« previous next »
Pages: [1]

Author Topic: Please help! Malware  (Read 2363 times)

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« on: June 06, 2013, 09:31:42 PM »

Got some crazy malware on my computer the other day after a friend used it. I found out it is some sort of ransomware with other things mixed in.


 


 


Here is my hijackthis


 


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:10:11 PM, on 1/18/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\AsGHost.exe

C:\\Windows\\system32\\Dwm.exe

C:\\Windows\\Explorer.EXE

C:\\Windows\\system32\\taskeng.exe

C:\\Windows\\system32\\taskeng.exe

C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe

C:\\Program Files\\ASUS\\SmartLogon\\sensorsrv.exe

C:\\Windows\\system32\\conime.exe

C:\\Program Files\\Windows Defender\\MSASCui.exe

C:\\Program Files\\ATK Hotkey\\HControlUser.exe

C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

C:\\Windows\\RtHDVCpl.exe

C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe

C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe

C:\\Windows\\ASScrPro.exe

C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe

C:\\Windows\\system32\\wbem\\unsecapp.exe

C:\\Program Files\\iTunes\\iTunesHelper.exe

C:\\Program Files\\AVG\\AVG8\\avgtray.exe

C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe

C:\\Program Files\\Java\\jre6\\bin\\jusched.exe

C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe

C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BtStackServer.exe

C:\\Program Files\\Synaptics\\SynTP\\SynTPHelper.exe

C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe

C:\\Windows\\system32\\SearchFilterHost.exe

C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

 

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.asus.com\'>http://www.asus.com

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157\'>http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant = 

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch = 

R1 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings,ProxyOverride = *.local

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName = 

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\\Program Files\\BitComet\\tools\\BitCometBHO_1.2.8.7.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472\\swg.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll

O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide

O4 - HKLM\\..\\Run: [Microsoft Pinyin IME Migration] C:\\PROGRA~1\\COMMON~1\\MICROS~1\\IME12\\IMESC\\IMSCMIG.EXE /INSTALL

O4 - HKLM\\..\\Run: [HControlUser] \"C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe\"

O4 - HKLM\\..\\Run: [ATKOSD2] \"C:\\Program Files\\ATKOSD2\\ATKOSD2.exe\"

O4 - HKLM\\..\\Run: [StartCCC] \"C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\"

O4 - HKLM\\..\\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\\..\\Run: [CognizanceTS] rundll32.exe C:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule

O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe

O4 - HKLM\\..\\Run: [ASUS Camera ScreenSaver] C:\\Windows\\ASScrProlog.exe

O4 - HKLM\\..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe

O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime

O4 - HKLM\\..\\Run: [iTunesHelper] \"C:\\Program Files\\iTunes\\iTunesHelper.exe\"

O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe

O4 - HKLM\\..\\Run: [NBKeyScan] \"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\"

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"

O4 - HKLM\\..\\Run: [OODefragTray] C:\\Windows\\system32\\oodtray.exe

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-18\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun (User \'SYSTEM\')

O4 - HKUS\\.DEFAULT\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun (User \'Default user\')

O4 - Global Startup: Bluetooth.lnk = ?






O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWallet.dll

O9 - Extra \'Tools\' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWallet.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL


O13 - Gopher Prefix: 

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\\Windows\\system32\\agrsmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\\Program Files\\ATK Hotkey\\ASLDRSrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\\Windows\\system32\\Ati2evxx.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files\\Common Files\\LightScribe\\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\\Program Files\\Common Files\\Nero\\Lib\\NMIndexingService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\\Windows\\system32\\oodag.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\\Windows\\system32\\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\\Windows\\system32\\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\\Windows\\system32\\PnkBstrB.exe

O23 - Service: spmgr - Unknown owner - C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\\Program Files\\Common Files\\Steam\\SteamService.exe

 

--

End of file - 10428 bytes

 

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Malware
« Reply #1 on: June 07, 2013, 02:11:14 PM »

Sorry for the delay


Can you do the following please


 


Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.




  • Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
  • Click Run Scan and let the program run uninterrupted.

  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.





 


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« Reply #2 on: June 07, 2013, 09:03:59 PM »
Here are both log files

 

OTL logfile created on: 6/7/2013 9:47:31 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\jon\\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free

9.76 Gb Paging File | 8.05 Gb Available in Paging File | 82.52% Paging File free

Paging file location(s): d:\\pagefile.sys 7000 7000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 116.44 Gb Total Space | 20.20 Gb Free Space | 17.35% Space Free | Partition Type: NTFS

Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS

Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32

 

Computer Name: DARKO | User Name: jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\\Program Files\\Google\\Update\\1.3.21.145\\GoogleCrashHandler.exe

PRC - [2012/12/06 13:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\SyncServer.exe

PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgtray.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe

PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgnsx.exe

PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgrsx.exe

PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgchsvx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgcsrvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe

PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\\Program Files\\Nero\\Update\\NASvc.exe

PRC - [2009/10/30 16:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe

PRC - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\System32\\conime.exe

PRC - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

PRC - [2008/06/19 15:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\ASUS CopyProtect\\ASPG.exe

PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\SmartLogon\\sensorsrv.exe

PRC - [2008/06/13 18:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\\Program Files\\P4G\\BatteryLife.exe

PRC - [2008/06/03 20:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\\Program Files\\asus\\Splendid\\ACMON.exe

PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe

PRC - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\\Windows\\System32\\agrsmsvc.exe

PRC - [2008/02/13 01:52:09 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\\Windows\\RtHDVCpl.exe

PRC - [2008/02/01 18:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\\Program Files\\ATK Hotkey\\HControl.exe

PRC - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\WDC.exe

PRC - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

PRC - [2007/12/04 13:57:06 | 002,486,272 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\ATKOSD.exe

PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

PRC - [2007/11/04 22:48:06 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTranAgt.exe

PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe

PRC - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe

PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\KBFiltr.exe

PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe

PRC - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe

PRC - [2007/07/05 19:53:44 | 001,040,384 | ---- | M] () -- C:\\Program Files\\Wireless Console 2\\wcourier.exe

PRC - [2007/02/06 13:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\asghost.exe

PRC - [2005/07/06 18:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\\Windows\\System32\\ACEngSvr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/05/23 19:16:15 | 000,971,264 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\3da65115bf9debbf564861f6b123a2e4\\System.Configuration.ni.dll

MOD - [2013/05/23 19:14:49 | 012,433,920 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\44fb632fb043f5b251d29b0ea750d4f4\\System.Windows.Forms.ni.dll

MOD - [2013/02/26 20:04:02 | 011,820,544 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Web\\421cb77e6a4c21f94e3c5ddf766de23b\\System.Web.ni.dll

MOD - [2013/01/14 14:46:06 | 000,025,600 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Accessibility\\9b2eef59d0cfc5aff182d0951de5f040\\Accessibility.ni.dll

MOD - [2013/01/14 14:46:02 | 000,771,584 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Runtime.Remo#\\b5df40c22ab563a816103629e2ca99d4\\System.Runtime.Remoting.ni.dll

MOD - [2013/01/14 14:45:30 | 005,450,752 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\b757806657fa5db2b1ed1a89b026b463\\System.Xml.ni.dll

MOD - [2013/01/14 14:45:13 | 001,593,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\78157a494dc9a7e52be8840decfcd9cc\\System.Drawing.ni.dll

MOD - [2013/01/14 14:43:55 | 007,977,984 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\cc149d08e75f8c53cd28ac926b38c370\\System.ni.dll

MOD - [2013/01/14 14:43:48 | 011,492,352 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\2227d1559f87943255069398608d5c56\\mscorlib.ni.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

MOD - [2010/08/03 21:24:04 | 000,270,336 | ---- | M] () -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2009/10/05 17:08:58 | 000,089,600 | ---- | M] () -- C:\\Program Files\\DepositFiles\\DF Manager\\dfexex.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

MOD - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\\Windows\\System32\\atitmmxx.dll

MOD - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

MOD - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

MOD - [2007/11/12 18:41:50 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTran.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe -- (avgwd)

SRV - [2010/09/19 09:55:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/01/29 22:48:59 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009/10/30 16:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Windows\\System32\\uxtuneup.dll -- (UxTuneUp)

SRV - [2008/11/11 13:07:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\\Windows\\System32\\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/23 08:34:59 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe -- (spmgr)

SRV - [2007/02/06 13:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/06/21 06:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASChnl.dll -- (ASChannel)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Program Files\\PeerGuardian2\\pgfilter.sys -- (pgfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\NSNDIS5.SYS -- (NSNDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\drivers\\AtiHdmi.sys -- (AtiHdmiService)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (alak362o)

DRV - [2013/02/11 21:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgldx86.sys -- (Avgldx86)

DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/09/30 17:59:11 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BTHPRINT.SYS -- (BTHprint)

DRV - [2008/11/06 16:59:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\sptd.sys -- (sptd)

DRV - [2008/10/07 20:26:48 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\atksgt.sys -- (atksgt)

DRV - [2008/10/07 20:26:42 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\lirsgt.sys -- (lirsgt)

DRV - [2008/09/17 14:02:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\\Program Files\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl.sys -- (eeCtrl)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)

DRV - [2008/06/03 02:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\kbfiltr.sys -- (kbfiltr)

DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\lullaby.sys -- (lullaby)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\wdcsam.sys -- (WDC_SAM)

DRV - [2008/05/02 01:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\Rtlh86.sys -- (RTL8169)

DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)

DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimmptsk.sys -- (rimmptsk)

DRV - [2008/02/05 03:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etFilter.sys -- (FiltUSBET)

DRV - [2008/01/31 07:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etScan.sys -- (ScanUSBET)

DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\itecir.sys -- (itecir)

DRV - [2007/09/06 04:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etDevice.sys -- (DCamUSBET)

DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\ghaio.sys -- (ghaio)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\ATKGFNEX\\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atswpdrv.sys -- (ATSWPDRV)

DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\smserial.sys -- (smserial)

DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\\Windows\\System32\\speedfan.sys -- (speedfan)

DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS -- (SBKUPNT)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\giveio.sys -- (giveio)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com\'>http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Restore = http://www.asus.com\'>http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\\..\\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}

IE - HKCU\\..\\SearchScopes\\{8E45FEA0-1C81-ECCA-B6C9-370EF2C40746}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&pc=Z001&form=ZGAIDF

IE - HKCU\\..\\SearchScopes\\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: \"URL\" = http://www.daemon-search.com/search/web?q=\'>http://www.daemon-search.com/search/web?q={searchTerms}

IE - HKCU\\..\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: \"URL\" = http://search.conduit.com/ResultsExt.aspx?q=\'>http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKCU\\..\\SearchScopes\\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: \"URL\" = http://search.yahoo.com/search?p=\'>http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: \"Search the web (Babylon)\"

FF - prefs.js..browser.search.order.1: \"Search the web (Babylon)\"

FF - prefs.js..browser.search.selectedEngine: \"\"

FF - prefs.js..browser.startup.homepage: \"http://google.com\'>http://google.com\"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12


 

 

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@fileplanet.com/fpdlm: C:\\Program Files\\Download Manager\\npfpdlm.dll (IGN Entertainment)

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/Photosynth,version=2.0: C:\\Program Files\\Photosynth\\npPhotosynthMozilla.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@pack.google.com/Google Updater;version=14: C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@facebook.com/FBPlugin,version=1.0.3: C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll ( )

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\\Program Files\\AVG\\AVG10\\Firefox\\ [2012/02/02 15:05:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\\Program Files\\AVG\\AVG10\\Firefox4\\ [2013/04/13 09:04:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2013/02/16 11:34:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2013/02/16 11:34:22 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

 

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions\\[email protected]

[2013/05/23 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions

[2009/09/11 12:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2012/08/08 17:30:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/07/19 11:15:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2013/01/05 15:38:47 | 000,000,000 | ---D | M] (\"Coupon Companion Plugin\") -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

[2011/07/19 11:15:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

[2010/09/30 20:20:47 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

[2013/01/05 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]\\chrome\\content\\extensionCode

[2010/09/30 20:20:47 | 000,001,919 | ---- | M] () -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\searchplugins\\bing-zugo.xml

[2008/11/06 17:03:17 | 000,000,523 | ---- | M] () -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\searchplugins\\daemon-search.xml

[2011/07/21 16:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

[2010/08/18 08:20:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/27 18:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2008/10/09 08:41:59 | 000,024,683 | ---- | M] (Ask.com) -- C:\\Program Files\\mozilla firefox\\plugins\\NPAskSBr.dll

[2010/05/27 18:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files\\mozilla firefox\\plugins\\npdeployJava1.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.94\\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\10.0.0.1409_0\\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll

CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPAskSBr.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\\Program Files\\Download Manager\\npfpdlm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll

CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll

CHR - Extension: BIODIGITAL HUMAN = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\agoenciogemlojlhccbcpcfflicgnaak\\0.9.5_0\\

CHR - Extension: Angry Birds = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aknpkdffaafgjchaibgeefbgmgeghloj\\1.5.0.7_0\\

CHR - Extension: AVG Safe Search = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\10.0.0.1409_0\\

CHR - Extension: Plants vs Zombies = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmcegpfdgcoclcdfkjahiimlikdpnina\\1.0.5_0\\

CHR - Extension: Google Play Books = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmimngoggfoobjdlefbcabngfnmieonb\\1.1.8_0\\

 

O1 HOSTS File: ([2010/10/11 10:37:10 | 000,000,875 | R--- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\\Program Files\\Coupon Companion Plugin\\Coupon Companion Plugin.dll (215 Apps)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG10\\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\\Program Files\\Search Toolbar\\SearchToolbar.dll ()

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.2.4204.1700\\swg.dll (Google Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\\..\\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\\Program Files\\Search Toolbar\\SearchToolbar.dll ()

O3 - HKLM\\..\\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\\Program Files\\Search Toolbar\\SearchToolbar.dll ()

O4 - HKLM..\\Run: []  File not found

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe ()

O4 - HKLM..\\Run: [ATKOSD2] C:\\Program Files\\ATKOSD2\\ATKOSD2.exe ()

O4 - HKLM..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [CognizanceTS] C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\\Run: [HControlUser] C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe ()

O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [StartCCC] C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\\Run: [ApplePhotoStreams] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\\Run: [MobileDocuments] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)




O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 184.63.0.68 184.63.0.69

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{E2ADB75B-0B68-4CB7-828E-712F16D03929}: DhcpNameServer = 184.63.0.68 184.63.0.69

O18 - Protocol\\Handler\\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (APSHook.dll) - C:\\Windows\\System32\\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O24 - Desktop BackupWallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\explore\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\open\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = \"I:\\WD SmartWare.exe\" autoplay=true

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = F:\\FarCryAutoCD.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgrsx.exe /sync /restart)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/06/07 21:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/05/28 14:26:57 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes

[2013/05/28 14:26:08 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/05/23 18:41:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2013/05/23 18:34:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2013/05/23 18:34:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2013/05/23 18:34:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2013/05/23 18:34:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2013/05/23 18:34:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2013/05/23 18:34:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\url.dll

[2013/05/23 18:34:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2013/05/22 16:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\cdd.dll

[2013/05/22 16:13:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys

[2008/10/06 17:31:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.sys

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

[1 C:\\Windows\\System32\\*.tmp files -> C:\\Windows\\System32\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/06/07 21:15:17 | 000,000,900 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000UA.job

[2013/06/07 21:01:33 | 000,000,880 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2013/06/07 20:22:35 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/07 20:22:35 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/07 19:15:00 | 000,000,848 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000Core.job

[2013/06/07 13:35:00 | 000,000,868 | ---- | M] () -- C:\\Windows\\tasks\\Google Software Updater.job

[2013/06/06 23:01:00 | 000,000,876 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2013/06/06 17:45:12 | 000,646,060 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat

[2013/06/06 17:45:12 | 000,121,158 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat

[2013/06/04 12:24:04 | 000,045,056 | ---- | M] () -- C:\\Windows\\System32\\acovcnt.exe

[2013/06/04 12:24:01 | 000,000,308 | ---- | M] () -- C:\\Windows\\tasks\\GlaryInitialize.job

[2013/06/04 12:22:52 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2013/06/01 21:54:06 | 000,007,728 | ---- | M] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2013/06/01 21:08:51 | 000,001,025 | ---- | M] () -- C:\\Windows\\wininit.ini

[2013/05/28 21:33:53 | 000,002,140 | ---- | M] () -- C:\\Windows\\bthservsdp.dat

[2013/05/28 14:26:58 | 000,001,671 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/05/28 13:19:44 | 121,061,402 | ---- | M] () -- C:\\Windows\\System32\\drivers\\AVG\\incavi.avm

[2013/05/23 19:11:59 | 001,817,728 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

[1 C:\\Windows\\System32\\*.tmp files -> C:\\Windows\\System32\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/05/28 14:26:58 | 000,001,671 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/01/05 15:38:46 | 000,000,064 | ---- | C] () -- C:\\Windows\\GPlrLanc.dat

[2012/06/23 13:59:13 | 000,000,014 | ---- | C] () -- C:\\Windows\\System32\\systeminfo3.dll

[2012/06/23 13:58:52 | 000,081,920 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\ezpinst.exe

[2012/03/19 17:15:35 | 002,469,760 | ---- | C] () -- C:\\Windows\\System32\\BootMan.exe

[2012/03/19 17:15:35 | 000,086,408 | ---- | C] () -- C:\\Windows\\System32\\setupempdrv03.exe

[2012/03/19 17:15:35 | 000,019,840 | ---- | C] () -- C:\\Windows\\System32\\EuEpmGdi.dll

[2012/03/19 17:15:35 | 000,014,216 | ---- | C] () -- C:\\Windows\\System32\\epmntdrv.sys

[2012/03/19 17:15:35 | 000,008,456 | ---- | C] () -- C:\\Windows\\System32\\EuGdiDrv.sys

[2012/03/13 18:56:15 | 000,014,976 | ---- | C] () -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS

[2012/03/13 18:56:15 | 000,013,312 | ---- | C] () -- C:\\Windows\\System32\\DEVLOAD.EXE

[2012/03/13 18:56:14 | 000,000,543 | ---- | C] () -- C:\\Windows\\SWISV3.INI

[2012/03/13 18:56:12 | 000,000,287 | ---- | C] () -- C:\\Windows\\SKNIFE.INI

[2012/03/13 17:46:10 | 000,002,799 | ---- | C] () -- C:\\Windows\\SKLANG.INI

[2011/06/16 19:26:26 | 000,000,131 | ---- | C] () -- C:\\ProgramData\\Microsoft.SqlServer.Compact.351.32.bc

[2008/12/09 09:13:19 | 000,007,728 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2008/11/16 20:49:17 | 000,000,087 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\default.pls

[2008/10/16 16:38:42 | 000,001,024 | ---- | C] () -- C:\\Users\\jon\\.rnd

[2008/10/13 16:44:40 | 000,138,056 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PnkBstrK.sys

[2008/10/10 14:57:43 | 000,027,503 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\UserTile.png

[2008/10/08 01:24:50 | 000,061,678 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JPR.{PB

[2008/10/08 01:24:50 | 000,012,358 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JCM.{PB

[2008/10/07 00:10:25 | 000,213,504 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/06 17:31:52 | 000,087,608 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\inst.exe

[2008/10/06 17:31:52 | 000,007,887 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.cat

[2008/10/06 17:31:52 | 000,001,144 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.inf

[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\\Program Files\\Common Files\\CPInstallAction.dll

[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\\Program Files\\Common Files\\banner.jpg

 

========== ZeroAccess Check ==========

 

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\\ProgramData\\TEMP:430C6D84

@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:DFC5A2B2

 

< End of report >

 

 


OTL Extras logfile created on: 6/7/2013 9:47:31 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\jon\\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free

9.76 Gb Paging File | 8.05 Gb Available in Paging File | 82.52% Paging File free

Paging file location(s): d:\\pagefile.sys 7000 7000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 116.44 Gb Total Space | 20.20 Gb Free Space | 17.35% Space Free | Partition Type: NTFS

Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS

Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32

 

Computer Name: DARKO | User Name: jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\System32\\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\\Windows\\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --playlist-enqueue \"%1\" ()

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- \"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe\" --started-from-file --no-playlist-enqueue \"%
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Malware
« Reply #3 on: June 07, 2013, 09:38:05 PM »

-AdwCleaner-


Please download http://www.bleepingcomputer.com/download/adwcleaner/\'>AdwCleaner by Xplode onto your desktop.


Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next answer.

You can find the logfile at C:\\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-


Please download http://www.bleepingcomputer.com/download/junkware-removal-tool/\'>Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system\'s specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.


When they are complete post the logs back here, keep me informed how things are now running


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« Reply #4 on: June 08, 2013, 07:13:09 AM »
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista (TM) Home Premium x86

Ran by jon on Sat 06/08/2013 at  8:08:04.84

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\\clsid\\{22222222-2222-2222-2222-220222182204}

 

 

 

~~~ Files

 

Successfully deleted: [File] \"C:\\Windows\\system32\\turegopt.exe\"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] \"C:\\Users\\jon\\AppData\\Roaming\\microsoft\\windows\\start menu\\programs\\free ride games\"

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\searchplugins\\bing-zugo.xml

Successfully deleted: [Folder] C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\extensions\\[email protected]

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\Extensions\\\\[email protected]

Successfully deleted the following from C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\prefs.js

 

user_pref(\"[email protected]\", true);

Emptied folder: C:\\Users\\jon\\AppData\\Roaming\\mozilla\\firefox\\profiles\\hj43tfiy.default\\minidumps [1 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\\Software\\Google\\Chrome\\Extensions\\jneaojaoiajhnemidnjhoempalnidbhj

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/08/2013 at  8:11:28.18

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Logged

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« Reply #5 on: June 08, 2013, 07:15:51 AM »
# AdwCleaner v2.302 - Logfile created 06/08/2013 at 07:53:28

# Updated 06/06/2013 by Xplode

# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# User : jon - DARKO

# Boot Mode : Normal

# Running from : C:\\Users\\jon\\Desktop\\AdwCleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

 

***** [Files / Folders] *****

 

File Deleted : C:\\Program Files\\Mozilla Firefox\\.autoreg

File Deleted : C:\\Program Files\\Mozilla Firefox\\plugins\\NPAskSBr.dll

File Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\searchplugins\\daemon-search.xml

File Deleted : C:\\Windows\\system32\\conduitEngine.tmp

File Deleted : C:\\Windows\\Uninstall.exe

Folder Deleted : C:\\Program Files\\Coupon Companion Plugin

Folder Deleted : C:\\Program Files\\Search Toolbar

Folder Deleted : C:\\ProgramData\\InstallMate

Folder Deleted : C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TheBflix

Folder Deleted : C:\\ProgramData\\Premium

Folder Deleted : C:\\ProgramData\\Trymedia

Folder Deleted : C:\\Users\\jon\\AppData\\Local\\Coupon Companion Plugin

Folder Deleted : C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla

Folder Deleted : C:\\Users\\jon\\AppData\\Local\\Temp\\BabylonToolbar

Folder Deleted : C:\\Users\\jon\\AppData\\LocalLow\\AskSBar

Folder Deleted : C:\\Users\\jon\\AppData\\LocalLow\\Conduit

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\Conduit

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\ConduitCommon

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\ConduitEngine

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\CT2786678

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

Folder Deleted : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\[email protected]

 

***** [Registry] *****

 

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Crossrider

Key Deleted : HKCU\\Software\\InstalledBrowserExtensions

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}

Key Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\{37476589-E48E-439E-A706-56189E2ED4C4}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\AskSBar Uninstall

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\conduitEngine

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\App Management\\ARPCache\\Wajam

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\\Software\\Softonic

Key Deleted : HKCU\\Software\\YahooPartnerToolbar

Key Deleted : HKCU\\Software\\Zugo

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escortApp.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escortEng.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\escorTlbr.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\AppID\\secman.DLL

Key Deleted : HKLM\\SOFTWARE\\Classes\\b

Key Deleted : HKLM\\SOFTWARE\\Classes\\bhoclass.bho.bhoclass.bho

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Conduit.Engine

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.BHO

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.BHO.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.Sandbox

Key Deleted : HKLM\\SOFTWARE\\Classes\\CrossriderApp0021804.Sandbox.1

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Interface\\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}

Key Deleted : HKLM\\SOFTWARE\\Classes\\Prod.cap

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT2786678

Key Deleted : HKLM\\SOFTWARE\\Classes\\TypeLib\\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\\Software\\Conduit

Key Deleted : HKLM\\Software\\DeviceVM

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{21111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{11111111-1111-1111-1111-110211181104}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\063A857434EDED11A893800002C0A966

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

 

***** [Internet Browsers] *****

 

-\\\\ Internet Explorer v9.0.8112.16483

 

[OK] Registry is clean.

 

-\\\\ Mozilla Firefox v3.5.9 (en-US)

 

File : C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\prefs.js

 

C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\user.js ... Deleted !

 

Deleted : user_pref(\"CT2786678..clientLogIsEnabled\", false);




Deleted : user_pref(\"CT2786678.AppTrackingLastCheckTime\", \"Sat Dec 01 2012 18:55:37 GMT-0500 (Eastern Standard[...]

Deleted : user_pref(\"CT2786678.BrowserCompStateIsOpen_129575151151403741\", true);

Deleted : user_pref(\"CT2786678.BrowserCompStateIsOpen_129579220236217502\", true);

Deleted : user_pref(\"CT2786678.CTID\", \"CT2786678\");

Deleted : user_pref(\"CT2786678.CurrentServerDate\", \"23-5-2013\");

Deleted : user_pref(\"CT2786678.DialogsAlignMode\", \"LTR\");

Deleted : user_pref(\"CT2786678.DialogsGetterLastCheckTime\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern Daylig[...]

Deleted : user_pref(\"CT2786678.DownloadReferralCookieData\", \"\");

Deleted : user_pref(\"CT2786678.EMailNotifierPollDate\", \"Tue Mar 13 2012 14:27:40 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref(\"CT2786678.FeedLastCount5690698542593514850\", 413);

Deleted : user_pref(\"CT2786678.FeedPollDate2429156812186649977\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813040823546\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813130095866\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813224203613\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813230837251\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813454291735\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813729834876\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156813860870021\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156814264681793\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156814863075366\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedPollDate2429156815257761081\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.FeedTTL2429156813040823546\", 15);

Deleted : user_pref(\"CT2786678.FeedTTL2429156813130095866\", 10);

Deleted : user_pref(\"CT2786678.FeedTTL2429156813454291735\", 5);

Deleted : user_pref(\"CT2786678.FeedTTL2429156813729834876\", 5);

Deleted : user_pref(\"CT2786678.FeedTTL2429156814264681793\", 5);

Deleted : user_pref(\"CT2786678.FirstServerDate\", \"12-8-2011\");

Deleted : user_pref(\"CT2786678.FirstTime\", true);

Deleted : user_pref(\"CT2786678.FirstTimeFF3\", true);

Deleted : user_pref(\"CT2786678.FixPageNotFoundErrors\", false);

Deleted : user_pref(\"CT2786678.GroupingServerCheckInterval\", 1440);


Deleted : user_pref(\"CT2786678.HasUserGlobalKeys\", true);

Deleted : user_pref(\"CT2786678.HomePageProtectorEnabled\", false);

Deleted : user_pref(\"CT2786678.Initialize\", true);

Deleted : user_pref(\"CT2786678.InitializeCommonPrefs\", true);

Deleted : user_pref(\"CT2786678.InstallationAndCookieDataSentCount\", 3);

Deleted : user_pref(\"CT2786678.InstallationType\", \"UnknownIntegration\");

Deleted : user_pref(\"CT2786678.InstalledDate\", \"Fri Aug 12 2011 14:15:58 GMT-0400 (Eastern Daylight Time)\");

Deleted : user_pref(\"CT2786678.IsAlertDBUpdated\", true);

Deleted : user_pref(\"CT2786678.IsGrouping\", false);

Deleted : user_pref(\"CT2786678.IsInitSetupIni\", true);

Deleted : user_pref(\"CT2786678.IsMulticommunity\", false);

Deleted : user_pref(\"CT2786678.IsOpenThankYouPage\", true);

Deleted : user_pref(\"CT2786678.IsOpenUninstallPage\", false);

Deleted : user_pref(\"CT2786678.LanguagePackLastCheckTime\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref(\"CT2786678.LanguagePackReloadIntervalMM\", 1440);


Deleted : user_pref(\"CT2786678.LastLogin_3.5.0.12\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref(\"CT2786678.LatestVersion\", \"3.18.0.7\");

Deleted : user_pref(\"CT2786678.Locale\", \"en\");

Deleted : user_pref(\"CT2786678.MCDetectTooltipHeight\", \"83\");

Deleted : user_pref(\"CT2786678.MCDetectTooltipShow\", false);


Deleted : user_pref(\"CT2786678.MCDetectTooltipWidth\", \"295\");

Deleted : user_pref(\"CT2786678.MyStuffEnabledAtInstallation\", true);

Deleted : user_pref(\"CT2786678.OriginalFirstVersion\", \"3.5.0.12\");

Deleted : user_pref(\"CT2786678.SearchEngineBeforeUnload\", \"Bing\");

Deleted : user_pref(\"CT2786678.SearchFromAddressBarIsInit\", true);


Deleted : user_pref(\"CT2786678.SearchInNewTabEnabled\", true);

Deleted : user_pref(\"CT2786678.SearchInNewTabIntervalMM\", 1440);

Deleted : user_pref(\"CT2786678.SearchInNewTabLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (Eastern Dayli[...]



Deleted : user_pref(\"CT2786678.SearchProtectorEnabled\", false);

Deleted : user_pref(\"CT2786678.SearchProtectorToolbarDisabled\", false);

Deleted : user_pref(\"CT2786678.ServiceMapLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (Eastern Daylight [...]

Deleted : user_pref(\"CT2786678.SettingsLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref(\"CT2786678.SettingsLastUpdate\", \"1369296774\");

Deleted : user_pref(\"CT2786678.ThirdPartyComponentsInterval\", 504);

Deleted : user_pref(\"CT2786678.ThirdPartyComponentsLastCheck\", \"Thu May 23 2013 14:11:19 GMT-0400 (Eastern Day[...]

Deleted : user_pref(\"CT2786678.ThirdPartyComponentsLastUpdate\", \"1331805997\");

Deleted : user_pref(\"CT2786678.ToolbarShrinkedFromSetup\", false);


Deleted : user_pref(\"CT2786678.TrustedApiDomains\", \"conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref(\"CT2786678.UserID\", \"UN33213532962182557\");

Deleted : user_pref(\"CT2786678.ValidationData_Toolbar\", 0);

Deleted : user_pref(\"CT2786678.WeatherNetwork\", \"\");

Deleted : user_pref(\"CT2786678.WeatherPollDate\", \"Tue Mar 13 2012 14:27:40 GMT-0400 (Eastern Daylight Time)\");

Deleted : user_pref(\"CT2786678.WeatherUnit\", \"C\");

Deleted : user_pref(\"CT2786678.alertChannelId\", \"1178763\");

Deleted : user_pref(\"CT2786678.approveUntrustedApps\", false);

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e+x305\", \"247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e,x305\", \"247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e-x305\", \"247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e.:2z527\", \"247E707571777278333228702A7B797B7B7E30273224262[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e.x305\", \"247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e/x305\", \"247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e06cg5el8:\", \"6E6D6E716D6E7272746F\");

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e06cg5el;8i:k\", \"247E2D2F226A74737477737478787A75242F4B4947[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e0x305\", \"247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e1x305\", \"247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e2x305\", \"247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e3x305\", \"247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e4x305\", \"247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e5x305\", \"247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e6x305\", \"247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e7x305\", \"247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e8x305\", \"247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e9x305\", \"247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e:x305\", \"247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e;x305\", \"247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e<x305\", \"247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e=x305\", \"247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e>x305\", \"247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e?x305\", \"247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7e@x305\", \"247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7eax305\", \"247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7ebe3g=;d9n9=d\", \"372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7ebx305\", \"247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7ecx305\", \"247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7edx305\", \"247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b+7etx305\", \"247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b-0?3g>d\", \"3C3D6C6F404374457A45487276204C7D784D25222322502A26[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b-0?3g@6:5;\", \"\");

Deleted : user_pref(\"CT2786678.backendstorage./9b-3=3eccja=f>\", \"247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm\", \"6A696B7273747576\");

Deleted : user_pref(\"CT2786678.backendstorage./9b3=>@44i48?\", \"372C2D32697576334236334148477B213F3E484F4E4D464[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b5ba==9cjag\", \"6F3B716F6B7141457A70767948494C494E4A504D50\");

Deleted : user_pref(\"CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p\", \"6E6D6E716D6E72747173737175\");

Deleted : user_pref(\"CT2786678.backendstorage./9b9643g3/9e\", \"6A\");

Deleted : user_pref(\"CT2786678.backendstorage./9b<:222h64<\", \"393F352F3E\");

Deleted : user_pref(\"CT2786678.backendstorage./9b=+03eh8h8j?:\", \"4443\");

Deleted : user_pref(\"CT2786678.backendstorage./9b?+e2a52d8\", \"372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref(\"CT2786678.backendstorage./9b?b0d:8aj62<h\", \"6D\");

Deleted : user_pref(\"CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?\", \"6E6B\");

Deleted : user_pref(\"CT2786678.backendstorage.cbcountry_001\", \"5553\");

Deleted : user_pref(\"CT2786678.backendstorage.cbfirsttime\", \"547565204D617220313320323031322031343A32373A34352[...]

Deleted : user_pref(\"CT2786678.backendstorage.scriptsource\", \"687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref(\"CT2786678.backendstorage.url_history\", \"687474703A2F2F746462616E6B2E636F6D2F6578632F68746[...]

Deleted : user_pref(\"CT2786678.backendstorage.url_history0001\", \"68747470733A2F2F7777772E676F6F676C652E636F6D3[...]

Deleted : user_pref(\"CT2786678.backendstorage.url_history_time\", \"31333133313733303230363331\");

Deleted : user_pref(\"CT2786678.components.1000034\", false);

Deleted : user_pref(\"CT2786678.components.1000234\", false);

Deleted : user_pref(\"CT2786678.components.129295698017012804\", false);

Deleted : user_pref(\"CT2786678.generalConfigFromLogin\", \"{\\\"ApiMaxAlerts\\\":\\\"12\\\",\\\"SocialDomains\\\":\\\"social.c[...]

Deleted : user_pref(\"CT2786678.globalFirstTimeInfoLastCheckTime\", \"Thu May 23 2013 14:11:22 GMT-0400 (Eastern [...]

Deleted : user_pref(\"CT2786678.homepageProtectorEnableByLogin\", true);

Deleted : user_pref(\"CT2786678.initDone\", true);

Deleted : user_pref(\"CT2786678.isAppTrackingManagerOn\", false);

Deleted : user_pref(\"CT2786678.myStuffEnabled\", true);

Deleted : user_pref(\"CT2786678.myStuffPublihserMinWidth\", 400);


Deleted : user_pref(\"CT2786678.myStuffServiceIntervalMM\", 1440);


Deleted : user_pref(\"CT2786678.oldAppsList\", \"129295695672325902,129295695672325903,111,1000234,12978945045459[...]

Deleted : user_pref(\"CT2786678.searchProtectorDialogDelayInSec\", 10);

Deleted : user_pref(\"CT2786678.searchProtectorEnableByLogin\", true);

Deleted : user_pref(\"CT2786678.testingCtid\", \"\");

Deleted : user_pref(\"CT2786678.toolbarAppMetaDataLastCheckTime\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.toolbarContextMenuLastCheckTime\", \"Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CT2786678.usagesFlag\", 2);





















Deleted : user_pref(\"CommunityToolbar.EngineOwner\", \"ConduitEngine\");

Deleted : user_pref(\"CommunityToolbar.EngineOwnerGuid\", \"[email protected]\");

Deleted : user_pref(\"CommunityToolbar.EngineOwnerToolbarId\", \"conduitengine\");

Deleted : user_pref(\"CommunityToolbar.IsEngineShown\", true);

Deleted : user_pref(\"CommunityToolbar.IsMyStuffImportedToEngine\", true);


Deleted : user_pref(\"CommunityToolbar.LatestToolbarVersionInstalled\", \"3.5.0.12\");


Deleted : user_pref(\"CommunityToolbar.OriginalEngineOwner\", \"ConduitEngine\");

Deleted : user_pref(\"CommunityToolbar.OriginalEngineOwnerGuid\", \"[email protected]\");

Deleted : user_pref(\"CommunityToolbar.OriginalEngineOwnerToolbarId\", \"conduitengine\");


Deleted : user_pref(\"CommunityToolbar.ToolbarsList\", \"ConduitEngine,CT2786678\");

Deleted : user_pref(\"CommunityToolbar.ToolbarsList2\", \"ConduitEngine,CT2786678\");

Deleted : user_pref(\"CommunityToolbar.ToolbarsList4\", \"CT2786678\");

Deleted : user_pref(\"CommunityToolbar.alert.alertDialogsGetterLastCheckTime\", \"Fri Aug 12 2011 14:15:58 GMT-04[...]

Deleted : user_pref(\"CommunityToolbar.alert.alertInfoInterval\", 1440);

Deleted : user_pref(\"CommunityToolbar.alert.alertInfoLastCheckTime\", \"Tue Mar 13 2012 14:27:47 GMT-0400 (Easte[...]


Deleted : user_pref(\"CommunityToolbar.alert.locale\", \"en\");

Deleted : user_pref(\"CommunityToolbar.alert.loginIntervalMin\", 1440);

Deleted : user_pref(\"CommunityToolbar.alert.loginLastCheckTime\", \"Tue Mar 13 2012 14:27:39 GMT-0400 (Eastern D[...]

Deleted : user_pref(\"CommunityToolbar.alert.loginLastUpdateTime\", \"1313487611\");

Deleted : user_pref(\"CommunityToolbar.alert.messageShowTimeSec\", 20);


Deleted : user_pref(\"CommunityToolbar.alert.showTrayIcon\", false);

Deleted : user_pref(\"CommunityToolbar.alert.userCloseIntervalMin\", 300);

Deleted : user_pref(\"CommunityToolbar.alert.userId\", \"b4637f22-1ac5-4709-9ebe-218a57da0a21\");

Deleted : user_pref(\"CommunityToolbar.facebook.settingsLastCheckTime\", \"Tue Mar 13 2012 14:27:41 GMT-0400 (Eas[...]

Deleted : user_pref(\"CommunityToolbar.globalUserId\", \"99c19bf0-9270-49a6-b2fc-e14eb69d56a2\");

Deleted : user_pref(\"CommunityToolbar.isAlertUrlAddedToFeedItemTable\", true);

Deleted : user_pref(\"CommunityToolbar.isClickActionAddedToFeedItemTable\", true);

Deleted : user_pref(\"CommunityToolbar.notifications.alertDialogsGetterLastCheckTime\", \"Thu May 23 2013 14:11:2[...]

Deleted : user_pref(\"CommunityToolbar.notifications.alertInfoInterval\", 60);

Deleted : user_pref(\"CommunityToolbar.notifications.alertInfoLastCheckTime\", \"Thu May 23 2013 14:11:28 GMT-040[...]


Deleted : user_pref(\"CommunityToolbar.notifications.locale\", \"en\");

Deleted : user_pref(\"CommunityToolbar.notifications.loginIntervalMin\", 1440);

Deleted : user_pref(\"CommunityToolbar.notifications.loginLastCheckTime\", \"Thu May 23 2013 14:11:20 GMT-0400 (E[...]

Deleted : user_pref(\"CommunityToolbar.notifications.loginLastUpdateTime\", \"1313487611\");

Deleted : user_pref(\"CommunityToolbar.notifications.messageShowTimeSec\", 20);


Deleted : user_pref(\"CommunityToolbar.notifications.showTrayIcon\", false);

Deleted : user_pref(\"CommunityToolbar.notifications.userCloseIntervalMin\", 300);

Deleted : user_pref(\"CommunityToolbar.notifications.userId\", \"01dc6a76-d9da-43a5-81be-a1ace04bd61f\");

Deleted : user_pref(\"ConduitEngine.AppTrackingLastCheckTime\", \"Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Dayl[...]

Deleted : user_pref(\"ConduitEngine.CTID\", \"ConduitEngine\");

Deleted : user_pref(\"ConduitEngine.DialogsGetterLastCheckTime\", \"Tue Mar 13 2012 14:27:44 GMT-0400 (Eastern Da[...]

Deleted : user_pref(\"ConduitEngine.FirstServerDate\", \"08/12/2011 21\");

Deleted : user_pref(\"ConduitEngine.FirstTime\", true);

Deleted : user_pref(\"ConduitEngine.FirstTimeFF3\", true);

Deleted : user_pref(\"ConduitEngine.FixPageNotFoundErrors\", false);

Deleted : user_pref(\"ConduitEngine.HasUserGlobalKeys\", true);

Deleted : user_pref(\"ConduitEngine.Initialize\", true);

Deleted : user_pref(\"ConduitEngine.InitializeCommonPrefs\", true);

Deleted : user_pref(\"ConduitEngine.InstallationType\", \"UnknownIntegration\");

Deleted : user_pref(\"ConduitEngine.InstalledDate\", \"Thu Jul 21 2011 16:16:56 GMT-0400 (Eastern Daylight Time)\"[...]

Deleted : user_pref(\"ConduitEngine.IsMulticommunity\", false);

Deleted : user_pref(\"ConduitEngine.IsOpenThankYouPage\", false);

Deleted : user_pref(\"ConduitEngine.IsOpenUninstallPage\", false);

Deleted : user_pref(\"ConduitEngine.LanguagePackLastCheckTime\", \"Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Day[...]

Deleted : user_pref(\"ConduitEngine.LastLogin_3.3.3.2\", \"Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref(\"ConduitEngine.SearchFromAddressBarIsInit\", true);


Deleted : user_pref(\"ConduitEngine.SettingsLastCheckTime\", \"Tue Mar 13 2012 14:27:43 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref(\"ConduitEngine.UserID\", \"UN50266112501409237\");

Deleted : user_pref(\"ConduitEngine.engineLocale\", \"en-US\");

Deleted : user_pref(\"ConduitEngine.enngineContextMenuLastCheckTime\", \"Tue Mar 13 2012 14:27:43 GMT-0400 (Easte[...]

Deleted : user_pref(\"ConduitEngine.globalFirstTimeInfoLastCheckTime\", \"Tue Mar 13 2012 14:27:43 GMT-0400 (East[...]

Deleted : user_pref(\"ConduitEngine.initDone\", true);

Deleted : user_pref(\"ConduitEngine.isAppTrackingManagerOn\", true);

Deleted : user_pref(\"browser.babylon.HPOnNewTab\", \"search.babylon.com\");

Deleted : user_pref(\"browser.search.defaultenginename\", \"Search the web (Babylon)\");

Deleted : user_pref(\"browser.search.order.1\", \"Search the web (Babylon)\");

Deleted : user_pref(\"extensions.3499ur3ur4hfsudfs.scode\", \"\\n(function(){var bdomains={\\\"search.babylon.com\\\":[...]

Deleted : user_pref(\"extensions.BabylonToolbar.admin\", false);

Deleted : user_pref(\"extensions.BabylonToolbar.aflt\", \"babsst\");

Deleted : user_pref(\"extensions.BabylonToolbar.babExt\", \"\");

Deleted : user_pref(\"extensions.BabylonToolbar.babTrack\", \"affID=111387\");

Deleted : user_pref(\"extensions.BabylonToolbar.bbDpng\", 13);

Deleted : user_pref(\"extensions.BabylonToolbar.dfltLng\", \"en\");

Deleted : user_pref(\"extensions.BabylonToolbar.dfltSrch\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.hmpg\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.id\", \"d8fc2e690000000000000015afcdf804\");

Deleted : user_pref(\"extensions.BabylonToolbar.instlDay\", \"15410\");

Deleted : user_pref(\"extensions.BabylonToolbar.instlRef\", \"sst\");


Deleted : user_pref(\"extensions.BabylonToolbar.lastDP\", 13);

Deleted : user_pref(\"extensions.BabylonToolbar.lastVrsnTs\", \"1.5.3.1711:23:56\");

Deleted : user_pref(\"extensions.BabylonToolbar.mntrFFxVrsn\", \"3.5\");

Deleted : user_pref(\"extensions.BabylonToolbar.newTab\", true);


Deleted : user_pref(\"extensions.BabylonToolbar.noFFXTlbr\", false);

Deleted : user_pref(\"extensions.BabylonToolbar.prdct\", \"BabylonToolbar\");

Deleted : user_pref(\"extensions.BabylonToolbar.propectorlck\", 70223315);

Deleted : user_pref(\"extensions.BabylonToolbar.prtkDS\", 1);

Deleted : user_pref(\"extensions.BabylonToolbar.prtkHmpg\", 1);

Deleted : user_pref(\"extensions.BabylonToolbar.prtnrId\", \"babylon\");

Deleted : user_pref(\"extensions.BabylonToolbar.ptch_0717\", true);

Deleted : user_pref(\"extensions.BabylonToolbar.smplGrp\", \"none\");

Deleted : user_pref(\"extensions.BabylonToolbar.srcExt\", \"ss\");

Deleted : user_pref(\"extensions.BabylonToolbar.tlbrId\", \"base\");

Deleted : user_pref(\"extensions.BabylonToolbar.vrsn\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.BabylonToolbar.vrsnTs\", \"1.5.3.1711:23:56\");

Deleted : user_pref(\"extensions.BabylonToolbar.vrsni\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.aflt\", \"babsst\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.babExt\", \"\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.babTrack\", \"affID=111387\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.hardId\", \"d8fc2e690000000000000015afcdf804\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.id\", \"d8fc2e690000000000000015afcdf804\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.instlDay\", \"15410\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.instlRef\", \"sst\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.newTab\", false);

Deleted : user_pref(\"extensions.BabylonToolbar_i.prdct\", \"BabylonToolbar\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.prtnrId\", \"babylon\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.smplGrp\", \"none\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.srcExt\", \"ss\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.tlbrId\", \"base\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.vrsn\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.vrsnTs\", \"1.5.3.1711:23:56\");

Deleted : user_pref(\"extensions.BabylonToolbar_i.vrsni\", \"1.5.3.17\");

Deleted : user_pref(\"extensions.crossriderapp21804.adsOldValue\", -1);

Deleted : user_pref(\"extensions.snipit.askTbInstalled\", true);

 

-\\\\ Google Chrome v27.0.1453.110

 

File : C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[S1].txt - [34731 octets] - [08/06/2013 07:53:28]

 

########## EOF - C:\\AdwCleaner[S1].txt - [34792 octets] ##########

 

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Malware
« Reply #6 on: June 08, 2013, 08:24:43 AM »

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt


 


In addition: Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe\'>here or http://screen317.changelog.fr/SecurityCheck.exe\'>here.


  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Can you please keep me informed how things are now running!


 


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« Reply #7 on: June 08, 2013, 02:02:24 PM »
OTL logfile created on: 6/8/2013 2:54:38 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\jon\\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.15% Memory free

9.75 Gb Paging File | 8.68 Gb Available in Paging File | 89.02% Paging File free

Paging file location(s): d:\\pagefile.sys 7000 7000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files

Drive C: | 116.44 Gb Total Space | 20.04 Gb Free Space | 17.21% Space Free | Partition Type: NTFS

Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS

Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32

 

Computer Name: DARKO | User Name: jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\\Program Files\\Google\\Update\\1.3.21.145\\GoogleCrashHandler.exe

PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgtray.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe

PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgnsx.exe

PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgrsx.exe

PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgchsvx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgcsrvx.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe

PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\\Program Files\\Nero\\Update\\NASvc.exe

PRC - [2009/10/30 16:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesApp32.exe

PRC - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\\Windows\\explorer.exe

PRC - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

PRC - [2008/06/19 15:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\ASUS CopyProtect\\ASPG.exe

PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\\Program Files\\asus\\SmartLogon\\sensorsrv.exe

PRC - [2008/06/13 18:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\\Program Files\\P4G\\BatteryLife.exe

PRC - [2008/06/03 20:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\\Program Files\\asus\\Splendid\\ACMON.exe

PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe

PRC - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\\Windows\\System32\\agrsmsvc.exe

PRC - [2008/02/13 01:52:09 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\\Windows\\RtHDVCpl.exe

PRC - [2008/02/01 18:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\\Program Files\\ATK Hotkey\\HControl.exe

PRC - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\WDC.exe

PRC - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

PRC - [2007/12/04 13:57:06 | 002,486,272 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\ATKOSD.exe

PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

PRC - [2007/11/04 22:48:06 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTranAgt.exe

PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe

PRC - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe

PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\KBFiltr.exe

PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe

PRC - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe

PRC - [2007/07/05 19:53:44 | 001,040,384 | ---- | M] () -- C:\\Program Files\\Wireless Console 2\\wcourier.exe

PRC - [2007/02/06 13:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\asghost.exe

PRC - [2005/07/06 18:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\\Windows\\System32\\ACEngSvr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/05/23 19:16:15 | 000,971,264 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\3da65115bf9debbf564861f6b123a2e4\\System.Configuration.ni.dll

MOD - [2013/05/23 19:14:49 | 012,433,920 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\44fb632fb043f5b251d29b0ea750d4f4\\System.Windows.Forms.ni.dll

MOD - [2013/02/26 20:04:02 | 011,820,544 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Web\\421cb77e6a4c21f94e3c5ddf766de23b\\System.Web.ni.dll

MOD - [2013/01/14 14:46:06 | 000,025,600 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Accessibility\\9b2eef59d0cfc5aff182d0951de5f040\\Accessibility.ni.dll

MOD - [2013/01/14 14:46:02 | 000,771,584 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Runtime.Remo#\\b5df40c22ab563a816103629e2ca99d4\\System.Runtime.Remoting.ni.dll

MOD - [2013/01/14 14:45:30 | 005,450,752 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\b757806657fa5db2b1ed1a89b026b463\\System.Xml.ni.dll

MOD - [2013/01/14 14:45:13 | 001,593,856 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\78157a494dc9a7e52be8840decfcd9cc\\System.Drawing.ni.dll

MOD - [2013/01/14 14:43:55 | 007,977,984 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\cc149d08e75f8c53cd28ac926b38c370\\System.ni.dll

MOD - [2013/01/14 14:43:48 | 011,492,352 | ---- | M] () -- C:\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\2227d1559f87943255069398608d5c56\\mscorlib.ni.dll

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\zlib1.dll

MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\libxml2.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSMonitor.exe

MOD - [2010/08/03 21:24:04 | 000,270,336 | ---- | M] () -- C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2009/10/05 17:08:58 | 000,089,600 | ---- | M] () -- C:\\Program Files\\DepositFiles\\DF Manager\\dfexex.dll

MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\\Program Files\\WinRAR\\RarExt.dll

MOD - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\\Windows\\ASScrPro.exe

MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\\Windows\\System32\\atitmmxx.dll

MOD - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\\Program Files\\ATKOSD2\\ATKOSD2.exe

MOD - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\HControlUser.exe

MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\\Program Files\\asus\\ASUS Live Update\\ALU.exe

MOD - [2007/11/12 18:41:50 | 000,106,496 | ---- | M] () -- C:\\Program Files\\ATK Hotkey\\MsgTran.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\\Program Files\\Skype\\Updater\\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\Identity Protection\\Agent\\Bin\\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\\Program Files\\AVG\\AVG10\\avgwdsvc.exe -- (avgwd)

SRV - [2010/09/19 09:55:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Steam\\SteamService.exe -- (Steam Client Service)

SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/01/29 22:48:59 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2009/10/30 16:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\\Windows\\System32\\uxtuneup.dll -- (UxTuneUp)

SRV - [2008/11/11 13:07:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\\Program Files\\Comcast\\Desktop Doctor\\bin\\sprtsvc.exe -- (sprtsvc_ddoctorv2)

SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\\Windows\\System32\\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATK Hotkey\\AsLdrSrv.exe -- (ASLDRService)

SRV - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/08/23 08:34:59 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Symantec\\LiveUpdate\\LuComServer_3_4.EXE -- (LiveUpdate)

SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\\Program Files\\ATKGFNEX\\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\spmgr.exe -- (spmgr)

SRV - [2007/02/06 13:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASWLNPkg.dll -- (ASBroker)

SRV - [2006/06/21 06:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASChnl.dll -- (ASChannel)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Program Files\\PeerGuardian2\\pgfilter.sys -- (pgfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\\Windows\\system32\\NSNDIS5.SYS -- (NSNDIS5)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\DRIVERS\\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (atjsgy5n)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\\drivers\\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2013/02/11 21:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\usb8023.sys -- (USB_RNDIS_XP)

DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgldx86.sys -- (Avgldx86)

DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\epmntdrv.sys -- (epmntdrv)

DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\\Windows\\System32\\drivers\\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\\Windows\\System32\\drivers\\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/09/30 17:59:11 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AtihdLH3.sys -- (AtiHDAudioService)

DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\\Program Files\\TuneUp Utilities 2010\\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\BTHPRINT.SYS -- (BTHprint)

DRV - [2008/11/06 16:59:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\drivers\\sptd.sys -- (sptd)

DRV - [2008/10/07 20:26:48 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\atksgt.sys -- (atksgt)

DRV - [2008/10/07 20:26:42 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\lirsgt.sys -- (lirsgt)

DRV - [2008/09/17 14:02:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\\Program Files\\Common Files\\Symantec Shared\\EENGINE\\eeCtrl.sys -- (eeCtrl)

DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atikmdag.sys -- (atikmdag)

DRV - [2008/06/03 02:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\kbfiltr.sys -- (kbfiltr)

DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\\Windows\\System32\\drivers\\lullaby.sys -- (lullaby)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\wdcsam.sys -- (WDC_SAM)

DRV - [2008/05/02 01:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\Rtlh86.sys -- (RTL8169)

DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\athr.sys -- (athr)

DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\AGRSM.sys -- (AgereSoftModem)

DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimmptsk.sys -- (rimmptsk)

DRV - [2008/02/05 03:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etFilter.sys -- (FiltUSBET)

DRV - [2008/01/31 07:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etScan.sys -- (ScanUSBET)

DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\itecir.sys -- (itecir)

DRV - [2007/09/06 04:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\etDevice.sys -- (DCamUSBET)

DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\asus\\NB Probe\\SPM\\ghaio.sys -- (ghaio)

DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\\Program Files\\ATKGFNEX\\ASMMAP.sys -- (ASMMAP)

DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\atswpdrv.sys -- (ATSWPDRV)

DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\\Windows\\System32\\drivers\\ATKACPI.sys -- (MTsensor)

DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\System32\\drivers\\smserial.sys -- (smserial)

DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\\Windows\\System32\\speedfan.sys -- (speedfan)

DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS -- (SBKUPNT)

DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\System32\\giveio.sys -- (giveio)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

IE - HKLM\\..\\SearchScopes,DefaultScope = 

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://www.asus.com\'>http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com\'>http://www.google.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = about:blank

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Restore = http://www.asus.com\'>http://www.asus.com

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,StartPageCache = 1

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,Default_Search_URL = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Search,SearchAssistant = http://www.google.com/ie\'>http://www.google.com/ie

IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKCU\\..\\SearchScopes,DefaultScope = 

IE - HKCU\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\\..\\SearchScopes\\{8E45FEA0-1C81-ECCA-B6C9-370EF2C40746}: \"URL\" = http://www.bing.com/search?q=\'>http://www.bing.com/search?q={searchTerms}&pc=Z001&form=ZGAIDF

IE - HKCU\\..\\SearchScopes\\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: \"URL\" = http://search.yahoo.com/search?p=\'>http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyOverride\" = <local>;*.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: \"\"

FF - prefs.js..browser.startup.homepage: \"http://google.com\'>http://google.com\"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12


FF - user.js - File not found

 

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=:  File not found

FF - HKLM\\Software\\MozillaPlugins\\@Apple.com/iTunes,version=1.0: C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@fileplanet.com/fpdlm: C:\\Program Files\\Download Manager\\npfpdlm.dll (IGN Entertainment)

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@google.com/npPicasa3,version=3.0.0: C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll (Google, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/Photosynth,version=2.0: C:\\Program Files\\Photosynth\\npPhotosynthMozilla.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@pack.google.com/Google Updater;version=14: C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@facebook.com/FBPlugin,version=1.0.3: C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll ( )

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Users\\jon\\AppData\\Local\\Google\\Update\\1.3.21.145\\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\\Program Files\\AVG\\AVG10\\Firefox\\ [2012/02/02 15:05:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\\Program Files\\AVG\\AVG10\\Firefox4\\ [2013/04/13 09:04:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Components: C:\\Program Files\\Mozilla Firefox\\components [2013/02/16 11:34:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 3.5.9\\extensions\\\\Plugins: C:\\Program Files\\Mozilla Firefox\\plugins [2013/06/08 07:53:41 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]

 

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions

[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Extensions\\[email protected]

[2013/06/08 08:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions

[2009/09/11 12:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{20a82645-c095-46ed-80e3-08825760534b}

[2012/08/08 17:30:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\\Users\\jon\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hj43tfiy.default\\extensions\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011/07/21 16:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files\\Mozilla Firefox\\extensions

[2010/08/18 08:20:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/05/27 18:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\\Program Files\\Mozilla Firefox\\extensions\\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

File not found (No name found) -- C:\\USERS\\JON\\APPDATA\\ROAMING\\MOZILLA\\FIREFOX\\PROFILES\\HJ43TFIY.DEFAULT\\EXTENSIONS\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

[2010/05/27 18:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\\Program Files\\mozilla firefox\\plugins\\npdeployJava1.dll

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.110\\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.110\\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\Application\\27.0.1453.110\\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\10.0.0.1409_0\\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Browser\\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll

CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPAskSBr.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll

CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\\Program Files\\Download Manager\\npfpdlm.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\\Program Files\\Google\\Google Updater\\2.4.2432.1652\\npCIDetect14.dll

CHR - plugin: Picasa (Enabled) = C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\\Users\\jon\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\\Program Files\\Microsoft Silverlight\\4.1.10329.0\\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll

CHR - Extension: BIODIGITAL HUMAN = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\agoenciogemlojlhccbcpcfflicgnaak\\0.9.5_0\\

CHR - Extension: Angry Birds = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aknpkdffaafgjchaibgeefbgmgeghloj\\1.5.0.7_0\\

CHR - Extension: Plants vs Zombies = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmcegpfdgcoclcdfkjahiimlikdpnina\\1.0.5_0\\

CHR - Extension: Google Play Books = C:\\Users\\jon\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mmimngoggfoobjdlefbcabngfnmieonb\\1.1.8_0\\

 

O1 HOSTS File: ([2010/10/11 10:37:10 | 000,000,875 | R--- | M]) - C:\\Windows\\System32\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\5.2.4204.1700\\swg.dll (Google Inc.)

O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\\Program Files\\Megaupload\\Mega Manager\\MegaIEMn.dll (Megaupload Limited)

O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\\..\\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\\..\\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4 - HKLM..\\Run: []  File not found

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [ASUS Screen Saver Protector] C:\\Windows\\ASScrPro.exe ()

O4 - HKLM..\\Run: [ATKOSD2] C:\\Program Files\\ATKOSD2\\ATKOSD2.exe ()

O4 - HKLM..\\Run: [AVG_TRAY] C:\\Program Files\\AVG\\AVG10\\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\\Run: [CognizanceTS] C:\\Program Files\\ASUS Security Center\\ASUS Security Protect Manager\\Bin\\ASTSVCC.dll (Cognizance Corporation)

O4 - HKLM..\\Run: [HControlUser] C:\\Program Files\\ATK Hotkey\\HcontrolUser.exe ()

O4 - HKLM..\\Run: [RtHDVCpl] C:\\Windows\\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [StartCCC] C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\\Run: [ApplePhotoStreams] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ApplePhotoStreams.exe (Apple Inc.)

O4 - HKCU..\\Run: [MobileDocuments] C:\\Program Files\\Common Files\\Apple\\Internet Services\\ubd.exe File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\\Windows\\System32\\GPhotos.scr (Google Inc.)

O10 - NameSpace_Catalog5\\Catalog_Entries\\000000000008 [] - C:\\Program Files\\Bonjour\\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)




O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{E2ADB75B-0B68-4CB7-828E-712F16D03929}: DhcpNameServer = 192.168.1.1

O18 - Protocol\\Handler\\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG10\\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\\Handler\\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\Program Files\\Common Files\\Skype\\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (APSHook.dll) - C:\\Windows\\System32\\APSHook.dll (Cognizance Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\System32\\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O24 - Desktop BackupWallPaper: C:\\Users\\jon\\Desktop\\MISC\\bear.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\explore\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\open\\command - \"\" = winampxml/winxml.exe

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = \"I:\\WD SmartWare.exe\" autoplay=true

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell - \"\" = AutoRun

O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = F:\\FarCryAutoCD.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (autocheck lsdelete)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (autocheck OODBS)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\\PROGRA~1\\AVG\\AVG10\\avgrsx.exe /sync /restart)

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/06/08 08:01:21 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2013/06/08 08:00:53 | 000,000,000 | ---D | C] -- C:\\JRT

[2013/06/08 07:50:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\\Users\\jon\\Desktop\\JRT.exe

[2013/06/07 21:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/05/28 14:26:57 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\iTunes

[2013/05/28 14:26:08 | 000,000,000 | ---D | C] -- C:\\Program Files\\iPod

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\Program Files\\iTunes

[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\\ProgramData\\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2013/05/23 18:41:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\mshtml.tlb

[2013/05/23 18:34:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\msfeeds.dll

[2013/05/23 18:34:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieui.dll

[2013/05/23 18:34:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\ieUnatt.exe

[2013/05/23 18:34:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jsproxy.dll

[2013/05/23 18:34:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\jscript9.dll

[2013/05/23 18:34:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\url.dll

[2013/05/23 18:34:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\inetcpl.cpl

[2013/05/22 16:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\cdd.dll

[2013/05/22 16:13:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\System32\\win32k.sys

[2008/10/06 17:31:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.sys

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/06/08 14:53:56 | 000,890,839 | ---- | M] () -- C:\\Users\\jon\\Desktop\\SecurityCheck.exe

[2013/06/08 14:52:06 | 000,646,060 | ---- | M] () -- C:\\Windows\\System32\\perfh009.dat

[2013/06/08 14:52:06 | 000,121,158 | ---- | M] () -- C:\\Windows\\System32\\perfc009.dat

[2013/06/08 14:47:14 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/08 14:47:14 | 000,003,616 | -H-- | M] () -- C:\\Windows\\System32\\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/08 14:47:12 | 000,000,876 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2013/06/08 14:46:27 | 000,045,056 | ---- | M] () -- C:\\Windows\\System32\\acovcnt.exe

[2013/06/08 14:46:24 | 000,000,308 | ---- | M] () -- C:\\Windows\\tasks\\GlaryInitialize.job

[2013/06/08 14:45:22 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2013/06/08 09:28:31 | 000,002,140 | ---- | M] () -- C:\\Windows\\bthservsdp.dat

[2013/06/08 09:15:00 | 000,000,900 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000UA.job

[2013/06/08 09:01:17 | 000,000,880 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2013/06/08 07:50:53 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\\Users\\jon\\Desktop\\JRT.exe

[2013/06/08 07:49:52 | 122,496,639 | ---- | M] () -- C:\\Windows\\System32\\drivers\\AVG\\incavi.avm

[2013/06/08 07:49:18 | 000,640,135 | ---- | M] () -- C:\\Users\\jon\\Desktop\\AdwCleaner.exe

[2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\jon\\Desktop\\OTL.exe

[2013/06/07 19:15:00 | 000,000,848 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000Core.job

[2013/06/07 13:35:00 | 000,000,868 | ---- | M] () -- C:\\Windows\\tasks\\Google Software Updater.job

[2013/06/01 21:54:06 | 000,007,728 | ---- | M] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2013/06/01 21:08:51 | 000,001,025 | ---- | M] () -- C:\\Windows\\wininit.ini

[2013/05/28 14:26:58 | 000,001,671 | ---- | M] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/05/23 19:11:59 | 001,817,728 | ---- | M] () -- C:\\Windows\\System32\\FNTCACHE.DAT

[2 C:\\Windows\\*.tmp files -> C:\\Windows\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/06/08 14:53:49 | 000,890,839 | ---- | C] () -- C:\\Users\\jon\\Desktop\\SecurityCheck.exe

[2013/06/08 07:49:09 | 000,640,135 | ---- | C] () -- C:\\Users\\jon\\Desktop\\AdwCleaner.exe

[2013/05/28 14:26:58 | 000,001,671 | ---- | C] () -- C:\\Users\\Public\\Desktop\\iTunes.lnk

[2013/01/05 15:38:46 | 000,000,064 | ---- | C] () -- C:\\Windows\\GPlrLanc.dat

[2012/06/23 13:59:13 | 000,000,014 | ---- | C] () -- C:\\Windows\\System32\\systeminfo3.dll

[2012/06/23 13:58:52 | 000,081,920 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\ezpinst.exe

[2012/03/19 17:15:35 | 002,469,760 | ---- | C] () -- C:\\Windows\\System32\\BootMan.exe

[2012/03/19 17:15:35 | 000,086,408 | ---- | C] () -- C:\\Windows\\System32\\setupempdrv03.exe

[2012/03/19 17:15:35 | 000,019,840 | ---- | C] () -- C:\\Windows\\System32\\EuEpmGdi.dll

[2012/03/19 17:15:35 | 000,014,216 | ---- | C] () -- C:\\Windows\\System32\\epmntdrv.sys

[2012/03/19 17:15:35 | 000,008,456 | ---- | C] () -- C:\\Windows\\System32\\EuGdiDrv.sys

[2012/03/13 18:56:15 | 000,014,976 | ---- | C] () -- C:\\Windows\\System32\\drivers\\SBKUPNT.SYS

[2012/03/13 18:56:15 | 000,013,312 | ---- | C] () -- C:\\Windows\\System32\\DEVLOAD.EXE

[2012/03/13 18:56:14 | 000,000,543 | ---- | C] () -- C:\\Windows\\SWISV3.INI

[2012/03/13 18:56:12 | 000,000,287 | ---- | C] () -- C:\\Windows\\SKNIFE.INI

[2012/03/13 17:46:10 | 000,002,799 | ---- | C] () -- C:\\Windows\\SKLANG.INI

[2011/06/16 19:26:26 | 000,000,131 | ---- | C] () -- C:\\ProgramData\\Microsoft.SqlServer.Compact.351.32.bc

[2008/12/09 09:13:19 | 000,007,728 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\d3d9caps.dat

[2008/11/16 20:49:17 | 000,000,087 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\default.pls

[2008/10/16 16:38:42 | 000,001,024 | ---- | C] () -- C:\\Users\\jon\\.rnd

[2008/10/13 16:44:40 | 000,138,056 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PnkBstrK.sys

[2008/10/10 14:57:43 | 000,027,503 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\UserTile.png

[2008/10/08 01:24:50 | 000,061,678 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JPR.{PB

[2008/10/08 01:24:50 | 000,012,358 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\PFP100JCM.{PB

[2008/10/07 00:10:25 | 000,213,504 | ---- | C] () -- C:\\Users\\jon\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/10/06 17:31:52 | 000,087,608 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\inst.exe

[2008/10/06 17:31:52 | 000,007,887 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.cat

[2008/10/06 17:31:52 | 000,001,144 | ---- | C] () -- C:\\Users\\jon\\AppData\\Roaming\\pcouffin.inf

[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\\Program Files\\Common Files\\CPInstallAction.dll

[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\\Program Files\\Common Files\\banner.jpg

 

========== ZeroAccess Check ==========

 

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 127 bytes -> C:\\ProgramData\\TEMP:430C6D84

@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:DFC5A2B2

 

< End of report >

 

Logged

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« Reply #8 on: June 08, 2013, 02:07:38 PM »
Here are the security results

 

 Results of screen317\'s Security Check version 0.99.64  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:``````````````[/u] 

 Windows Firewall Enabled!  

AVG Anti-Virus Free Edition 2011   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:`````````[/u] 

 Out of date HijackThis  installed! 

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.70.0.1100  

 HijackThis 2.0.2    

 TuneUp Utilities    

 TuneUp Utilities Language Pack (en-US) 

 CCleaner (remove only)   

 Java(TM) 6 Update 20  

 Java version out of Date! 

 Adobe Flash Player 10 Flash Player out of Date! 

  Adobe Flash Player 10.1.102.64 Flash Player out of Date!  

 Adobe Reader 8 Adobe Reader out of Date! 

 Mozilla Firefox (3.5.9) Firefox out of Date!  

 Google Chrome 27.0.1453.110  

 Google Chrome 27.0.1453.94  

````````Process Check: objlist.exe by Laurent````````[/u]  

 AVG avgwdsvc.exe 

 AVG avgtray.exe 

 AVG avgrsx.exe 

 AVG avgnsx.exe 

 AVG avgemc.exe 

`````````````````System Health check`````````````````[/u] 

 Total Fragmentation on Drive C: 1 % 

````````````````````End of Log``````````````````````[/u] 

 

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Malware
« Reply #9 on: June 08, 2013, 06:58:10 PM »

how are things running on your end now???

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline darko2021

  • Newbie
  • *
  • Posts: 36
  • Karma: +0/-0
    • View Profile
Please help! Malware
« Reply #10 on: June 08, 2013, 08:36:45 PM »

Much better does it look like everything is ok now?

Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Malware
« Reply #11 on: June 09, 2013, 01:04:49 PM »
Download TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe\'>http://support.kaspersky.com/downloads/utils/tdsskiller.exe
Save it to your desktop then double click on it to run it

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named \"TDSSKiller.txt\" please copy and paste the contents in your next reply.
=========================================================

Let\'s get some of your software updated and more secure
Your copy of Mozilla Firefox is outdated and insecure...
Can you open your copy of Firefox, click on HELP>>ABOUT and allow Firefox to update
Restart firefox when prompted... Keep checking for updates till you have them all
 
NEXT: Your version of Adobe Flash is outdated
Download the Adobe Flash uninstaller from the following link
http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe\'>http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe
 
Save it to your desktop, close all open browsers
Right click on the uninstaller and choose to \"Run as Admin\"
Ok all prompts.. After uninstalled, delete the uninstaller
We\'ll update Flash in a bit
 
NEXT:
Your copies of Adobe Reader and Sun Java are outdated and insecure
Keep all browser windows closed
Access \"Programs and Features\" in Control Panel and uninstall your versions of Adobe Reader and Sun Java
This includes the following:
Adobe Reader 8.3.1
and Java 6 Update 20
 
reboot the computer afterwards:
Back in Windows please do the following:
 
Update Flash: Download and save the installers to the latest version of Flash
Save both these installers to desktop, close all open browser windows
Then right click on each installer, and \"Run as Admin\" and install each copy
One for IE, the other for other Browsers
http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe\'>http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_active_x.exe
http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe\'>http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_11_plugin.exe

You can delete the installers after updating
Go and update Sun Java from the following link
http://java.com/en/download/index.jsp\'>http://java.com/en/download/index.jsp
Careful when installing, ensure to uncheck the option for any additional software, such as Google chrome, mcafee security scan, etc..

After installation, update Adobe Reader from the following link:
http://get.adobe.com/reader/\'>http://get.adobe.com/reader/
Again uncheck any additional software

If you have any External hard drives or thumbdrives... Scan them with your AntiVirus software and ensure no infected files are present
 
======================================= 
Double click on OTL.exe and Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please

    :OTL
    IE - HKCU\\..\\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKCU\\..\\SearchScopes,DefaultScope =
    O3 - HKLM\\..\\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\\..\\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
    O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\\Run: [] File not found
    O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = winampxml/winxml.exe
    O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\explore\\command - \"\" = winampxml/winxml.exe
    O33 - MountPoints2\\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\\Shell\\open\\command - \"\" = winampxml/winxml.exe
    O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell - \"\" = AutoRun
    O33 - MountPoints2\\{945815f3-97b1-11e0-9ce9-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = \"I:\\WD SmartWare.exe\" autoplay=true
    O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell - \"\" = AutoRun
    O33 - MountPoints2\\{f7f41516-ac45-11dd-8684-0015aff7be25}\\Shell\\AutoRun\\command - \"\" = F:\\FarCryAutoCD.exe
    [2013/06/08 08:00:53 | 000,000,000 | ---D | C] -- C:\\JRT
    [2013/06/08 07:50:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\\Users\\jon\\Desktop\\JRT.exe
    [2013/06/08 14:53:56 | 000,890,839 | ---- | M] () -- C:\\Users\\jon\\Desktop\\SecurityCheck.exe
    [2013/06/08 07:49:09 | 000,640,135 | ---- | C] () -- C:\\Users\\jon\\Desktop\\AdwCleaner.exe

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\\_OTL\\Moved Files folder

Let me know again if things are still running good please
« Last Edit: June 09, 2013, 07:41:52 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Please help! Malware
« Reply #12 on: June 17, 2013, 11:31:20 PM »

No reply from topic starter in awhile, locking this topic


 


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »