but there isn't an OTL folder. The OTL.txt came up automatically and seems to be saved in my download folder but no extras.txt.
Hi marcus89,
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the codebox below into it:
File::
C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
C:\Users\Marcus\AppData\Local\nSVDb4q65iE
C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
C:\ProgramData\20xYJkS83BHk4
C:\Users\Marcus\AppData\Local\Ltomariv.bin
C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
Folder::
c:\users\Marcus\AppData\Local\ficmijdg
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
Next
P2P - I see you have/had P2P software uTorrent & BitTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page (http://malwareremoval.com/p2pindex.php) will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall these now.
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
uTorrent
BitTorrent
If you choose to not remove these programs please refrain from using them until we have finished cleaning your computer.
Next
Locate Malwarebytes' Anti-Malware (it should be on your desktop).
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Next
Please run Eset Online Scanner (http://www.eset.com/onlinescan/)
Administrator rights are required to run ESET Online Scanner
Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click the Details tab.
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
In your next post please provide the following:
ComboFix.txt
MBAM log
ESET report
Describe how your computer is running at the moment.
marcus89
2012-12-15, 16:29
Hi, I couldn't find any of the bit torrent programs in the uninstall programs list, I deleted all the bittorrent related folders on my C drive but not sure what else can be done for now.
Here is the mbam log:
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.15.03
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Marcus :: MARCUS-PC [administrator]
Protection: Enabled
15/12/2012 11:38:17
mbam-log-2012-12-15 (11-38-17).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 249826
Time elapsed: 5 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\Users\Marcus\Desktop\MusicConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup(3).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup(4).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\SetupRegKill.exe (Adware.CommonName) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\SetupRegKill2702.exe (Adware.CommonName) -> Quarantined and deleted successfully.
(end)
Combofix:
ComboFix 12-12-14.01 - Marcus 15/12/2012 11:08:52.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.769 [GMT 0:00]
Running from: c:\users\Marcus\Downloads\ComboFix.exe
Command switches used :: c:\users\Marcus\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\20xYJkS83BHk4"
"c:\users\Marcus\AppData\Local\20xYJkS83BHk4"
"c:\users\Marcus\AppData\Local\Ltomariv.bin"
"c:\users\Marcus\AppData\Local\nSVDb4q65iE"
"c:\users\Marcus\AppData\Local\Usejadiruvup.dat"
"c:\users\Marcus\AppData\Roaming\vqdlkr.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marcus\AppData\Local\ficmijdg
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-12-15 11:24 . 2012-12-15 11:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 13:25 . 2012-12-13 13:25 -------- d-----w- c:\windows\ERUNT
2012-12-13 13:24 . 2012-12-13 13:24 -------- d-----w- C:\JRT
2012-12-08 10:55 . 2012-12-08 10:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 13:47 . 2012-04-09 13:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 13:47 . 2011-06-17 12:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"IHateThisKey"="c:\program files\ByteGems.com\I Hate This Key\IHateThisKey.exe" [2008-11-08 716800]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"BitTorrent DNA"="c:\users\Marcus\Program Files\DNA\btdna.exe" [2011-12-27 342848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:47]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_Marcus.job
- c:\users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SoftwareUpdUtility - c:\program files\Common Files\Software Update Utility\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-15 11:24
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\¬ î*�*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:98,8b,c0,2a,df,b6,11,00
DUMPHIVE0.003 (REGF)
.
Completion time: 2012-12-15 11:29:44
ComboFix-quarantined-files.txt 2012-12-15 11:29
ComboFix2.txt 2012-12-08 11:41
ComboFix3.txt 2011-12-15 23:05
.
Pre-Run: 62,631,510,016 bytes free
Post-Run: 61,866,610,688 bytes free
.
- - End Of File - - B752E907B3D382D7DDC58DBF6088D1A7
ESET:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=3e3399b27dadc7459d789b11b080e3af
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-15 02:42:35
# local_time=2012-12-15 02:42:35 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 85931533 193115283 0 0
# scanned=281084
# found=9
# cleaned=0
# scan_time=6913
C:\Program Files\Perfect Uninstaller\RkHitApi.dll a variant of Win32/Adware.SpywareCease.AA application (unable to clean) 339B726E4B3D7F4AE77D75F69B6EF8B01E433A14 I
C:\Program Files\SearchIn1Step\searchin1.exe a variant of Win32/Adware.OneStep application (unable to clean) 70227ECD635D953CD973099AF83F7EEA202A065A I
C:\Program Files\SearchIn1Step\si1opt.exe a variant of Win32/Adware.OneStep.B application (unable to clean) E7F1C57318FC5C5EADD94A526AA8F4638315667E I
C:\Qoobox\Quarantine\C\Users\Marcus\AppData\Local\usrHelpppm\SystemMain32.dll.vir probably a variant of Win32/Sefnit.CD trojan (unable to clean) 4D512B7520A0D53910D84EA2A55A32F794A374F9 I
C:\Qoobox\Quarantine\C\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}\chrome\content\overlay.xul.vir probably a variant of Win32/Agent.NVQFFQI trojan (unable to clean) C1BAC22B767030CB056CCA7E6BD1AB42348E3EEE I
C:\Qoobox\Quarantine\C\Windows\System32\edgtdhiy.ini.vir Win32/Adware.Virtumonde.NEO application (unable to clean) 9917D386E707B6A6E2863F68F8740923A3A51E42 I
C:\Users\Marcus\Documents\Downloads\Magic ISO Maker 5.4+_KEYGEN.EXE Win32/VB.NKW trojan (unable to clean) 203AD087330FB208F04E08DAFB09AB6C0871F5D5 I
C:\Users\Marcus\Documents\Downloads\Perfect Uninstaller™ V6.3.2.2\PerfectUninstaller_Setup.exe a variant of Win32/Adware.SpywareCease.AA application (unable to clean) 5A3709471657F0897A07D1A2454C340D554F6ACC I
C:\Users\Marcus\Downloads\PerfectUninstaller_Setup.exe a variant of Win32/Adware.SpywareCease.AA application (unable to clean) 81AF828FBB11A22979325D1523FEF64C49BAFF0D I
Hi marcus89,
Re-run OTL (it should be located on your desktop).
Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Under Extra Registry place the check mark in Use Safe List -- special instructions
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
OTL.txt
Extras.txt
marcus89
2012-12-17, 13:18
Hi, it would appear I am no longer being redirected to that search babylon site, here is the OTL log:
OTL logfile created on: 17/12/2012 12:05:57 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.89% Memory free
4.23 Gb Paging File | 3.22 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 57.48 Gb Free Space | 19.81% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Users\Marcus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\wercon.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
========== Win32 Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/13 13:25:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}
[2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/12/16 15:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/09 13:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\staged
[2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\searchplugins\live-search.xml
[2012/12/13 13:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2011/12/08 21:26:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/15 18:19:32 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
[2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
O1 HOSTS File: ([2012/12/08 11:30:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Marcus\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2012/12/15 11:29:46 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/15 11:26:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/13 13:24:43 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/04 13:11:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr
========== Files - Modified Within 30 Days ==========
[2012/12/17 12:08:19 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/17 12:08:19 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/17 12:04:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 12:04:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/17 12:03:41 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2012/12/17 12:01:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/17 12:00:58 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/15 14:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/15 11:47:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/15 11:47:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/15 11:37:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 11:30:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/08 10:55:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/08 10:46:10 | 000,000,138 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | M] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2012/12/04 13:11:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr
========== Files Created - No Company Name ==========
[2012/12/15 11:37:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 10:46:08 | 000,000,138 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | C] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2011/12/15 22:34:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 22:34:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 22:34:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 22:34:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 22:34:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
[2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010/05/31 16:07:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/05/31 16:07:50 | 000,763,832 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
[2010/03/26 17:56:17 | 000,696,832 | ---- | C] () -- C:\Windows\is-6C4JA.exe
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
[2010/02/28 18:23:49 | 000,005,612 | ---- | C] () -- C:\Windows\unpsd.ini
[2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2009/10/05 14:24:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/08/27 08:17:59 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/08/27 08:17:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/08 15:01:48 | 000,016,925 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2008/05/15 17:17:38 | 000,000,207 | ---- | C] () -- C:\Windows\wininit.ini
[2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
[2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2008/02/14 19:13:09 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007/12/14 19:42:21 | 000,002,962 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/12/01 00:51:26 | 000,000,316 | ---- | C] () -- C:\Windows\Sampler.INI
[2007/12/01 00:51:26 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI
[2007/12/01 00:51:25 | 000,000,325 | ---- | C] () -- C:\Windows\BeatBox.INI
[2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/15 21:43:56 | 000,000,021 | ---- | C] () -- C:\Windows\atid.ini
[2007/09/27 20:14:38 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2007/09/27 20:14:38 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2007/09/27 20:14:38 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2007/09/27 20:14:38 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2007/09/27 20:14:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2007/09/27 20:14:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2007/09/27 20:14:38 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2007/09/27 20:14:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2007/09/27 20:14:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2007/09/27 20:14:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2007/09/27 20:14:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2007/09/27 20:14:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2007/09/27 20:14:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2007/09/27 20:14:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2007/09/27 20:14:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2007/09/27 20:14:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2007/09/27 20:14:38 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2007/09/27 20:07:34 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll
[2007/09/24 20:20:24 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2007/09/06 19:05:09 | 000,000,245 | ---- | C] () -- C:\Windows\musicmaker.INI
[2007/09/06 19:01:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/09/06 19:01:39 | 000,038,912 | ---- | C] () -- C:\Windows\System32\mgxasio.dll
[2007/09/06 18:59:56 | 000,000,024 | ---- | C] () -- C:\Windows\magix.ini
[2007/09/06 18:59:55 | 000,000,999 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/27 12:22:59 | 000,053,760 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/26 22:06:31 | 000,000,496 | ---- | C] () -- C:\Windows\eReg.dat
[2007/08/24 22:00:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2007/08/24 22:00:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2007/08/24 22:00:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2007/08/24 20:40:30 | 000,160,951 | ---- | C] () -- C:\Windows\System32\drivers\gtipdsp_.bin
[2007/06/27 22:35:35 | 000,103,521 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/06/27 22:20:37 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/06/27 22:17:48 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/27 22:17:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 08:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 14:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 14:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,436,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 17:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2004/03/02 06:37:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/03/02 06:33:52 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\System32\OpenQuicktimeLib.dll
[2004/01/22 18:06:32 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1998/09/15 08:12:52 | 000,051,200 | ---- | C] () -- C:\Windows\System32\tctsaudio.dll
[1997/06/14 01:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
========== Files - Unicode (All) ==========
[2012/04/29 20:40:25 | 000,010,222 | ---- | M] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2012/04/29 20:40:21 | 000,010,222 | ---- | C] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
marcus89
2012-12-17, 13:19
And the extras.
OTL Extras logfile created on: 17/12/2012 12:05:57 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 52.89% Memory free
4.23 Gb Paging File | 3.22 Gb Available in Paging File | 76.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 57.48 Gb Free Space | 19.81% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- C:\Program Files\Perfect Uninstaller\PU.exe "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05069BA8-21F2-4046-A265-7BBCE5478E8D}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{35928ED6-70F0-4AC8-AE0C-C9E203A80A44}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3A849754-F16C-40F3-8470-16AD8B945CEA}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{FFF4809C-B639-4195-B5B3-F0A6905DFB87}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C1CBFEB-DC97-4F4D-BDD3-30BC3011EF26}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{0D026CCE-573D-4A24-97CE-76BAED5E2C59}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{0F71CF66-3092-442F-8922-2737DEC8F944}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{11243E18-99A4-456E-950E-214DF94D1535}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{15C3476E-6B8E-4F0B-BD7A-78B3BCD960EF}" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"{172CEEDF-F2C8-40E7-B043-DF02246037AB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{1779051B-25A3-445D-AEDA-86F5C4C72FC7}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1CA0895C-9175-44FD-8D4C-46E007CF039A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30A3112A-4AF0-4BD2-8185-97813BB927D8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{3110A17E-6433-494D-9356-7EFD25D83684}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{3A589965-23E1-4559-BFDF-539F884F8A92}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
"{3C438585-3BFC-4C80-9C15-EE93B03262A4}" = protocol=17 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{3E957A28-299A-4C25-A959-CDB84A556519}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{40FBBB9E-8A76-4C25-906A-00776CE25AE5}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
"{437E17A8-3B30-4F84-A3B3-4BCB0DFBA716}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{43FFA852-98A3-4046-B690-6F1499AE82D7}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{45079EF0-BE68-478A-919B-5FC243444A29}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{46354080-058F-4E0E-AC93-FE1B6DAE3403}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{46EDF16A-237E-40E8-BF76-9E93688287BA}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4759C8D4-4123-4D0E-A1C9-542C63AB4CE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4891ACF5-09F4-4097-BC61-16713725CD98}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{54F0DF5C-1A04-496A-8971-297050B7888D}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs1708.tmp\symnrt.exe |
"{565A471C-99F2-4C82-ABF9-822B286C2A7E}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{57CE008C-D5DB-4257-91EE-24FB9BFBC47E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{656DB2CA-AE85-4CD0-8F4C-9F7AC38A0B8F}" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"{6606C470-4FE7-4332-9064-67815CA2F6A8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
"{67233814-FE52-4C79-8431-D0E19D6A5CEE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{72E40133-A1BD-4451-AC16-35548EF5404F}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{7306407D-F11B-4831-A599-7A159C9F2CA9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{73BFE3DC-DD5A-439D-B12F-B928D48FC20A}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
"{7CBD3D1A-22FD-43C8-9A4A-FCC3B362DD0A}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7CD62407-4AFF-4769-942E-8FC0575DFFED}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{7F3BB18E-EAD1-44BB-BDB0-ED81B98F17EF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{81F65645-11E0-4B10-9AF7-FAB5708D73C0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{83752797-490C-41BA-BC0E-D2236A55FEAA}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{8675C652-A5E3-4A7E-ABA7-EBE956394F05}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{912DDB1B-3D56-446C-962A-700BB66C3946}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9687EA38-A746-4636-9BB9-A28D117F2FFB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{977090B5-257A-45EE-B92F-F3128CF4E438}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{985DF217-F2E0-44CF-B3E9-E4DDC5EAF8F8}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
"{A62D4CC0-CC1B-4ED8-8394-5EAACCAE38A3}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{A91198A0-645A-418D-BDD9-41C290024F91}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{ABDF3BF1-EC98-42BF-832D-C5D712442A63}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFA8D931-9E0A-450C-9CDE-BC7A6A0F1CF0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{B0EB7DB8-069C-4C50-92E5-42575A9C2095}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B1A23E38-1F7D-4256-934B-25F5E51649F4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{B336444F-55A9-49DB-A7F4-E0FE2C16BEC4}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs3a14.tmp\symnrt.exe |
"{B662FE93-68B7-48A3-BE60-FC64D0DC1EFB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{B70FE6A8-17BE-4AA9-A355-9323113A6F5E}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs6fe1.tmp\symnrt.exe |
"{BB381FD6-2C58-40B7-A80A-5F3BED6DA8F1}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs7ff8.tmp\symnrt.exe |
"{BDBFC4E3-4947-473E-B6B7-A82EA899B4FA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BEF93859-0EE7-4D0E-ACD2-A54582779F7D}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C3057C9E-CE04-40C7-8F93-35E924F7E33C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{C673261E-E0D9-40F3-A1BE-EC4B6FA88666}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{C88E5345-4A46-4D38-BFE8-F1AF427DBFDB}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
"{D208D1B9-9521-48B0-9236-45B3D45F3C41}" = protocol=6 | dir=in | app=c:\program files\bittorrent_dna\dna.exe |
"{DD2EB50A-8511-4A7A-A7FC-D8DECF0300C7}" = protocol=6 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs4fd4.tmp\symnrt.exe |
"{E0E646DA-1BCF-4219-8208-E486E8F7EF67}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{EFBFE5C8-DD66-4108-905B-35F22D0219E2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F3335E79-18B7-40BF-BBE1-0C5BBAEA62C3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F45DA851-699B-4FB9-B6D7-C208B03D1379}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB0D2316-5992-4D84-9A63-D9BAE29260D3}" = protocol=17 | dir=in | app=c:\users\marcus\appdata\local\temp\7zs2eec.tmp\symnrt.exe |
"TCP Query User{24B95080-20C0-49CF-95E9-7BD5D8BE94A3}C:\users\marcus\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"TCP Query User{263FB633-FAD4-40BA-86F1-3FF2EC663DA9}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{5107B846-92FE-4A84-93CD-67BED3612131}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"TCP Query User{69CF35F1-71FB-4160-8051-39E1D7744F63}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{6E1E3D17-5559-4CCA-84A0-0C60013E0FB7}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"TCP Query User{71B4BBE0-CD77-410A-A6D4-FB9A5D1C114E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{73C6319F-DA78-42B9-8E4A-7D947064B506}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{777650E7-1DDC-4069-8CAA-6BB4C3188D47}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{A3304DBF-2D7A-447A-80A8-6C6F05EBBDC5}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{F0D8D0C2-4BC8-4F2A-9D72-27C6B30EEBD8}C:\users\marcus\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"TCP Query User{F6A21F0D-F75F-46FB-8E7F-543AA3C1CF11}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=6 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"UDP Query User{47611234-2CD1-4144-9DD8-0DCA963A4952}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{49FD287A-594B-4D38-8ACF-72D8A131F50A}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{85871C09-F927-45EB-9898-E6015B3A6DAC}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"UDP Query User{8BCFC60A-7DCE-4766-BC3D-1592213B6511}C:\users\marcus\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\dna\btdna.exe |
"UDP Query User{96006BB2-C413-41A4-BC47-6F7415E4416B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{A4903D7D-FDBA-4AC0-948E-07B322B526A9}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"UDP Query User{B0102943-C4B9-47C4-86AF-4138FAE2F5E7}C:\users\marcus\program files\bittorrent_dna\dna.exe" = protocol=17 | dir=in | app=c:\users\marcus\program files\bittorrent_dna\dna.exe |
"UDP Query User{B8F909B0-26F9-4A35-9275-051BF24081E1}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{C217CCC2-45AA-41AA-83F9-09F3895AB151}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{CD7D7E6E-2A57-46D9-8E65-CFC9586105CD}C:\users\marcus\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\marcus\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D4CE2A37-33B7-4482-9AF8-B919404AFC89}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{343DBCC6-511C-46C7-B0B7-DD86F60843E5}" = Licensing Service Install
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40C03514-89C3-41BA-0090-3B440256DB87}" = The Sims 2
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6804F55C-8E8F-46B5-9DF7-428AF2D139D5}_is1" = Xiah
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF49698-949A-4C89-9B31-041D2CCB5FBD}" = muvee autoProducer 6.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Intel® Viiv™ Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}" = Sibelius 5
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8B0B371-85E3-403A-B2FD-ABF6E9D2F8AF}" = Rhythm Rascal
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}" = OLYMPUS Master 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCF2A735-3324-4D97-ADAD-4FF865CC05EB}_is1" = Final Uninstaller
"1888 Number to Word Converter_is1" = 1888 Number to Word Converter 1.0
"Acoustica MP3 Audio Mixer" = Acoustica MP3 Audio Mixer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Age of Empires 2.0" = Microsoft Age of Empires II
"AIM_7" = AIM 7
"AmazingMIDI" = AmazingMIDI
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Browser Defender_is1" = Browser Defender 2.0.6.15
"BT Broadband Talk Softphone Frontier_is1" = BT Broadband Talk Softphone 2.0
"BT Total Broadband 220V" = BTTotalBroadband220V
"C&C" = Catch and Convert
"CD - DVD Publishing Service" = CD - DVD Publishing Service
"Celemony Melodyne Plugin_is1" = Celemony Melodyne Plugin VST RTAS v1.0
"ChiliCoupon" = ChiliCoupon™ by chilicoupon.com
"Collab" = Collab
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"coverXP" = coverXP (remove only)
"Deadhunt (demo)_is1" = Deadhunt Demo
"DesktopActivityRecorder" = Desktop Activity Recorder 2.6
"Diablo II" = Diablo II
"DVD Region Killer" = DVD Region Killer
"Emagic Logic Audio Platinum 5.5" = Emagic Logic Audio Platinum 5.5
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 7" = FL Studio 7
"FreeStudio Free DVD Audio Ripper" = FreeStudio Free DVD Audio Ripper 1.0.3
"Graboid Video" = Graboid Video 1.73
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"I Hate This Key_is1" = I Hate This Key Deluxe Edition 5.1
"IE ChiliCoupon" = IE ChiliCoupon™ by chilicoupon.com
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
"Lambda ASIO driver" = Lexicon Lambda ASIO(remove only)
"Live 7.0.3" = Live 7.0.3
"MAGIX Media Manager 2004 silver" = MAGIX Media Manager 2004 silver
"MAGIX music maker 2005 deLuxe" = MAGIX music maker 2005 deLuxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"ManyCam" = ManyCam 2.4 (remove only)
"MbrolaTools35_is1" = Mbrola Tools 3.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Platypus Free Trial_is1" = Platypus 1.13
"PrintScreenDeluxe" = Print Screen Deluxe
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Reason_is1" = Reason 3.0
"Registry Mechanic_is1" = Registry Mechanic 8.0
"Smart Toolbar Remover_is1" = Smart Toolbar Remover v2.0
"SmartUndelete_is1" = SmartUndelete
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 7.0
"Switch" = Switch Sound File Converter
"Synthesia" = Synthesia (remove only)
"SystemRequirementsLab" = System Requirements Lab
"ToneGen" = NCH Tone Generator
"Toolbar Remover_is1" = Toolbar Remover 1.0
"UltraISO_is1" = UltraISO Premium V9.32
"UT2003" = Unreal Tournament 2003
"Viper" = Viper 1.5.00
"Viral Outbreak v1.00 Demo_is1" = Viral Outbreak v1.00 VSTi Demo
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Sound Editor
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"YouTube FLV to AVI converter Pro_is1" = YouTube FLV to AVI converter Pro 2.1.2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"BitTorrent DNA" = DNA
"Diablo II" = Diablo II
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
========== Last 10 Event Log Errors ==========
[ OSession Events ]
Error - 27/12/2008 19:10:57 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14170
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15/08/2009 16:47:13 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 36475
seconds with 660 seconds of active time. This session ended with a crash.
Error - 09/12/2009 20:34:35 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11609
seconds with 60 seconds of active time. This session ended with a crash.
Error - 19/02/2011 19:16:03 | Computer Name = Marcus-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 21531
seconds with 1740 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 15/12/2012 16:15:28 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =
Error - 15/12/2012 16:16:09 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 16/12/2012 11:12:42 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =
Error - 16/12/2012 11:13:23 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17/12/2012 07:21:30 | Computer Name = Marcus-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 15:30:34 on 16/12/2012 was unexpected.
Error - 17/12/2012 07:21:33 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =
Error - 17/12/2012 07:22:15 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 17/12/2012 08:01:04 | Computer Name = Marcus-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:44:19 on 17/12/2012 was unexpected.
Error - 17/12/2012 08:01:08 | Computer Name = Marcus-PC | Source = HTTP | ID = 15016
Description =
Error - 17/12/2012 08:01:48 | Computer Name = Marcus-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Hi marcus89,
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Ask Toolbar
Perfect Uninstaller
Next
Please go to: VirusTotal (http://www.virustotal.com/en/indexf.html)
http://i204.photobucket.com/albums/bb106/Juliet702/virustotal2-SWI.png
Click the Browse button and search for the following file: C:\Windows\is-6C4JA.exe
Click Open
Then click Send File
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply. If it says already scanned -- click "reanalyze now"
Next
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the codebox below into it:
File::
c:\users\Marcus\Program Files\DNA\btdna.exe
C:\Program Files\Perfect Uninstaller\RkHitApi.dll
C:\Users\Marcus\Documents\Downloads\Magic ISO Maker 5.4+_KEYGEN.EXE
C:\Users\Marcus\Documents\Downloads\Perfect Uninstaller™ V6.3.2.2\PerfectUninstaller_Setup.exe
C:\Users\Marcus\Downloads\PerfectUninstaller_Setup.exe
Folder::
C:\Program Files\SearchIn1Step
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"=-
Save this as CFScript.txt, in the same location as ComboFix.exe
In your next post please provide the following:
ComboFix log
VirusTotal results
How is the computer running, any remaining issues?
marcus89
2012-12-18, 15:21
Hi, computer seems to be running smoothly, no more searchbabylon redirects. I couldn't get rid of the ask toolbar in the programs and features, it said I didn't have permission. The virustotal website didn't seem to yield any results, it said detection ratio 0/46 and all the results fields were blank.
And the combofix results:
ComboFix 12-12-17.02 - Marcus 18/12/2012 13:53:56.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.960 [GMT 0:00]
Running from: c:\users\Marcus\Downloads\ComboFix.exe
Command switches used :: c:\users\Marcus\Desktop\CFScript.txt
AV: Norton AntiVirus *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Norton AntiVirus *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\Perfect Uninstaller\RkHitApi.dll"
"c:\users\Marcus\Documents\Downloads\Magic ISO Maker 5.4+_KEYGEN.EXE"
"c:\users\Marcus\Documents\Downloads\Perfect Uninstaller™ V6.3.2.2\PerfectUninstaller_Setup.exe"
"c:\users\Marcus\Downloads\PerfectUninstaller_Setup.exe"
"c:\users\Marcus\Program Files\DNA\btdna.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SearchIn1Step
c:\program files\SearchIn1Step\home.js
c:\program files\SearchIn1Step\readme.html
c:\program files\SearchIn1Step\searchin1.exe
c:\program files\SearchIn1Step\si1opt.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-12-18 14:07 . 2012-12-18 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 13:25 . 2012-12-13 13:25 -------- d-----w- c:\windows\ERUNT
2012-12-13 13:24 . 2012-12-13 13:24 -------- d-----w- C:\JRT
2012-12-08 10:55 . 2012-12-08 10:55 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-15 11:47 . 2012-04-09 13:22 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-15 11:47 . 2011-06-17 12:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 19:54 . 2012-06-07 19:23 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 95800]
"IHateThisKey"="c:\program files\ByteGems.com\I Hate This Key\IHateThisKey.exe" [2008-11-08 716800]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2010-03-03 1824040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-27 185896]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2002-11-02 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-11-27 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-29 981656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-17 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 11:47]
.
2012-10-09 c:\windows\Tasks\ReclaimerResumeInstall_Marcus.job
- c:\users\Marcus\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-01 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Marcus\AppData\Roaming\Mozilla\Firefox\Profiles\i5auhz8l.default\
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SearchInOneStep: {8771569D-6C8B-45B5-8D74-5A80DDDF668D} - c:\program files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-18 14:07
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1589503311-819724082-689753091-1001\¬ î*�*]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:98,8b,c0,2a,df,b6,11,00
DUMPHIVE0.003 (REGF)
.
Completion time: 2012-12-18 14:12:29
ComboFix-quarantined-files.txt 2012-12-18 14:12
ComboFix2.txt 2012-12-15 11:29
ComboFix3.txt 2012-12-08 11:41
ComboFix4.txt 2011-12-15 23:05
.
Pre-Run: 64,199,692,288 bytes free
Post-Run: 64,086,904,832 bytes free
.
- - End Of File - - B78B06215623C31070C11F5C2473CE1C
Hi marcus89,
Revo Uninstaller
Uninstall programs and remove remnants left from previous uninstalls.
Tutorial with screen shots available here (http://www.guidingtech.com/457/revo-uninstaller/), if needed.
Please download Revo Uninstaller Pro (http://www.revouninstaller.com/download-professional-version.php) and save it to your desktop.
(This version is a fully functional, 30 day free trial)
Double click on "RevoUninProSetup.exe" to install. Follow/allow default installation.
Vista-W7 Users: You must right-click on "RevoUninProSetup.exe", and select "Run As Administrator" to install. If UAC prompts, allow it.
Double click Revo Uninstaller from the Start Menu programs list, to run it.
From the list of programs click on
Ask Toolbar
Chose "Uninstall". When prompted click Yes.
Make sure the advanced option is checked... then click Next.
The program will run, when prompted... click Yes... then Next.
Once the program has searched for leftovers click Next.
Check ONLY the bolded items on the list then... click Next... then Yes.
When done click Finish.
The problem program entries should now be gone.
Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
[2010/05/25 14:28:53 | 000,000,000 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Ltomariv.bin
[2010/05/25 14:28:51 | 000,000,120 | ---- | C] () -- C:\Users\Marcus\AppData\Local\Usejadiruvup.dat
[2010/05/25 14:26:44 | 000,000,016 | ---- | C] () -- C:\Users\Marcus\AppData\Roaming\vqdlkr.dat
[2010/03/29 22:23:44 | 000,000,982 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\nSVDb4q65iE
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\Users\Marcus\AppData\Local\20xYJkS83BHk4
[2010/03/23 22:46:13 | 000,010,402 | -HS- | C] () -- C:\ProgramData\20xYJkS83BHk4
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
OTL.txt
Any remaining issues?
Hi marcus89,
Just checking in to see if you still need help?
marcus89
2012-12-22, 17:10
Hi, my computer seems to be running much smoother now. Based on the scan results do you think it's safe for me to use it?
All processes killed
========== OTL ==========
C:\Users\Marcus\AppData\Local\Ltomariv.bin moved successfully.
C:\Users\Marcus\AppData\Local\Usejadiruvup.dat moved successfully.
C:\Users\Marcus\AppData\Roaming\vqdlkr.dat moved successfully.
C:\Users\Marcus\AppData\Local\nSVDb4q65iE moved successfully.
C:\Users\Marcus\AppData\Local\20xYJkS83BHk4 moved successfully.
C:\ProgramData\20xYJkS83BHk4 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marcus
->Temp folder emptied: 12000832 bytes
->Temporary Internet Files folder emptied: 668956864 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 70056379 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 6109 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 716.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12222012_155913
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Hi marcus89,
my computer seems to be running much smoother now. Based on the scan results do you think it's safe for me to use it?One more scan to be certain we got everything.
= = = = = = = = = = = = = = = = = = = =
Re-run OTL (it should be located on your desktop).
Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
OTL.txt
Any remaining issues?
Hi marcus89,
Just checking in to see if you still need help?
marcus89
2012-12-26, 23:57
Hi, here is the OTL log, everything seems fine on my end, just want to make sure there's nothing left:
OTL logfile created on: 26/12/2012 22:36:27 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marcus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 28.91% Memory free
4.23 Gb Paging File | 2.62 Gb Available in Paging File | 62.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 290.20 Gb Total Space | 61.46 Gb Free Space | 21.18% Space Free | Partition Type: NTFS
Drive D: | 7.89 Gb Total Space | 1.04 Gb Free Space | 13.15% Space Free | Partition Type: NTFS
Drive E: | 0.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: MARCUS-PC | User Name: Marcus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Marcus\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\ManyCam 2.4\ImageLayer.dll ()
MOD - C:\Program Files\ManyCam 2.4\VideoSrc.ax ()
MOD - C:\Program Files\ManyCam 2.4\InputFilter.ax ()
MOD - C:\Program Files\ManyCam 2.4\CrashRpt.dll ()
MOD - C:\Program Files\ByteGems.com\I Hate This Key\ihtkh.dll ()
MOD - C:\Program Files\ManyCam 2.4\zlib.dll ()
MOD - C:\Program Files\ManyCam 2.4\cyltracker08.dll ()
MOD - C:\Program Files\Winamp\winampa.exe ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Remote UI Service) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (ISSM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
SRV - (AlertService) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (M1 Server) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IntelDHSvcConf) -- C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe (Intel(R) Corporation)
========== Driver Services (SafeList) ==========
DRV - (SYMTDIv) -- File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Marcus\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)
DRV - (Revoflt) -- C:\Windows\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (CEUSBAUD) -- C:\Windows\System32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (RegKill) -- C:\Windows\System32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (DfuUsb) -- C:\Windows\System32\drivers\DFUUsb.sys (Texas Instruments)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?FORM=IEFM1&q={searchTerms}
IE - HKCU\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://playbox.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEA_en-GB
IE - HKCU\..\SearchScopes\{9F7C261E-CA8A-4667-8904-2F99F0A06BE3}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BLP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8771569D-6C8B-45B5-8D74-5A80DDDF668D}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Marcus\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2629: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/17 17:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/13 13:25:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1C530A94-FB03-4325-9678-3898A46EC5CF}: C:\Users\Marcus\AppData\Local\{1C530A94-FB03-4325-9678-3898A46EC5CF}
[2008/11/02 09:15:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Extensions
[2012/12/24 18:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions
[2010/09/11 21:56:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/09 13:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\Firefox\Profiles\i5auhz8l.default\extensions\staged
[2012/03/17 15:41:38 | 000,021,906 | ---- | M] () (No name found) -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\extensions\staged\coupons@chilicoupon.com.xpi
[2009/02/21 16:12:16 | 000,001,632 | ---- | M] () -- C:\Users\Marcus\AppData\Roaming\mozilla\firefox\profiles\i5auhz8l.default\searchplugins\live-search.xml
[2012/12/13 13:40:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
[2011/12/08 21:26:10 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/21 12:41:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/15 18:19:32 | 000,000,000 | ---D | M] (General Crawler) -- C:\USERS\MARCUS\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\GENCRAWLER@SOME.COM
[2008/09/04 00:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2010/10/21 12:41:28 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/18 16:18:58 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/11/18 16:18:58 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/11/18 16:18:58 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/22 11:50:44 | 000,002,420 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\searchin1172.xml
[2009/11/18 16:18:58 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
O1 HOSTS File: ([2012/12/18 14:07:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [IHateThisKey] C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe (ByteGems.com Software)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19AB887A-494A-4D58-A9B3-3D97A38222AC}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47C31F12-7350-4B4A-B5B0-533A22C18501}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C292A6E2-AFFA-4AF4-9307-D9D5C99AAF8E}: DhcpNameServer = 208.67.220.220,208.67.222.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Marcus\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 22:42:23 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/18 14:12:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/18 14:12:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/13 13:25:10 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/13 13:24:43 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/08 10:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/04 13:11:00 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:12 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr
========== Files - Modified Within 30 Days ==========
[2012/12/26 22:35:04 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/26 22:35:03 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/26 22:34:59 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marcus.job
[2012/12/26 22:30:20 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 22:30:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 22:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 22:27:19 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/24 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/24 19:51:14 | 000,002,708 | ---- | M] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2012/12/24 18:56:52 | 394,327,297 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/24 18:22:02 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marcus.job
[2012/12/24 18:22:02 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marcus.job
[2012/12/22 15:10:07 | 000,001,095 | ---- | M] () -- C:\Users\Marcus\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/12/22 15:10:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/12/18 14:07:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/15 11:47:25 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/15 11:47:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/15 11:37:19 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 10:55:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/08 10:46:10 | 000,000,138 | ---- | M] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | M] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | M] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | M] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2012/12/04 13:11:03 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Marcus\Desktop\aswMBR.exe
[2012/12/04 12:58:19 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Marcus\Desktop\dds.scr
========== Files Created - No Company Name ==========
[2012/12/22 16:03:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Marcus.job
[2012/12/22 16:02:17 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Marcus.job
[2012/12/22 16:02:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Marcus.job
[2012/12/22 15:10:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/12/15 11:37:19 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/08 10:46:08 | 000,000,138 | ---- | C] () -- C:\Users\Marcus\defogger_reenable
[2012/12/04 14:39:11 | 000,000,210 | ---- | C] () -- C:\Users\Marcus\Desktop\Search Babylon redirect plus slow PC - Safer-Networking Forums.url
[2012/12/04 14:34:17 | 000,000,512 | ---- | C] () -- C:\Users\Marcus\Desktop\MBR.dat
[2012/12/04 13:31:08 | 000,605,098 | ---- | C] () -- C:\Users\Marcus\Desktop\Porcine Aviation riff.WAV
[2011/12/15 22:34:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/15 22:34:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/15 22:34:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/15 22:34:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/15 22:34:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/26 14:27:32 | 000,000,552 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d8caps.dat
[2011/03/21 15:12:25 | 000,002,708 | ---- | C] () -- C:\Users\Marcus\AppData\Local\d3d9caps.dat
[2010/01/01 17:16:57 | 000,000,608 | -H-- | C] () -- C:\ProgramData\T2
[2010/01/01 17:16:57 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2008/09/29 19:05:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/05/13 19:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/05/13 09:35:45 | 000,109,852 | ---- | C] () -- C:\ProgramData\BMd5e8b8ab.xml
[2008/05/13 09:35:45 | 000,000,022 | ---- | C] () -- C:\ProgramData\pskt.ini
[2007/11/01 19:14:52 | 000,012,308 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/08/27 12:22:59 | 000,053,760 | ---- | C] () -- C:\Users\Marcus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/19 07:36:49 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008/07/13 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Ableton
[2007/10/16 18:34:51 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\acccore
[2011/07/10 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Antares
[2011/11/28 01:23:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent
[2008/03/13 08:42:08 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\BitTorrent DNA
[2010/12/27 19:50:13 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\CheeseSoft
[2012/04/09 13:26:53 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ChiliCoupon
[2012/07/09 07:50:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DAEMON Tools
[2012/12/18 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\DNA
[2007/12/20 16:16:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Grisoft
[2012/04/09 13:26:47 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\IE ChiliCoupon
[2010/04/17 18:52:05 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ImgBurn
[2010/05/03 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\ManyCam
[2011/02/08 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\NCH Swift Sound
[2011/01/26 22:58:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Neuratron
[2008/05/13 09:42:40 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Propellerhead Software
[2007/11/29 19:20:04 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\RhythmRascal
[2008/09/14 14:52:28 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SecondLife
[2012/05/20 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Spotify
[2010/03/17 20:10:27 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Steinberg
[2012/01/07 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Synthesia
[2011/05/26 14:27:24 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\SystemRequirementsLab
[2012/01/14 15:39:17 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\Thinstall
[2009/04/07 15:03:33 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\uTorrent
[2008/03/04 11:41:21 | 000,000,000 | ---D | M] -- C:\Users\Marcus\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/04/29 20:40:25 | 000,010,222 | ---- | M] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2012/04/29 20:40:21 | 000,010,222 | ---- | C] ()(C:\Users\Marcus\Documents\?????????? ???????????? ?????????????????????????? ?????????.docx) -- C:\Users\Marcus\Documents\ส็็็็็็็็็ ส็็็็ส็็็็็็ ส็็็็็็็็็็็็็็็็็็็็็็็็็ ส็็็็็็็็.docx
[2009/08/18 19:24:32 | 000,009,981 | ---- | M] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
[2009/08/18 19:24:31 | 000,009,981 | ---- | C] ()(C:\Users\Marcus\Documents\Ko?n.docx) -- C:\Users\Marcus\Documents\KoЯn.docx
========== Alternate Data Streams ==========
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
Hi marcus89,
Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
IE - HKCU\..\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}: "URL" = http://playbox.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=BLP
[2009/01/22 21:17:41 | 000,000,000 | ---D | M] (SearchInOneStep) -- C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
OTL.txt
Any remaining issues?
marcus89
2012-12-28, 21:39
Hi, my computer seems to be running fine thanks. OTl log is here:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B291E6C-9A74-4034-971B-A4B007A0B315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.
C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{8771569D-6C8B-45B5-8D74-5A80DDDF668D} folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Marcus
->Temp folder emptied: 12489154 bytes
->Temporary Internet Files folder emptied: 1249361 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32829670 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 726 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 44.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12282012_195035
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Hi marcus89,
Your log appears to be clean. We have a few items to take care of before we get to the All Clean Speech.
The following will implement important cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bold text into the Run box and click OK:
ComboFix /Uninstall
(Note the space between the ..X and the /U, it needs to be there.)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Combofix_uninstall_image.jpg
Next
Clean up with OTL:
Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Next
You can now delete any remaining tools and logs still remaning on your desktop.
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Adobe Reader 9
Java™ 6 Update 22
Next
Adobe Reader: Go to http://get.adobe.com/reader/otherversions/
Use the drop down menu's to select your operating system.
Select your language > Select Reader 11.0 English for Windows
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.
Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.
Next
Get the current version of Java (Version 7 Update 10) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
Next
To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
= = = = = = = = = = = = = = = = = = = =
With the above items taken care of let's move on to the All Clean part of the process.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
marcus89
2013-01-03, 01:29
Hi, I have followed your final instructions and reset all my passwords to be safe. Thank you very much for your help!
Hi marcus89,
Glad I was able to help. Have a nice day. :)
oldman960
2013-01-04, 10:53
Since this issue appears to be resolved ... this Topic has been closed.