Jump to content

Constant outgoing IP blocking when IE is open. Virus?


Recommended Posts

I have done full scans with Malwarebyes and Avast free antivirus and neither has found anything. I still get constant outgoing IP blocking though and internet browsing feels sluggish so I suspect I still have something.

I did at one time (about a year ago) I did have a rootkit infecting this computer but was able to clear up everything.

Anyways here's my logs

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Rahne at 23:57:12 on 2012-08-05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.30 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxext.exe

C:\DOCUME~1\Rahne\LOCALS~1\Temp\RtkBtMnt.exe

svchost.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: PricePeep: {fd6d90c0-e6ee-4bc6-b9f7-9ed319698007} - c:\program files\pricepeep\pricepeep.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

mRun: [Preload] c:\windows\RUNXMLPL.exe

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe

mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe

mRun: [boot] c:\acer\empowering technology\epower\Boot.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 0

mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

Trusted Zone: phoenix.edu

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212171958234

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280258516281

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-20 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-20 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-20 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-20 44808]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-14 655944]

R2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [2011-6-2 165888]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-14 22344]

R3 SCTDriverV1011;SCTDriverV1011;c:\windows\system32\drivers\SCTDriverV1011.sys [2010-5-10 202800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-1-31 158856]

S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-10 250056]

S3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\netwlx32.sys --> c:\windows\system32\drivers\NETwLx32.sys [?]

S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

=============== Created Last 30 ================

.

2012-07-10 10:22:45 -------- d-----w- c:\documents and settings\rahne\local settings\application data\WeatherBug

2012-07-10 10:22:40 -------- d-----w- c:\documents and settings\rahne\application data\WeatherBug

2012-07-10 10:22:26 18944 ----a-r- c:\documents and settings\rahne\application data\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe

2012-07-10 10:21:01 -------- d-----w- c:\program files\Blinkx

2012-07-10 10:20:18 -------- d-----w- c:\program files\PricePeep

2012-07-10 10:19:49 -------- d-----w- c:\program files\Conduit

2012-07-10 10:19:39 -------- d-----w- c:\documents and settings\rahne\local settings\application data\Conduit

2012-07-10 10:19:16 -------- d-----w- c:\documents and settings\all users\application data\UpdaterService

.

==================== Find3M ====================

.

2012-08-03 21:25:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 21:25:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 20:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 0:04:33.82 ===============

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 05/30/2008 11:29:39 PM

System Uptime: 08/02/2012 7:01:05 PM (77 hours ago)

.

Motherboard: Acer | | Biwa

Processor: Intel® Core2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1662/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 53 GiB total, 23.723 GiB free.

D: is FIXED (FAT32) - 53 GiB total, 36.845 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\FF1083D71D72FF

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\FF1083D71D72FF

Service: NIC1394

.

==== System Restore Points ===================

.

RP445: 05/23/2012 11:59:26 AM - System Checkpoint

RP446: 05/24/2012 8:21:11 PM - System Checkpoint

RP447: 05/31/2012 9:20:21 PM - System Checkpoint

RP448: 06/05/2012 12:10:13 PM - Software Distribution Service 3.0

RP449: 06/06/2012 11:26:56 PM - System Checkpoint

RP450: 06/11/2012 9:19:27 AM - System Checkpoint

RP451: 06/14/2012 5:34:39 AM - Software Distribution Service 3.0

RP452: 06/18/2012 1:13:08 PM - System Checkpoint

RP453: 06/19/2012 1:22:58 PM - System Checkpoint

RP454: 06/20/2012 2:39:59 PM - System Checkpoint

RP455: 06/22/2012 9:37:09 PM - System Checkpoint

RP456: 06/26/2012 9:22:49 AM - System Checkpoint

RP457: 07/01/2012 8:18:46 PM - System Checkpoint

RP458: 07/10/2012 5:22:19 AM - Installed WeatherBug

RP459: 07/11/2012 3:33:17 PM - Software Distribution Service 3.0

RP460: 07/13/2012 2:53:13 PM - Removed WeatherBug

RP461: 07/17/2012 9:20:56 AM - System Checkpoint

RP462: 07/19/2012 4:57:18 PM - System Checkpoint

RP463: 07/20/2012 6:31:18 PM - System Checkpoint

RP464: 07/21/2012 9:00:34 PM - System Checkpoint

RP465: 07/23/2012 4:37:23 PM - System Checkpoint

RP466: 07/25/2012 3:19:05 PM - System Checkpoint

RP467: 07/27/2012 3:34:53 PM - System Checkpoint

RP468: 07/29/2012 8:18:07 AM - System Checkpoint

RP469: 07/31/2012 9:13:35 AM - System Checkpoint

RP470: 08/02/2012 2:30:55 PM - System Checkpoint

RP471: 08/03/2012 10:27:55 PM - System Checkpoint

RP472: 08/05/2012 12:26:50 AM - System Checkpoint

.

==== Installed Programs ======================

.

Acer eDataSecurity Management

Acer eDataSecurity Management 2.0.4088

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer GridVista

Acer ScreenSaver

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11

Agere Systems HDA Modem

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Software Suite

avast! Free Antivirus

blinkx beat

Broadcom Gigabit Integrated Controller

Compatibility Pack for the 2007 Office system

Critical Update for Windows Media Player 11 (KB959772)

Data Viewer 3.3.0.8

DSDownloader 2.2.2.6

eFile Express 2011

Free CD to MP3 Converter

FrostWire 5.2.11

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Image Plugin

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Launch Manager

LightScribe 1.4.142.1

LiveLink Gen-II

Maintenance Samsung CLX-3180 Series

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Professional

Microsoft Office Live Add-in 1.3

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works 2003 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

mProSafe

MSN

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mWlsSafe

Nero Suite

OGA Notifier 2.0.0048.0

Pdf995 (installed by TaxCut)

PdfEdit995 (installed by TaxCut)

PL-2303 USB-to-Serial

PricePeep for Internet Explorer

QuickTime

Readiris Pro 10

Realtek High Definition Audio Driver

Samsung Network PC Fax

Scan Assistant

SCT Device Updater

SCTDriversV1011x86

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2530548)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

Skype™ 5.8

SmarThru 4

Spybot - Search & Destroy

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515/xx12 drivers.

TIPCI

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB942763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

User Profile Hive Cleanup Service

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

Works Suite OS Pack

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

08/04/2012 4:14:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

08/02/2012 7:03:26 PM, error: Service Control Manager [7022] - The System Event Notification service hung on starting.

08/02/2012 7:03:26 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.

08/02/2012 7:03:26 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.

07/31/2012 8:58:41 AM, error: Dhcp [1002] - The IP address lease 192.168.2.4 for the Network Card with network address 001CBF5435B6 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

07/30/2012 2:08:34 AM, error: WMPNetworkSvc [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

.

==== End Of File ===========================

attach.txt

attach.txt

attach.txt

Link to post
Share on other sites

Hello qwiksilvertrav! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please give me the blocked IP.

Step 1

Please uninstall this application: FrostWire 5.2.11

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 4

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • OTL log with Extras.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Rahne :: ACER-47CBE8A5E [administrator]

Protection: Enabled

08/07/2012 12:04:20 AM

mbam-log-2012-08-07 (00-04-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 243469

Time elapsed: 22 minute(s), 40 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-07 13:42:04

-----------------------------

13:42:04.984 OS Version: Windows 5.1.2600 Service Pack 3

13:42:04.984 Number of processors: 2 586 0xF0D

13:42:04.984 ComputerName: ACER-47CBE8A5E UserName: Rahne

13:42:06.750 Initialize success

13:42:08.328 AVAST engine defs: 12080700

13:42:18.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

13:42:18.265 Disk 0 Vendor: Hitachi_ BB2O Size: 114473MB BusType: 3

13:42:18.281 Disk 0 MBR read successfully

13:42:18.281 Disk 0 MBR scan

13:42:18.343 Disk 0 unknown MBR code

13:42:18.343 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 6000 MB offset 63

13:42:18.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 53976 MB offset 12289725

13:42:18.390 Disk 0 Partition 3 00 0C FAT32 LBA MSWIN4.1 54493 MB offset 122832990

13:42:18.390 Disk 0 scanning sectors +234436545

13:42:18.421 Disk 0 malicious Win32:MBRoot code @ sector 234436548 !

13:42:18.421 Disk 0 PE file @ sector 234436570 !

13:42:18.515 Disk 0 scanning C:\WINDOWS\system32\drivers

13:42:33.890 Service scanning

13:42:42.390 Service int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys **INFECTED** Win32:Zeroot-B [Rtk]

13:42:54.515 Modules scanning

13:43:04.468 Disk 0 trace - called modules:

13:43:04.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

13:43:04.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d62ab8]

13:43:04.500 3 CLASSPNP.SYS[f771dfd7] -> nt!IofCallDriver -> \Device\000000b8[0x86d34030]

13:43:04.515 5 ACPI.sys[f7514620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86786030]

13:43:04.812 AVAST engine scan C:\WINDOWS

13:43:25.687 AVAST engine scan C:\WINDOWS\system32

13:45:59.265 AVAST engine scan C:\WINDOWS\system32\drivers

13:46:15.593 AVAST engine scan C:\Documents and Settings\Rahne

14:07:36.750 AVAST engine scan C:\Documents and Settings\All Users

14:08:24.015 Scan finished successfully

14:46:44.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rahne\Desktop\VirusScanners\MBR.dat"

14:46:44.781 The log file has been saved successfully to "C:\Documents and Settings\Rahne\Desktop\VirusScanners\aswMBR.txt"

14:47:39.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rahne\Desktop\VirusScanners\MBR.dat"

14:47:39.406 The log file has been saved successfully to "C:\Documents and Settings\Rahne\Desktop\VirusScanners\aswMBR.txt"

OTL logfile created on: 08/07/2012 2:49:45 PM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Rahne\Desktop\VirusScanners

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

1014.36 Mb Total Physical Memory | 174.44 Mb Available Physical Memory | 17.20% Memory free

2.38 Gb Paging File | 1.41 Gb Available in Paging File | 59.19% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 52.71 Gb Total Space | 24.26 Gb Free Space | 46.03% Space Free | Partition Type: NTFS

Drive D: | 53.20 Gb Total Space | 36.84 Gb Free Space | 69.25% Space Free | Partition Type: FAT32

Computer Name: ACER-47CBE8A5E | User Name: Rahne | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 14:49:23 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rahne\Desktop\VirusScanners\OTL.exe

PRC - [2012/08/02 19:03:05 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\Rahne\Local Settings\Temp\RtkBtMnt.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2010/06/07 05:17:40 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

PRC - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/17 12:59:44 | 000,858,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2007/07/12 11:36:40 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe

PRC - [2007/07/11 14:07:46 | 000,421,888 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007/05/28 15:56:16 | 000,342,528 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007/03/02 11:25:08 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe

PRC - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

PRC - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/07 01:29:02 | 001,792,000 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12080700\algo.dll

MOD - [2012/06/14 05:47:30 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_fdc1f26c\system.drawing.dll

MOD - [2012/06/14 05:47:14 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_7f302b3e\system.windows.forms.dll

MOD - [2012/06/14 05:46:31 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll

MOD - [2011/12/31 16:43:09 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_c5faf672\mscorlib.dll

MOD - [2011/12/31 16:42:59 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_50082979\system.xml.dll

MOD - [2011/12/31 16:42:45 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_31319e26\system.dll

MOD - [2011/12/31 16:42:32 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll

MOD - [2011/12/31 16:42:29 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll

MOD - [2011/12/31 16:42:26 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll

MOD - [2010/06/07 05:17:40 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/11/19 22:02:22 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll

MOD - [2009/08/27 04:24:26 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\sst2cl3.dll

MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2007/12/11 11:35:28 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll

MOD - [2007/08/07 16:47:46 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll

MOD - [2007/08/07 16:47:46 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll

MOD - [2007/08/07 16:47:46 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll

MOD - [2007/08/07 16:47:46 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll

MOD - [2007/07/04 11:44:00 | 000,475,136 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

MOD - [2007/05/28 15:30:30 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll

MOD - [2007/04/06 01:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll

MOD - [2006/01/12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll

MOD - [2005/10/20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll

MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2003/06/07 15:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Unknown] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012/08/03 16:25:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/01/31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2010/03/07 21:59:43 | 000,165,888 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)

SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2007/03/01 18:21:52 | 000,024,576 | ---- | M] ( ) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2005/04/27 14:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETwLx32.sys -- (NETwLx32)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ma_cmidi.sys -- (MA_CMIDI)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Rahne\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/07/03 11:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/07/03 11:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2010/05/10 10:04:34 | 000,202,800 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SCTDriverV1011.sys -- (SCTDriverV1011)

DRV - [2009/07/13 03:13:52 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)

DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)

DRV - [2008/09/30 10:40:24 | 000,050,048 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2007/12/10 17:59:36 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)

DRV - [2007/12/10 17:59:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)

DRV - [2007/12/10 17:59:34 | 000,014,120 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)

DRV - [2007/05/30 22:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)

DRV - [2007/05/02 05:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)

DRV - [2007/04/30 08:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32)

DRV - [2007/03/09 14:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007/02/16 17:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2005/04/07 18:08:46 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)

DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)

DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)

DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\SearchScopes,DefaultScope = {DC2DA2FB-2E6E-4F38-B471-BF05FC557630}

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\SearchScopes\{DC2DA2FB-2E6E-4F38-B471-BF05FC557630}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2009/11/24 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rahne\Application Data\Mozilla\Extensions

[2009/11/24 21:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rahne\Application Data\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.google.com

CHR - Extension: YouTube = C:\Documents and Settings\Rahne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Google Search = C:\Documents and Settings\Rahne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Rahne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1367_0\

CHR - Extension: Gmail = C:\Documents and Settings\Rahne\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2011/10/07 18:31:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O3 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()

O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [Preload] C:\WINDOWS\RunXMLPL.exe (Wistron Corp.)

O4 - HKLM..\Run: [samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-32195072-688409355-4165816395-1012..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O15 - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..Trusted Domains: phoenix.edu ([]* in Trusted sites)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212171958234 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280258516281 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.16.0.cab (Reg Error: Key error.)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab (Playtime Games Launcher)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B535B69-FE10-48AC-8D5D-53572E7DCE44}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\ACERTX.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\ACERTX.bmp

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/10 05:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Local Settings\Application Data\WeatherBug

[2012/07/10 05:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Application Data\WeatherBug

[2012/07/10 05:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Start Menu\Programs\blinkx beat

[2012/07/10 05:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx

[2012/07/10 05:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep

[2012/07/10 05:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2012/07/10 05:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit

[2012/07/10 05:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UpdaterService

========== Files - Modified Within 30 Days ==========

[2012/08/07 14:25:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/08/07 09:04:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{71319A2C-2F1A-48C7-99C5-44D4C34B9C14}.job

[2012/08/07 02:01:43 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/08/07 01:16:22 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/08/07 01:16:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/08/07 01:13:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/08/07 01:13:19 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/20 17:29:01 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/19 15:27:51 | 000,093,756 | ---- | M] () -- C:\Documents and Settings\Rahne\Desktop\HomeownerInsuranceCertificate[1].pdf

[2012/07/11 15:48:20 | 000,335,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/11 15:38:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/07/10 05:25:41 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/10 05:25:34 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/07/10 05:21:20 | 020,480,000 | ---- | M] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\store-pp.jbs

[2012/07/10 05:21:02 | 000,001,327 | ---- | M] () -- C:\Documents and Settings\Rahne\Desktop\blinkx beat.lnk

========== Files Created - No Company Name ==========

[2012/07/19 15:27:51 | 000,093,756 | ---- | C] () -- C:\Documents and Settings\Rahne\Desktop\HomeownerInsuranceCertificate[1].pdf

[2012/07/10 05:25:34 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/07/10 05:21:20 | 020,480,000 | ---- | C] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\store-pp.jbs

[2012/07/10 05:21:02 | 000,001,327 | ---- | C] () -- C:\Documents and Settings\Rahne\Desktop\blinkx beat.lnk

[2012/02/15 12:37:38 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/06/02 20:47:03 | 000,011,997 | ---- | C] () -- C:\Documents and Settings\Rahne\Application Data\SmarThruOptions.xml

[2011/06/02 20:46:10 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini

[2011/06/02 20:46:06 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

[2011/06/02 20:41:52 | 000,490,600 | ---- | C] () -- C:\WINDOWS\ssndii.exe

[2011/06/02 20:41:42 | 000,113,768 | ---- | C] () -- C:\WINDOWS\Wiainst.exe

[2011/06/02 20:40:57 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\sst2cl3.dll

[2011/06/02 20:35:29 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll

[2011/06/02 20:35:29 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll

[2011/06/02 20:35:29 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll

[2011/06/02 20:35:29 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll

[2011/06/02 20:35:29 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll

[2011/01/23 13:47:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini

[2011/01/16 22:33:32 | 000,074,856 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/12/18 19:42:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2010/03/06 23:29:09 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/06/14 11:22:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Rahne\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2009/01/27 19:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton

[2012/02/20 04:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2009/12/01 21:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2008/06/25 22:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime

[2009/05/15 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap

[2009/11/03 22:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut

[2012/07/20 18:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UpdaterService

[2010/05/24 18:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/01/27 19:34:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\Ableton

[2011/07/16 13:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\Amazon

[2011/02/12 08:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\FrostWire

[2009/11/19 22:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\pdf995

[2009/12/01 21:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\TaxCut

[2009/09/27 16:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\W Photo Studio Viewer

[2012/07/10 05:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\WeatherBug

[2010/07/27 16:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\Windows Search

[2011/07/17 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Trav\Application Data\Windows Desktop Search

[2012/08/07 01:16:22 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

[2012/08/07 09:04:18 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{71319A2C-2F1A-48C7-99C5-44D4C34B9C14}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-32195072-688409355-4165816395-1012\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3198785
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
    [2012/07/10 05:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Start Menu\Programs\blinkx beat
    [2012/07/10 05:21:01 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
    [2012/07/10 05:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
    [2012/07/10 05:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2012/07/10 05:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit
    [2012/07/10 05:21:02 | 000,001,327 | ---- | M] () -- C:\Documents and Settings\Rahne\Desktop\blinkx beat.lnk
    [2009/05/15 22:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
    [2011/02/12 08:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rahne\Application Data\FrostWire

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Ok so I've tried running this twice. Both times the pc has frozen up. I start it and I get the hour glass for a while. Then no signs of activity and my desk top goes blank and get taken to just a blank desktop with only the background. I let it sit for hours and finally had to do a hard reboot. OTL creates the folder but there is no text file.

Link to post
Share on other sites

So can you tell what my pc is infected with? Here are the OTL logs...should've thought to run it in safe mode sorry!

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-32195072-688409355-4165816395-1012\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

C:\WINDOWS\Downloaded Program Files\popcaploader.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

C:\Documents and Settings\Rahne\Start Menu\Programs\blinkx beat folder moved successfully.

C:\Program Files\Blinkx\templates folder moved successfully.

C:\Program Files\Blinkx folder moved successfully.

C:\Program Files\PricePeep folder moved successfully.

C:\Program Files\Conduit\Community Alerts folder moved successfully.

C:\Program Files\Conduit folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Feeds folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts\Dialogs folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.

C:\Documents and Settings\Rahne\Local Settings\Application Data\Conduit folder moved successfully.

C:\Documents and Settings\Rahne\Desktop\blinkx beat.lnk moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\sounds\stream folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\sounds folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\puzzles folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images\upsell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images\mainmenubkg folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images\backdrops folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\images folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2\data folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo\bejeweled2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Yahoo folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader folder moved successfully.

C:\Documents and Settings\All Users\Application Data\PopCap folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\xml\data folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\xml folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\themes folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\overlays folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\image_cache\static.frostwire.com folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\image_cache folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\torrents folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\tmp folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\plugins folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\net folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\logs folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\dht folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus\active folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\azureus folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\.NetworkShare folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire\.AppSpecialShare folder moved successfully.

C:\Documents and Settings\Rahne\Application Data\FrostWire folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Rahne\Desktop\VirusScanners\cmd.bat deleted successfully.

C:\Documents and Settings\Rahne\Desktop\VirusScanners\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 148480 bytes

->Temporary Internet Files folder emptied: 5248395 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 295392 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Rahne

->Temp folder emptied: 11903386 bytes

->Temporary Internet Files folder emptied: 544133535 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 6199890 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 82418 bytes

User: Trav

->Temp folder emptied: 846709 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3567616 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 137241474 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 677.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.56.0 log created on 08102012_032943

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF583.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF590.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6983.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6990.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE31.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE7B.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE6.tmp not found!

File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF0B.tmp not found!

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OUTI7TYJ\fastbutton[1].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OUTI7TYJ\index[2].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\F9V46JC8\search[1].htm moved successfully.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AMTDO70Y\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

PendingFileRenameOperations files...

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF583.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF590.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6983.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6990.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE31.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE7B.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFEE6.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF0B.tmp not found!

File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OUTI7TYJ\fastbutton[1].htm not found!

File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OUTI7TYJ\index[2].htm not found!

File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\F9V46JC8\search[1].htm not found!

File C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AMTDO70Y\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

For now, nothing serious. I mean with adwares. Is there any progress?

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

<ul>

<li><a href="mailto:ESETSmartInstaller@High">ESETSmartInstaller@High</a> as CAB hook log:<br />

OnlineScanner.ocx - registred OK<br />

# version=7<br />

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)<br />

# OnlineScanner.ocx=1.0.0.6583<br />

# api_version=3.0.2<br />

# EOSSerial=c1806a95002f0449ad337047a7c6c4e8<br />

# end=finished<br />

# remove_checked=true<br />

# archives_checked=false<br />

# unwanted_checked=true<br />

# unsafe_checked=false<br />

# antistealth_checked=true<br />

# utc_time=2012-08-14 12:32:03<br />

# local_time=2012-08-13 07:32:03 (-0600, Central Daylight Time)<br />

# country="United States"<br />

# lang=1033<br />

# osver=5.1.2600 NT Service Pack 3<br />

# compatibility_mode=768 16777215 100 0 64862430 64862430 0 0<br />

# compatibility_mode=8192 67108863 100 0 0 0 0 0<br />

# scanned=67843<br />

# found=0<br />

# cleaned=0<br />

# scan_time=2428</li>

</ul>

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.