superhawk
-
Posts
28 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by superhawk
-
-
Nothing has changed. I tried (again) to delete 'A Youtube Downloader Free.dll' and 'A Youtube Downloader Free.xpi' but am still not able. My FireFox homepage is still 'apype.com. with 'www.search.starburnsoftware.com in the address bar.
After running the OTL(per your instructions) it left an OTL.Txt, but not an Extras.Txt. A searched, but could not find the 'Extras', so I ran the program again, with the same results; no 'Extras.Txt'.
Here is the OTL log it gave me:
OTL logfile created on: 12/12/2012 9:15:57 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.48 Mb Total Physical Memory | 398.27 Mb Available Physical Memory | 39.22% Memory free
2.38 Gb Paging File | 1.45 Gb Available in Paging File | 60.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.88 Gb Total Space | 36.43 Gb Free Space | 25.32% Space Free | Partition Type: NTFS
Drive D: | 5.16 Gb Total Space | 1.80 Gb Free Space | 34.80% Space Free | Partition Type: FAT32
Drive F: | 27.94 Gb Total Space | 11.20 Gb Free Space | 40.10% Space Free | Partition Type: FAT32
Drive G: | 233.75 Gb Total Space | 128.43 Gb Free Space | 54.94% Space Free | Partition Type: NTFS
Drive H: | 7.45 Gb Total Space | 7.38 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
Computer Name: COMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Program Files\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe ()
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Nuance\PDF Create 7\PdfCreate7Hook.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\WINDOWS\ModPS2Key.exe (Chicony)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe ()
PRC - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpofxm07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hposts07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpoevm07.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\hpoipm07.exe (HP)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVAST Software\Avast\defs\12121102\algo.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll ()
MOD - C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl ()
MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madBasic_.bpl ()
MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madDisAsm_.bpl ()
MOD - C:\WINDOWS\zHotkey.exe ()
MOD - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe ()
MOD - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.dll ()
MOD - C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\dot1x_dll.dll ()
MOD - F:\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
MOD - C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll ()
MOD - C:\Program Files\Hewlett-Packard\AiO\Shared\Bin\hpopxs07.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (Verizon)
SRV - (tgsrvc_verizondm) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_verizondm) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys File not found
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS File not found
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys ()
DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (xcbdaNtsc) -- C:\WINDOWS\system32\drivers\xcbda.sys (ViXS Systems Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ZD1211BU(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (Diag69xp) -- C:\WINDOWS\system32\drivers\diag69xp.sys (Realtek Semiconductor Corporation)
DRV - (LANPkt) -- C:\WINDOWS\system32\drivers\LANPkt.sys (Windows ® 2000 DDK provider)
DRV - (el575nd5) -- C:\WINDOWS\system32\drivers\el575ND5.sys (3Com Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\Documents and Settings\Owner\A Youtube Downloader Free.dll (HotSummerWind Software)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://apype.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: 14xRm@skywebsearch.com:3.0.0.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: 14xRm%40skywebsearch.com:3.0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files\Nuance\PDF Viewer Plus\bin\nppdf.dll (Zeon Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/04 09:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/07 23:25:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/07 23:24:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/08 16:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\14xRm@skywebsearch.com: C:\DOCUME~1\Owner\A Youtube Downloader Free.xpi [2012/09/27 17:40:26 | 000,046,060 | ---- | M] ()
[2012/10/17 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/10/17 11:49:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/12/04 21:06:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions
[2012/12/04 21:06:01 | 000,531,070 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/12/07 23:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/07 23:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/07 23:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/27 17:40:26 | 000,046,060 | ---- | M] () (No name found) -- C:\DOCUME~1\OWNER\A YOUTUBE DOWNLOADER FREE.XPI
[2012/12/04 09:31:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/24 15:07:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/12/07 23:25:02 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/12 09:19:39 | 000,002,261 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Custom search.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/12/07 17:24:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\Documents and Settings\Owner\A Youtube Downloader Free.dll (HotSummerWind Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (A Youtube Downloader Free) - {c0415407-4ed2-48e1-900e-ee869abdd1f3} - C:\Documents and Settings\Owner\A Youtube Downloader Free.dll (HotSummerWind Software)
O4 - HKLM..\Run: [A Youtube Downloader Free_Helper] C:\Program Files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [indexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\isuspm.exe (Flexera Software, Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Create 7\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFCreHook] C:\Program Files\Nuance\PDF Create 7\PdfCreate7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Viewer Plus\PdfPro7Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort14reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [showWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Open with PDF Viewer 7 - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FA29D3-2724-4F82-866D-7B62D3F3C634}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 19:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/11 23:06:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/12/09 23:10:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/09 17:46:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/12/08 16:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2012/12/07 23:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/07 17:14:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/12/07 17:14:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/12/07 17:14:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/12/07 17:14:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/12/07 17:14:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/07 08:33:39 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/12/05 21:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2012/12/04 08:07:04 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/12/03 13:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\EUSING~1
[2012/12/02 22:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2012/12/02 22:04:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2012/12/02 22:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/12/02 09:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\A Youtube Downloader Free
[2012/09/27 17:40:26 | 000,447,488 | ---- | C] (HotSummerWind Software) -- C:\Documents and Settings\Owner\A Youtube Downloader Free.dll
[2012/01/14 20:22:39 | 000,048,128 | ---- | C] (DBS GmbH, Bremen-Germany) -- C:\Program Files\WNDTLS32.DLL
[2012/01/14 20:22:38 | 000,605,184 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLI32.DLL
[2012/01/14 20:22:38 | 000,238,080 | ---- | C] (DBS GmbH) -- C:\Program Files\TX4OLE.OCX
[2012/01/14 20:22:38 | 000,173,568 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLO32.DLL
[2012/01/14 20:22:38 | 000,066,560 | ---- | C] (DBS GmbH) -- C:\Program Files\TXTLS32.DLL
[2011/10/20 13:45:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2012/12/12 09:24:54 | 000,023,145 | ---- | M] () -- C:\Documents and Settings\Owner\config.cfg
[2012/12/12 09:24:54 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012/12/12 09:24:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/12 09:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/12 08:10:20 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/11 23:06:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.exe
[2012/12/11 21:31:06 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/12/11 11:45:53 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/12/11 11:45:51 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
[2012/12/11 11:45:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/11 11:45:34 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/10 23:22:03 | 000,545,819 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2012/12/09 23:11:50 | 000,000,627 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/12/09 17:45:35 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.lnk
[2012/12/07 17:24:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/07 17:12:50 | 000,001,674 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/12/07 08:33:55 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2012/12/07 07:04:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/12/06 22:22:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/05 21:41:24 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/05 21:00:28 | 000,681,984 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2012/12/04 21:09:00 | 000,000,097 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2012/12/04 21:08:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/12/04 20:43:33 | 000,806,696 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/04 09:31:48 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/12/04 08:07:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner\Desktop\aswMBR.exe
[2012/12/03 11:14:50 | 067,655,385 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Firefox 16.0.2 (en-US) - 2012-12-03.pcv
[2012/11/27 15:17:21 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/27 15:17:20 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2012/12/10 23:22:02 | 000,545,819 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2012/12/09 23:11:50 | 000,000,627 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2012/12/09 17:45:35 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to ComboFix.lnk
[2012/12/07 17:14:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/12/07 17:14:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/12/07 17:14:55 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/12/07 17:14:55 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/12/07 17:14:55 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/12/07 17:12:50 | 000,001,674 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/12/05 21:00:27 | 000,681,984 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CKScanner.exe
[2012/12/03 11:13:16 | 067,655,385 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Firefox 16.0.2 (en-US) - 2012-12-03.pcv
[2012/12/02 09:47:07 | 000,023,145 | ---- | C] () -- C:\Documents and Settings\Owner\config.cfg
[2012/12/02 09:23:42 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012/10/27 19:48:13 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2012/10/19 19:19:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2012/10/17 12:42:59 | 000,524,208 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/09/27 17:40:26 | 000,046,060 | ---- | C] () -- C:\Documents and Settings\Owner\A Youtube Downloader Free.xpi
[2012/06/27 15:56:15 | 000,013,076 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/06/27 15:55:53 | 000,017,944 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/06/27 15:55:52 | 004,022,504 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2012/06/06 22:21:29 | 000,000,062 | ---- | C] () -- C:\WINDOWS\PPDeskVw.INI
[2012/05/02 19:49:38 | 000,000,448 | ---- | C] () -- C:\WINDOWS\label.ini
[2012/04/17 16:14:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/01/14 20:22:40 | 000,244,984 | ---- | C] () -- C:\Program Files\TUTIL32.DLL
[2012/01/14 20:22:38 | 000,314,880 | ---- | C] () -- C:\Program Files\TX32.DLL
[2011/11/20 22:00:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2011/10/29 22:40:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2011/10/29 22:40:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2011/10/29 22:40:37 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2011/10/25 07:56:41 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2011/10/25 07:54:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/10/21 09:51:23 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 09:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/21 08:36:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2011/10/21 08:02:52 | 000,000,097 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls
[2011/10/21 08:02:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 17:24:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/10/20 11:20:38 | 000,716,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2011/10/19 17:26:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/19 17:24:01 | 000,547,840 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2011/10/19 17:24:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2011/10/19 17:24:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2011/10/19 17:24:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2011/10/19 17:23:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2011/10/19 16:53:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/10/19 14:09:24 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2011/10/19 14:09:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/10/19 14:09:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/10/19 14:09:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/10/19 14:09:04 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/10/19 14:08:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/10/19 14:08:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/10/19 14:08:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/10/19 14:08:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/10/19 14:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/10/19 14:06:27 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/08/13 12:13:10 | 000,034,326 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
========== ZeroAccess Check ==========
[2006/05/06 19:44:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2006/10/23 10:34:22 | 001,497,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2004/08/04 14:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004/08/04 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/10/30 17:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/20 22:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2012/06/06 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/12/02 22:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/06/06 22:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2012/04/04 13:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/10/17 11:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/11/05 10:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/10/21 13:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2012/06/06 14:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2011/10/19 17:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/10/25 07:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2012/03/12 01:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2012/06/06 22:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.oit
[2012/03/26 19:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2012/03/05 08:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2012/01/15 00:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2012/12/02 22:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2012/10/29 15:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Forte
[2011/10/21 09:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2012/09/07 07:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FVD Suite
[2012/09/12 08:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2012/10/29 16:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GrabIt
[2012/05/31 19:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2012/06/06 14:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nuance
[2012/06/24 15:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OverDrive
[2012/12/02 22:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2011/10/19 17:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/10/27 19:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
[2012/04/04 10:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2011/10/31 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2012/10/17 11:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TomTom
[2012/12/03 14:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2012/11/28 19:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2012/06/06 14:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Zeon
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\RHDSetup.log:SummaryInformation
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FD9CE1F3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
< End of report >
I appreciate your patience, but if this does not work, I think it is time to scrap this computer. I bought it cheap/used from a neighbor and do not need a computer bad enough to fight with it.
-
Here is the log AdwCleaner[s1]:
# AdwCleaner v2.100 - Logfile created 12/11/2012 at 11:43:36
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - COMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Application Updater
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
***** [internet Browsers] *****
-\\ Internet Explorer v7.0.6000.16544
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1606 octets] - [10/12/2012 23:38:46]
AdwCleaner[s1].txt - [1554 octets] - [11/12/2012 11:43:36]
########## EOF - C:\AdwCleaner[s1].txt - [1614 octets] ##########
-
Restarting did not change anything. Here is the log from AdwCleaner:
# AdwCleaner v2.100 - Logfile created 12/10/2012 at 23:38:46
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Owner - COMPUTER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\Owner\Application Data\Application Updater
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Wajam
***** [Registry] *****
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
***** [internet Browsers] *****
-\\ Internet Explorer v7.0.6000.16544
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
Profile name : default
File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1477 octets] - [10/12/2012 23:38:46]
########## EOF - C:\AdwCleaner[R1].txt - [1537 octets] ##########
-
My FireFox 'home' page is still http://apype.com with starburnsoftware.com in the address bar and the extra toolbar is still here(Google Custom Search, 'Save video, and 'Save mp3'). Nothing seems to have changed. Do I need to re-start the computer?
-
The log:
ComboFix 12-12-07.01 - Owner 12/09/2012 17:47:54.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.360 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-08 21:06 . 2012-12-08 23:30 -------- d-----w- c:\program files\Mozilla Thunderbird
2012-12-07 02:37 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll
2012-12-06 02:04 . 2012-12-06 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2012-12-03 18:58 . 2012-12-03 18:58 -------- d-----w- c:\program files\EUSING~1
2012-12-03 03:04 . 2012-12-03 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-12-03 03:04 . 2012-12-03 03:04 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2012-12-03 03:04 . 2012-12-03 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-12-02 14:23 . 2012-12-05 01:40 -------- d-----w- c:\program files\A Youtube Downloader Free
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 23:51 . 2011-10-30 22:45 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2011-10-30 22:45 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2011-10-30 22:45 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2011-10-30 22:45 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2011-10-30 22:45 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2011-10-30 22:45 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2011-10-30 22:45 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2011-10-30 22:45 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2011-10-30 22:45 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2011-10-30 22:45 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-09 04:13 . 2012-03-28 23:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 04:13 . 2012-01-07 00:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2012-03-26 20:52 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 19:32 . 2012-06-24 20:07 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2011-11-08 13:35 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2011-10-19 22:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
1998-07-20 07:47 . 2012-01-15 01:22 605184 ----a-w- c:\program files\LLI32.DLL
1998-07-20 07:47 . 2012-01-15 01:22 173568 ----a-w- c:\program files\LLO32.DLL
1998-06-09 02:00 . 2012-01-15 01:22 244984 ----a-w- c:\program files\TUTIL32.DLL
1997-07-23 11:01 . 2012-01-15 01:22 314880 ----a-w- c:\program files\TX32.DLL
1997-07-21 23:11 . 2012-01-15 01:22 238080 ----a-w- c:\program files\TX4OLE.OCX
1997-07-21 07:31 . 2012-01-15 01:22 66560 ----a-w- c:\program files\TXTLS32.DLL
1997-07-21 07:22 . 2012-01-15 01:22 48128 ----a-w- c:\program files\WNDTLS32.DLL
2012-12-08 04:25 . 2012-12-08 04:24 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"PDFProHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro7hook.exe" [2011-07-01 607592]
"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2011-08-13 30568]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2011-08-13 46952]
"PPort14reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
"PDFCreHook"="c:\program files\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-06-28 605032]
"PDF7 Registry Controller"="c:\program files\Nuance\PDF Create 7\RegistryController.exe" [2011-06-28 140136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"A Youtube Downloader Free_Helper"="c:\program files\A Youtube Downloader Free\A Youtube Downloader Free_Helper.exe" [2012-09-27 1434112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
HPAiODevice(hp officejet v series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe [2002-4-25 487487]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe [2011-10-29 487424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\2\\VsoDownloader.exe"=
"c:\\Program Files\\FVD Suite\\FVD Downloader\\FVD Downloader.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/30/2011 5:45 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/30/2011 5:45 PM 361032]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/30/2011 5:45 PM 21256]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/19/2012 7:44 PM 352248]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 6:53 PM 8440]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/18/2012 8:01 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2012 3:53 PM 676936]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 7:45 PM 35088]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [8/13/2011 12:50 PM 138600]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 5:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 5:11 AM 185640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/28/2012 6:41 AM 92632]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 6:53 PM 11237]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2012 3:52 PM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/20/2011 1:45 PM 47360]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [10/19/2011 4:49 PM 69692]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 xcbdaNtsc;ASUS PHC3-100 (NTSC);c:\windows\system32\drivers\xcbda.sys [10/25/2011 7:54 AM 157568]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SYSMONLOG
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 04:13]
.
2012-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-12-07 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-12 15:30]
.
2012-12-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-01 23:50]
.
2012-12-07 c:\windows\Tasks\GlaryInitialize.job
- g:\program files\Glary Utilities\initialize.exe [2012-09-12 12:46]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 7\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Open with PDF Viewer 7 - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\
FF - ExtSQL: 2012-10-17 13:43; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: 2012-12-02 11:18; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 17:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
- - - - - - - > 'explorer.exe'(3360)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-12-09 17:57:30
ComboFix-quarantined-files.txt 2012-12-09 22:57
ComboFix2.txt 2012-12-07 22:26
.
Pre-Run: 39,785,086,976 bytes free
Post-Run: 39,771,439,104 bytes free
.
- - End Of File - - 0946BF20F31BED14FAC75E3F7771FF9A
-
I am sorry to bother you again, but there are two (2) folders, in the 'windows' section, that start with $NtServicePackUninstall. One ends with 'IDNMitigationAPI$', and the other ends with'NLSDownlevelMapping$'. Is it one of these?
-
My System Restore screen offers 'OK', 'Cancel', and 'Apply'. It says that it is 'Monitoring' the 'C' drive, but I do not see where I can 'make' a restore point. I'm sorry. Should I continue with the rest?
-
-
Thank you. Here is the ComboFix log:log.txt
-
Also, my neighbor said I have 3 'drives' in this computer that did not come with it when it was new. He looked through them and said they have nothing that I need. He can remove them if that helps (He said he can clean (?) them and use them on his computer).
Thanks.
-
I removed the 'SuperAntiSpyware' in the 'Add/Remove' area, but it left everything in the folder so I deleted everything in the folder 'except' 'SASCTXMN.DLL' and 'SASWINLO.dll'. The computer would not allow me to delete them.
Without the 'SuperAntiSpyware', will people be looking in my computer? Should I buy something for that?
Here are the files/logs.
CKScanner:
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files\emachines games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\emachines games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\musicmatch\musicmatch jukebox\crypt.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
scanner sequence 3.CA.11.DRCPTT
----- EOF -----attach.txtdds.txt
-
This is a 'used' computer and I have no need for most of the software in it. Tell me which ones and how to delete them.
-
Here are the results.
CKScanner Report:
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
c:\program files\emachines games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\emachines games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\musicmatch\musicmatch jukebox\crypt.dll
c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
c:\program files\superantispyware\crack.exe
c:\program files\superantispyware\crack\crack.exe
c:\program files\superantispyware\crack\desktop.ini
scanner sequence 3.FA.11.SHNAIO
----- EOF -----
-
I ran the program and have the results. Thank you for your patience.
-
Yes, I ran the program. I then pressed "save log" and it saved onto the desktop. However, the icon is a DVD with a blue circle in the top right corner and an arrow inside the circle. It is tied to my 'Nero" video player and I cannot get it to change. When I open 'properties', it says it is a '.dat' file, but neither wordpad, nor notepad gives me a readable screen. I will run the program again if you think I might have done something wrong.
Yes, 'private message' is what I was wondering. I should have guessed, but I'm not real computer savy.
-
It says "You are not permitted to upload this kind of file".
On my desktop it has the image of a DVD. Is that correct?
What is 'PM'?
-
Downloading something that was 'recommended' to me, I discovered it was something else entirely. I have a new-look FireFox browser and 'software' I've never heard of and cannot get rid of. Can you help?
Thank you.attach.txtdds.txt
-
No change. Mozilla is still keeping it's correct homepage, but there are still balloons saying that Malwarebytes is successfully blocking access to a potentially malicious website (incoming/outgoing) However, they don't seem to show up as often.
I'm not that familiar with how Malwarbytes works. Is this 'notice' what it's supposed to do? Do I ignore them?
-
Is this it?
ComboFix 12-04-17.01 - Owner 04/17/2012 17:09:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.505 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-15 16:21 . 2012-04-15 16:21 -------- d-----w- c:\program files\ESET
2012-04-13 21:54 . 2012-04-15 03:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2012-04-09 12:52 . 2012-04-10 17:47 -------- d-----w- C:\_OTL
2012-04-08 03:37 . 2012-04-08 03:37 593920 ----a-w- c:\program files\OTL.exe
2012-04-04 18:29 . 2012-04-04 18:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft
2012-04-04 18:29 . 2012-04-04 18:29 -------- d-----w- c:\program files\VERIZONDM
2012-04-04 18:29 . 2012-04-04 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2012-04-04 18:28 . 2012-04-04 18:29 -------- d-----w- c:\program files\Common Files\SupportSoft
2012-04-04 18:21 . 2012-04-04 18:21 -------- d-----w- c:\windows\Sun
2012-04-04 15:55 . 2012-04-04 15:55 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-04-04 15:55 . 2012-04-04 15:55 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-04 15:51 . 2012-04-04 15:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TechWizard
2012-04-04 03:51 . 2012-04-04 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-04 03:51 . 2012-04-06 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-04 03:51 . 2012-04-04 03:51 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-04-04 03:50 . 2012-04-04 03:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-28 23:31 . 2012-04-14 18:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 20:53 . 2012-03-26 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-03-26 20:53 . 2012-03-26 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-26 20:52 . 2012-04-10 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-26 20:52 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 03:07 . 2012-03-26 03:13 -------- d-----w- c:\program files\1-Click YouTube Downloader
2012-03-25 05:22 . 2012-03-26 12:29 -------- d-----w- C:\YouTubeVideos
2012-03-23 15:38 . 2012-03-26 12:28 -------- d-----w- C:\downloads
2012-03-23 15:33 . 2012-03-23 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\56 Downloader(xmlbar)
2012-03-18 23:50 . 2012-03-18 23:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 23:50 . 2012-03-18 23:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:13 . 2012-01-07 00:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-10-30 22:45 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-30 22:45 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-10-30 22:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-10-30 22:45 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-10-30 22:45 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-10-30 22:45 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-30 22:45 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-10-30 22:45 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-10-30 22:45 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-10-30 22:45 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-24 23:19 . 2011-10-19 22:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-24 23:19 . 2011-11-08 13:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-12 23:17 . 2011-10-20 18:45 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-02-12 23:17 . 2011-10-20 18:45 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
1998-07-20 07:47 . 2012-01-15 01:22 605184 ----a-w- c:\program files\LLI32.DLL
1998-07-20 07:47 . 2012-01-15 01:22 173568 ----a-w- c:\program files\LLO32.DLL
1998-06-09 02:00 . 2012-01-15 01:22 244984 ----a-w- c:\program files\TUTIL32.DLL
1997-07-23 11:01 . 2012-01-15 01:22 314880 ----a-w- c:\program files\TX32.DLL
1997-07-21 23:11 . 2012-01-15 01:22 238080 ----a-w- c:\program files\TX4OLE.OCX
1997-07-21 07:31 . 2012-01-15 01:22 66560 ----a-w- c:\program files\TXTLS32.DLL
1997-07-21 07:22 . 2012-01-15 01:22 48128 ----a-w- c:\program files\WNDTLS32.DLL
2012-03-18 23:50 . 2011-10-30 21:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe [2011-10-29 487424]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\2\\VsoDownloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/30/2011 6:45 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/30/2011 6:45 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/30/2011 6:45 PM 20696]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 7:53 PM 8440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2012 4:53 PM 654408]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 8:45 PM 35088]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 6:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 6:11 AM 185640]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 7:53 PM 11237]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2012 4:52 PM 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/20/2011 2:45 PM 47360]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 290832]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 7:31 PM 253088]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [10/19/2011 5:49 PM 69692]
S3 xcbdaNtsc;ASUS PHC3-100 (NTSC);c:\windows\system32\drivers\xcbda.sys [10/25/2011 8:54 AM 157568]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 18:13]
.
2012-04-15 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-12 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{6B896ADB-4A82-46e2-858C-13134782CE34} - c:\program files\Xmlbar\56 Downloader\IEBar\xbietb.dll
AddRemove-uTorrent - g:\program files\uTorrent\uTorrent.exe
AddRemove-Xmlbar 56Downloader - c:\program files\Xmlbar\56 Downloader\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 17:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2012-04-17 17:16:17
ComboFix-quarantined-files.txt 2012-04-17 21:16
.
Pre-Run: 76,858,933,248 bytes free
Post-Run: 76,819,906,560 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 002A7C4B8D372FFB0B4F64869E5DF6D0
-
Yes. The 'btsearch.name' has disappeared. Mozilla now has its' regular homepage.The balloons/bubbles that say Malwarebytes has stopped an "incoming"/"outgoing" threat are still showing up, but not as frequently. Is that O.K.?
I will add that I am not the only one using this computer in the house (only recently took possesion of it). I have stopped all other users for the duration of this issue (and maybe beyond). I assume that it will help to not have a bunch of people doing things that I can't control.
-
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1aa40d1ebe1faa4ea132c0de212e852c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 05:11:39
# local_time=2012-04-15 01:11:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105139
# found=6
# cleaned=6
# scan_time=2787
C:\Documents and Settings\Owner\My Documents\Downloads\cnet2_MozillaRestorer_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Setups\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Setups\YouTubeDownloaderSetup27.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Downloads\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP6\A0000404.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Setups\Programs\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
-
Is this it?
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "http://www.btsearch.name/" removed from browser.startup.homepage
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\locale folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\components folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Xmlbar Search\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.
C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.
File C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe not found.
Folder C:\Program Files\uTorrent\ not found.
C:\Program Files\Xmlbar\56 Downloader\sounds folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\language folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar\config\defaults folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar\config\Chinese Simplified folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar\config folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\config folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader folder moved successfully.
C:\Program Files\Xmlbar folder moved successfully.
C:\Documents and Settings\Owner\Application Data\inst.exe moved successfully.
C:\Documents and Settings\Owner\Application Data\pcouffin.cat moved successfully.
C:\Documents and Settings\Owner\Application Data\pcouffin.inf moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\ie folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\Cache folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 589084 bytes
->Temporary Internet Files folder emptied: 42837481 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49848754 bytes
->Flash cache emptied: 26 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 89.00 mb
Restore points cleared and new OTL Restore Point set!
OTL by OldTimer - Version 3.2.39.2 log created on 04102012_133210
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
-
It worked! Thank you for your help, Maniac.
-
Thank you for being so patient, Maniac.
O.K., I 'Exited' Malwarebytes and retried OTL (copy & paste, etc). It's been over three hours and is still saying
Killing processes. DO NOT INTERRUPT...
But, it has not displayed the MBAMService terminated unexpectedly... message. Does it take this long or should I reboot and try again?
I'm sorry I don't understand computers better to help your assistance.
Jay
I can't change my 'home' page.
in Resolved Malware Removal Logs
Posted
I followed the above and let it run for 8 hours. It would not stop, so I shut down the computer and followed the instructions again. After another eight hours, it was still running, so, again, I shut down and re-started the computer. There is no change. I really do appreciate your trying to help, but it is not worth any more time. My neighbor says he can use some of the good parts and throw away the bad. When I can afford it, I will just buy a new computer and not download anything into it. Thank you, again. I do not have palpal. Is there somewhere I can send a money order? I will keep this running for two days for your reply. Thank you, again, and have a Merry Christmas.