Jump to content

Help, infected with supreme savings spyware

stumpy
 Share

Recommended Posts

stumpy

stumpy

Posted
  • Author
Posted

Hi Gringo,

Please excuse the delay, had a busy week. OLT logs follow, Only one report was supplied after scan.

Thanks

OTL Extras logfile created on: 17/03/2013 5:32:13 AM - Run 5

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lisa\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.73 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 76.73% Memory free

15.47 Gb Paging File | 13.68 Gb Available in Paging File | 88.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 921.74 Gb Total Space | 822.10 Gb Free Space | 89.19% Space Free | Partition Type: NTFS

Computer Name: LISA-PC | User Name: lisa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{074D30C8-FD07-437E-8123-DCF07607025F}" = lport=445 | protocol=6 | dir=in | app=system |

"{1656411B-38A1-4337-913B-B72EF9DD6B48}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{1893B0C0-C642-4B99-A401-44A15979E4D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{19AF1E7B-30E9-43C1-925E-7C281E17AA22}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1E22EB87-589D-4A8D-AE5E-1995C75E142F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{35B0C4EF-D7DD-41AF-B1E5-B1402EE5C1D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{395A4A1E-16DE-4CED-BAF0-9FD52F0A3FD0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4395ABA0-7349-4D90-9015-578C407A9CE0}" = rport=137 | protocol=17 | dir=out | app=system |

"{45B475BF-92DC-46DD-BFF3-FFE36EC609F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{465BB569-243A-4FD0-BF83-72FCBB23B395}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4C77F3EE-A17F-4BC2-8FC2-3B34F3ACAC50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{56231D20-C8F2-4549-B654-C5A669868BE5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{61734038-9F65-4CB6-9127-8F4E71CE9EDC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{62205971-DFE1-4280-835D-4DA48F754C55}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{801B8FD2-AA7F-4DDA-86BF-6785642CCDB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{84271670-C096-4521-817F-820FD9D19216}" = rport=139 | protocol=6 | dir=out | app=system |

"{8BE6B4F7-56F4-4BE6-BA98-B3935814349D}" = lport=138 | protocol=17 | dir=in | app=system |

"{8F2BE803-1261-4B54-9498-5424EA571104}" = lport=139 | protocol=6 | dir=in | app=system |

"{900F9F0C-0F77-4067-9565-D6DA723F06EC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{92CCD588-DC6E-4A02-B089-73900013E8FB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{98630F5C-7E05-498A-AE4A-1B38050A7775}" = lport=137 | protocol=17 | dir=in | app=system |

"{A21A2DE6-CB91-46FD-95E2-F73F8D2513F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B1BD7B83-8C3F-46A0-9C6D-AAB48C358278}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B461D24D-C4A9-4C90-BDA7-638EB45826FC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{B9EBAF00-26CF-464F-A71B-DFB5C14E98E0}" = rport=138 | protocol=17 | dir=out | app=system |

"{C9262AAA-AB95-4E13-AFF5-87C5789E65CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D1E2B11C-22FC-4DD1-8AC3-2B1533DC5288}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{DC950D81-2930-45A2-B919-0FE78353746E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DF231394-DB7B-4D89-AE48-7804D2E2643C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ED6B4700-FE21-4F39-BFC4-F89841B2DE6E}" = rport=445 | protocol=6 | dir=out | app=system |

"{F1DFBAB5-5DC5-493E-8A8E-C2B92671931F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F4DCB5EC-6C1F-4CCB-BD71-8BFA5FA874EA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{F92D6632-8D6F-48DF-B8B1-34FD34F1E415}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F9C39D46-42CC-4595-B6E1-2582F5AFEBD9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07BE4F10-22E9-424F-B789-F7AF328E302E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |

"{18A3715A-9A88-4564-A8C8-10BC4F656E00}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{1966DB95-6956-4B08-9414-6971044C652E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1CEE9873-E69A-4D75-A06D-42E14CA044F9}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe |

"{1E8E5351-FCB2-4CBE-BC85-17E82670C4FC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{20126C66-4B4F-4288-9A35-BACE1431AB09}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{2194A831-3BDD-4B98-9547-3F96A77CC598}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{229D1051-B29F-4727-9617-3412C6D8D6C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2431C762-52A0-40FF-BB10-F8A7AF59F5DA}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxddtime.exe |

"{297F8813-14F6-49E9-938E-A5F6A19C4B77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{30CDFD32-1663-40C7-B159-3C634FB27F21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{32031946-6625-459E-997B-5A3A2C2A6565}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{36862053-850A-4951-9D83-F34C63E24773}" = protocol=6 | dir=in | app=c:\new folder\utorrent.exe |

"{38994B71-B136-41C0-AEAD-745D9AB42E7A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3E55ECA1-DB9A-4DD3-BAD4-786F7EB0E7B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{432921CB-9543-4C73-8648-E4031D65F797}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{438C595A-B936-47DC-B344-08CCA9A288DD}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |

"{497767B1-DE78-4A24-8631-DF0CE0A5E751}" = protocol=17 | dir=in | app=c:\new folder\utorrent.exe |

"{50AB1A4E-F421-4420-BB51-6853CE5AEECF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxddpswx.exe |

"{53925FEC-361A-41F8-8C15-3A18F9FD77EB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |

"{56E18D11-D828-433C-A363-71A2452B0CB2}" = protocol=17 | dir=in | app=c:\windows\system32\lxddcoms.exe |

"{58884AC1-6B71-4B8E-9E7F-631363BFB578}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{5E2131F4-A393-43A0-9624-D2C302E8869E}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |

"{6C9D5977-32E1-4319-A0E0-F0706A5528FF}" = protocol=6 | dir=out | app=system |

"{75CA7AE9-CDD7-4AE6-8752-4D9B9718E574}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{787B7DFB-FBE0-4334-846D-1EB851F58B35}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |

"{7BF9AC6C-7C02-4BB1-A357-CE017212DA3F}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe |

"{81D4589F-85EB-461E-ADFA-C136CED702A7}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddmon.exe |

"{88B413DC-98A2-4675-999C-DA542587422C}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |

"{8B919EC6-21E2-4EA4-9A18-485EEF881A5C}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe |

"{8F9329C3-F69E-4EC7-A303-6310EC227129}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{903570F4-FE49-43E1-BFE6-82CD393A972F}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |

"{A0CDFD38-0717-4E1C-9771-2F9767D2251D}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |

"{A6473727-E23D-4065-B814-40F0D84FEA19}" = protocol=6 | dir=in | app=c:\users\lisa\appdata\local\temp\bundlesweetimsetup.exe |

"{AD451672-2579-4623-9F05-FFC2D85AEC3F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxddtime.exe |

"{AF38E732-C222-4E54-BEC6-4C4382E12E6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B43CEA2F-2EFA-4DC0-AD70-FE99BB34FE59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B6E4CBE3-8959-4F87-8602-0B75056BE266}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C155E244-76F5-4512-A384-199ED1894AC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D6FDD584-424D-4604-AEFF-057A4A5FD993}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E456BFA3-0ADB-47A1-91B2-C9C048CD6FFE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{E5C9603B-DB9A-47EF-930C-3F0F34A72739}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E90DDB1F-962F-486F-8A3F-9750AD7450C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{EF5EA85A-873F-4111-BD83-1C421C6A4AD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F2BA1B02-6D00-463C-A437-2A3283C7CCF9}" = protocol=6 | dir=in | app=c:\windows\system32\lxddcoms.exe |

"{F691AC82-2C4C-4C7F-95A3-8DD4FAF32AD7}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxddpswx.exe |

"{F89F340C-8F13-49AE-8FCE-2445308D5F03}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{FBC3E150-9929-411C-B555-7C1CD8FC6763}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |

"TCP Query User{00FA157A-7DFC-439F-BF3F-B66DE7BD57DE}C:\program files (x86)\lexmark 2500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |

"TCP Query User{0D8E4CBE-B93F-4699-B436-BF9209963A1C}C:\program files (x86)\lexmark 2500 series\lxddamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |

"TCP Query User{1E9CEDE1-2B97-4330-92BF-7B6DA863BE00}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{3EDACCB5-1CA4-442B-BCBF-E8793D618747}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{6E0D3403-04E1-4D98-AD3F-BF1122FF2090}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{BBF3DA1F-1376-4E16-B75B-C15B1C511CF4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{CE0F4E8C-1CA7-4EBD-A6B7-226D9EF5B0BA}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"TCP Query User{DF0F0F4A-8EC5-4313-BAC0-9E400D41D8CC}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |

"UDP Query User{23BAD0C0-FF20-421B-A5F0-04D9AE13507F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{311B0E05-0E34-4B83-8B59-9C0810537F50}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{39D9E849-19D7-46DD-AD4D-7B16D3EAA9A7}C:\program files (x86)\lexmark 2500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\app4r.exe |

"UDP Query User{63FDCABA-EF2E-45F2-AE61-07D2AF558250}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"UDP Query User{8167C589-8F6E-4D82-8ED8-D01765CD73A8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{A1E73DEE-508D-42F4-8F1F-E34167BE83FC}C:\program files (x86)\lexmark 2500 series\lxddamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2500 series\lxddamon.exe |

"UDP Query User{BDEDE7A0-A83E-4655-949B-617F9B7EA848}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{DC9346A2-B2BA-44D2-A9CF-D5065FA69CE0}C:\program files (x86)\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empires.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding

"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64

"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding

"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0

"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)

"CCleaner" = CCleaner

"Lexmark 2500 Series" = Lexmark 2500 Series

"Lexmark Fax Solutions" = Lexmark Fax Solutions

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam

"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{30EDC81C-307E-495B-856B-344EB3F21339}" = Join Me

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese

"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional

"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish

"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai

"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean

"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center

"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French

"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish

"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian

"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup

"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch

"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish

"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar WALL-E

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Age of Empires" = Microsoft Age of Empires

"avast" = avast! Free Antivirus

"ERUNT_is1" = ERUNT 1.1j

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II

"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint

"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Revo Uninstaller" = Revo Uninstaller 1.94

"VLC media player" = VLC media player 2.0.1

"WinLiveSuite" = Windows Live Essentials

"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for lisa

"SOE-Clone Wars" = Clone Wars

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/03/2013 9:55:12 PM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 12/03/2013 12:10:23 AM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 12/03/2013 7:20:51 AM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 12/03/2013 8:15:15 AM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 13/03/2013 6:48:21 AM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 13/03/2013 3:06:00 PM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 13/03/2013 3:12:37 PM | Computer Name = lisa-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time

stamp: 0x501fefb5 Faulting module name: Device.dll, version: 4.1.0.0, time stamp:

0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process

id: 0x6d0 Faulting application start time: 0x01ce201dc94bfea6 Faulting application

path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Faulting module

path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll Report Id: f7721120-8c11-11e2-8a94-c86000980901

Error - 16/03/2013 2:56:58 PM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

Error - 16/03/2013 3:07:07 PM | Computer Name = lisa-PC | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

DownloadLatest Failed:

Error - 16/03/2013 3:19:37 PM | Computer Name = lisa-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 13/03/2013 3:12:38 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7034

Description = The AMD FUEL Service service terminated unexpectedly. It has done

this 1 time(s).

Error - 16/03/2013 2:56:53 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7000

Description = The AODDriver4.1 service failed to start due to the following error:

%%2

Error - 16/03/2013 2:56:53 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService

service to connect.

Error - 16/03/2013 2:56:53 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7000

Description = The lxddCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 16/03/2013 2:57:03 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7000

Description = The AODDriver4.1 service failed to start due to the following error:

%%2

Error - 16/03/2013 3:18:41 PM | Computer Name = lisa-PC | Source = DCOM | ID = 10010

Description =

Error - 16/03/2013 3:19:33 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7000

Description = The AODDriver4.1 service failed to start due to the following error:

%%2

Error - 16/03/2013 3:19:33 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService

service to connect.

Error - 16/03/2013 3:19:33 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7000

Description = The lxddCATSCustConnectService service failed to start due to the

following error: %%1053

Error - 16/03/2013 3:19:41 PM | Computer Name = lisa-PC | Source = Service Control Manager | ID = 7000

Description = The AODDriver4.1 service failed to start due to the following error:

%%2

< End of report >

Link to post
Share on other sites
stumpy

stumpy

Posted
  • Author
Posted

oops,

OTL logfile created on: 17/03/2013 5:32:13 AM - Run 5

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lisa\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.73 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 76.73% Memory free

15.47 Gb Paging File | 13.68 Gb Available in Paging File | 88.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 921.74 Gb Total Space | 822.10 Gb Free Space | 89.19% Space Free | Partition Type: NTFS

Computer Name: LISA-PC | User Name: lisa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\lisa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)

PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()

PRC - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Core.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.Monitor.Common.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxdddatr.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddscw.dll ()

MOD - C:\Program Files (x86)\Lexmark 2500 Series\lxddcats.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (lxdd_device) -- C:\Windows\SysNative\lxddcoms.exe ( )

SRV:64bit: - (lxddCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxddserv.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (lxdd_device) -- C:\Windows\SysWOW64\lxddcoms.exe ( )

SRV - (lxddCATSCustConnectService) -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)

DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)

DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()

DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)

DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)

DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)

DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)

DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)

DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)

DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)

DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)

DRV:64bit: - (zghsmdm) -- C:\Windows\SysNative\drivers\zghsmdm.sys (ZTE Incorporated)

DRV:64bit: - (MegaSR1) -- C:\Windows\SysNative\drivers\MegaSR1.sys (LSI Corporation, Inc.)

DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)

DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)

DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (HandSet Incorporated)

DRV:64bit: - (aar81xx) -- C:\Windows\SysNative\drivers\aar81xx.sys (Adaptec, Inc.)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)

DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)

DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)

DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)

DRV:64bit: - (adp3132) -- C:\Windows\SysNative\drivers\adp3132.sys (Adaptec, Inc.)

DRV:64bit: - (OxSer) -- C:\Windows\SysNative\drivers\OxSer.sys (OEM)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()

DRV:64bit: - (SiFilter) -- C:\Windows\SysNative\drivers\SiWinAcc.sys (Silicon Image, Inc.)

DRV:64bit: - (SiRemFil) -- C:\Windows\SysNative\drivers\SiRemFil.sys (Silicon Image, Inc.)

DRV:64bit: - (Si3531) -- C:\Windows\SysNative\drivers\Si3531.sys (Silicon Image, Inc)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,defaultscope =

IE - HKU\S-1-5-20\..\SearchScopes,defaultscope =

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 02 13 2C 9A 1D CE 01 [binary data]

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\lisa\AppData\Local\Roblox\Versions\version-3789d377c3ab4ee1\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\lisa\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2012/10/09 16:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lisa\AppData\Roaming\Mozilla\Extensions

[2012/10/09 16:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: SOE Web Installer (Enabled) = C:\Users\lisa\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll

CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\lisa\AppData\Local\Roblox\Versions\version-3789d377c3ab4ee1\\NPRobloxProxy.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\

CHR - Extension: Gmail = C:\Users\lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/08 14:10:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [lxddamon] C:\Program Files (x86)\Lexmark 2500 Series\lxddamon.exe ()

O4:64bit: - HKLM..\Run: [lxddmon.exe] C:\Program Files (x86)\Lexmark 2500 Series\lxddmon.exe ()

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-4022325314-263651781-1479481682-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4849DD7D-73DD-450F-9BEA-820B958547E0}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/13 22:30:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\lisa\Desktop\HijackThis.exe

[2013/03/13 21:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/03/13 21:26:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/03/13 21:18:38 | 004,190,272 | ---- | C] (Piriform Ltd) -- C:\Users\lisa\Documents\ccsetup328.exe

[2013/03/12 22:21:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/03/12 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/03/12 21:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2013/03/12 21:30:21 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\lisa\Documents\revosetup.exe

[2013/03/10 21:29:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/03/10 20:51:48 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/03/10 09:46:02 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/03/10 00:16:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lisa\Desktop\OTL.exe

[2013/03/09 11:14:30 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll

[2013/03/09 11:14:30 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll

[2013/03/09 11:14:30 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll

[2013/03/09 11:14:30 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll

[2013/03/09 11:14:28 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll

[2013/03/09 11:14:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll

[2013/03/09 11:14:22 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/03/09 11:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/03/09 11:14:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll

[2013/03/09 11:14:21 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2013/03/09 11:14:21 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

[2013/03/09 11:14:21 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/03/09 11:14:21 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

[2013/03/09 11:14:21 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/09 11:14:21 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll

[2013/03/09 11:14:20 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2013/03/09 11:14:20 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2013/03/09 11:14:20 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2013/03/09 11:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

[2013/03/09 11:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll

[2013/03/09 11:14:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/03/09 11:14:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/03/09 11:14:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

[2013/03/09 11:14:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/03/09 11:14:19 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll

[2013/03/09 11:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/03/09 11:14:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll

[2013/03/09 11:14:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

[2013/03/09 11:14:18 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/03/09 11:14:18 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll

[2013/03/09 11:14:18 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll

[2013/03/09 11:14:18 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2013/03/09 11:14:18 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll

[2013/03/09 11:14:17 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/03/09 11:14:17 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2013/03/09 11:14:17 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll

[2013/03/09 11:14:17 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2013/03/09 11:14:16 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/03/09 11:14:16 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/03/09 11:14:16 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll

[2013/03/09 11:14:15 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2013/03/09 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\lisa\Desktop\mbar

[2013/03/09 09:35:30 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\lisa\Desktop\tdsskiller.exe

[2013/03/08 23:22:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/03/08 14:05:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/03/08 14:05:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/03/08 14:05:53 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/03/08 12:56:55 | 005,037,067 | R--- | C] (Swearware) -- C:\Users\lisa\Desktop\ComboFix.exe

[2013/03/08 09:12:42 | 000,000,000 | ---D | C] -- C:\Users\lisa\Desktop\RK_Quarantine

[2013/03/07 21:47:48 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\{9132EEA2-AFAC-45F4-9C8B-8428FA39E30A}

[2013/03/07 17:38:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\lisa\Desktop\dds.com

[2013/03/07 17:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2013/03/07 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2013/03/07 17:18:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\lisa\Desktop\erunt-setup.exe

[2013/03/05 18:23:32 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/03/05 18:23:31 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/03/05 18:23:23 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/03/05 18:23:23 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/03/05 18:23:23 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/03/05 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/03/01 17:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2013/03/01 17:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2013/03/01 17:49:18 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\Supreme Savings

[2013/03/01 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\Updater19962

[2013/03/01 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Savings

[2013/02/25 10:12:04 | 002,426,672 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys

[2013/02/25 10:12:04 | 000,334,000 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll

[2013/02/23 23:18:49 | 000,000,000 | ---D | C] -- C:\Users\lisa\Documents\kev

========== Files - Modified Within 30 Days ==========

[2013/03/17 05:26:53 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/03/17 05:26:53 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/03/17 05:23:58 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/03/17 05:23:58 | 000,664,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/03/17 05:23:58 | 000,125,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/03/17 05:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/03/17 05:19:26 | 1932,775,423 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/17 05:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/03/13 22:30:23 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\lisa\Desktop\HijackThis.exe

[2013/03/13 22:17:50 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/03/13 22:17:50 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/03/13 21:18:49 | 004,190,272 | ---- | M] (Piriform Ltd) -- C:\Users\lisa\Documents\ccsetup328.exe

[2013/03/12 22:24:33 | 000,001,264 | ---- | M] () -- C:\Users\lisa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/03/12 22:21:02 | 000,001,274 | ---- | M] () -- C:\Users\lisa\Desktop\Revo Uninstaller.lnk

[2013/03/12 21:43:29 | 000,002,029 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/03/12 21:30:21 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\lisa\Documents\revosetup.exe

[2013/03/10 00:16:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lisa\Desktop\OTL.exe

[2013/03/09 10:10:48 | 013,786,977 | ---- | M] () -- C:\Users\lisa\Desktop\mbar-1.01.0.1021.zip

[2013/03/09 09:35:54 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\lisa\Desktop\tdsskiller.exe

[2013/03/08 14:34:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/03/08 14:10:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/03/08 13:01:33 | 005,037,067 | R--- | M] (Swearware) -- C:\Users\lisa\Desktop\ComboFix.exe

[2013/03/08 09:12:05 | 000,816,640 | ---- | M] () -- C:\Users\lisa\Desktop\RogueKiller.exe

[2013/03/08 08:58:46 | 000,597,667 | ---- | M] () -- C:\Users\lisa\Desktop\adwcleaner.exe

[2013/03/07 23:38:20 | 000,881,950 | ---- | M] () -- C:\Users\lisa\Desktop\SecurityCheck.exe

[2013/03/07 17:38:34 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\lisa\Desktop\dds.com

[2013/03/07 17:24:30 | 000,001,114 | ---- | M] () -- C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2013/03/07 17:23:50 | 000,000,915 | ---- | M] () -- C:\Users\lisa\Desktop\ERUNT.lnk

[2013/03/07 17:19:13 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\lisa\Desktop\erunt-setup.exe

[2013/03/07 09:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/03/07 09:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/03/07 09:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/03/07 09:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013/03/07 09:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013/03/07 09:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013/03/07 09:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013/03/07 09:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013/03/07 09:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/03/07 09:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013/03/05 23:48:45 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll

[2013/03/05 23:48:45 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/03/05 18:23:14 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll

[2013/03/05 18:23:13 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe

[2013/03/05 18:23:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe

[2013/03/05 18:23:12 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll

[2013/03/05 18:23:12 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll

[2013/03/05 18:23:12 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe

[2013/03/01 17:50:00 | 000,000,258 | RHS- | M] () -- C:\Users\lisa\ntuser.pol

[2013/02/25 10:12:04 | 002,426,672 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys

[2013/02/25 10:12:04 | 000,334,000 | ---- | M] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll

[2013/02/25 10:12:04 | 000,013,973 | ---- | M] () -- C:\Windows\SysNative\RaCoInst.dat

[2013/02/22 16:23:03 | 000,001,358 | ---- | M] () -- C:\Users\lisa\Desktop\ROBLOX Player.lnk

========== Files Created - No Company Name ==========

[2013/03/12 22:21:02 | 000,001,274 | ---- | C] () -- C:\Users\lisa\Desktop\Revo Uninstaller.lnk

[2013/03/12 21:43:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/03/12 21:43:29 | 000,002,029 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/03/09 10:08:54 | 013,786,977 | ---- | C] () -- C:\Users\lisa\Desktop\mbar-1.01.0.1021.zip

[2013/03/08 14:05:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/03/08 14:05:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/03/08 14:05:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/03/08 14:05:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/03/08 14:05:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/03/08 09:12:05 | 000,816,640 | ---- | C] () -- C:\Users\lisa\Desktop\RogueKiller.exe

[2013/03/08 08:58:46 | 000,597,667 | ---- | C] () -- C:\Users\lisa\Desktop\adwcleaner.exe

[2013/03/07 23:38:20 | 000,881,950 | ---- | C] () -- C:\Users\lisa\Desktop\SecurityCheck.exe

[2013/03/07 17:24:30 | 000,001,114 | ---- | C] () -- C:\Users\lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2013/03/07 17:23:50 | 000,000,915 | ---- | C] () -- C:\Users\lisa\Desktop\ERUNT.lnk

[2013/03/03 06:55:19 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/03/03 06:55:19 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013/03/01 17:50:00 | 000,000,258 | RHS- | C] () -- C:\Users\lisa\ntuser.pol

[2013/02/25 10:12:04 | 000,013,973 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat

[2013/01/23 10:16:18 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2012/10/13 15:27:20 | 001,232,896 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddserv.dll

[2012/10/13 15:27:20 | 000,999,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddusb1.dll

[2012/10/13 15:26:48 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddinpa.dll

[2012/10/13 15:26:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxddcomx.dll

[2012/10/13 15:26:48 | 000,286,720 | ---- | C] () -- C:\Windows\SysWow64\LXDDinst.dll

[2012/10/13 15:26:47 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddiesc.dll

[2012/10/13 15:21:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpmui.dll

[2012/10/13 15:13:57 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddlmpm.dll

[2012/10/13 15:13:57 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddppls.exe

[2012/10/13 15:13:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddprox.dll

[2012/10/13 15:13:57 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddpplc.dll

[2012/10/13 15:13:56 | 000,700,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddhbn3.dll

[2012/10/13 15:13:56 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddih.exe

[2012/10/13 15:13:55 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomc.dll

[2012/10/13 15:13:55 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcoms.exe

[2012/10/13 15:13:55 | 000,425,984 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcomm.dll

[2012/10/13 15:13:54 | 000,394,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxddcfg.exe

[2012/07/28 11:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/07/28 11:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/10 22:45:27 | 000,007,650 | ---- | C] () -- C:\Users\lisa\AppData\Local\resmon.resmoncfg

[2012/05/04 05:26:52 | 000,578,611 | ---- | C] () -- C:\Windows\adb.exe

[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/12/06 05:02:16 | 000,995,328 | ---- | C] () -- C:\Windows\SRFIXMBR.EXE

[2011/12/05 10:46:41 | 000,765,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/12/05 10:03:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/10/25 20:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 15:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello stumpy

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720  
    [2013/03/01 17:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
    [2013/03/01 17:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
    [2013/03/01 17:49:18 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\Supreme Savings
    [2013/03/01 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\Updater19962
    [2013/03/01 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Savings
    :Files
    ipconfig /flushdns /c

    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
    It will be named - mmddyyyy_hhmmss.log
    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

Link to post
Share on other sites
stumpy

stumpy

Posted
  • Author
Posted

Hi,

When I pressed "run fix" i got the following error message;

%20--%20C:WindowsSysWow64searchplugins[2013/03/01%2017:49:20%20|%20000,000,000%20|%20---D%20|%20C]%20--%20C:WindowsSysWow64Extensions[2013/03/01%2017:49:18%20|%20000,000,000%20|%20---D%20|%20C]%20--%20C:UserslisaAppDataLocalSupreme%20Savings[2013/03/01%2017:48:47%20|%20000,000,000%20|%20---D%20|%20C]%20--%20C:UserslisaAppDataLocalUpdater19962[2013/03/01%2017:48:43%20|%20000,000,000%20|%20---D%20|%20C]%20--%20C:Program%20Files%20(x86)Supreme%20Savings:Filesipconfig%20/flushdns%20/c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]>%20in%20the%20current%20context!%20OTL%20by%20OldTimer%20-%20Version%203.2.69.0%20log%20created%20on%2003172013_074756"]Error: Unable to interpret <:OTLFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CL> in the current context!

Error: Unable to interpret <SID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720 [2013/03/01 17:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins[2013/03/01 17:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions[2013/03/01 17:49:18 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\Supreme Savings[2013/03/01 17:48:47 | 000,000,000 | ---D | C] -- C:\Users\lisa\AppData\Local\Updater19962[2013/03/01 17:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Savings:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03172013_074756

Link to post
Share on other sites
stumpy

stumpy

Posted
  • Author
Posted

Hi again,

Supreme savings appears to now be in C/OLT/moved files. Only Windows Explorer menues and folders are not normal now, everything else appears fine

Thanks,

Kev

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

File Protocol\Handler\wlpg - No CLSID value found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

ADS C:\ProgramData\Temp:373E1720 deleted successfully.

C:\Windows\SysWow64\searchplugins folder moved successfully.

C:\Windows\SysWow64\Extensions folder moved successfully.

C:\Users\lisa\AppData\Local\Supreme Savings\Chrome folder moved successfully.

C:\Users\lisa\AppData\Local\Supreme Savings folder moved successfully.

C:\Users\lisa\AppData\Local\Updater19962 folder moved successfully.

C:\Program Files (x86)\Supreme Savings folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\lisa\Desktop\cmd.bat deleted successfully.

C:\Users\lisa\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: lisa

->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: lisa

->Flash cache emptied: 506 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 03172013_084315

Link to post
Share on other sites
stumpy

stumpy

Posted
  • Author
Posted

Hi Gringo,

After doing some reading I have found that most of the unusual objects in windows explorer were normal for windows 7 (called juntion points). Then I noticed in "Folder options" that "Hide protected operating system files" was recomended but not checked. After checking it these objects disappeared so things appeared more normal (unsure how this became unchecked).

Next Pictures library had "my documents and public documents" folders in it but never use to, I clicked restore default libraries and they also disapeared.

After this the only unusual thing left is that aswell as the normal "my documents" in documents libruary, there is a second my documents now in public documents(this is the only item in public documents). The new my documents contains one folder (called "kids") from and still in the normal my documents, which contains only one file from the origanal Kids folder, a video of my daughters. These items are in both the normal and the new my documents but the movie only works in the origanal my documents. Is it ok to just delete this new my documents?

These changes seem unusual to me so just checking.

Thanks Kev

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Greetings

Yes it should be OK to delete this new folder

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
      O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
      O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe

[*] Close all open windows and browsers/email, etc...

[*] Click on the "Fix Checked" button

[*] When completed, close the application.

  • NOTE**You can research each of those lines
>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites
stumpy

stumpy

Posted
  • Author
Posted

Hey Gringo,

Two things happened during Hyjack this and ESET scans. My homepage changed from Google to the origanal default homepage - Bing/MSN, and a new folder appeared on desktop called "backups."

ESET results follow.

Regards

kev

C:\New folder\cbsidlm-tr1_7-NBall-SEO-10499267.exe Win32/DownloadAdmin.D application

C:\New folder\vlc_nsetup a variant of Win32/InstallCore.W application

C:\New folder\vlc_nsetup.exe a variant of Win32/InstallCore.W application

C:\_OTL\MovedFiles\03172013_084315\C_Program Files (x86)\Supreme Savings\Supreme Savings.dll a variant of Win32/Toolbar.CrossRider.A application

C:\_OTL\MovedFiles\03172013_084315\C_Users\lisa\AppData\Local\Updater19962\Updater19962.exe a variant of Win32/Toolbar.CrossRider.C application

Link to post
Share on other sites
  • Staff
gringo_pr

gringo_pr

Posted
  • Staff
Posted

Hello stumpy

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\New folder\cbsidlm-tr1_7-NBall-SEO-10499267.exe"
    del /f /s /q "C:\New folder\vlc_nsetup"
    del /f /s /q "C:\New folder\vlc_nsetup.exe"
    del %0


  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java

  • During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.
    If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.
    Link to download latest version. -
install Java
How to disable java in your web browsers - Disable Java

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.