Jennycam.us infection doesn't allow Youtube, Amazon, Paypal, etc. DDS files

Dell1737 · May 8, 2013

Ran Malarebytes without finding this and can't seem to navigate to these popular sites in any of my browsers, Google, Firefox, IE. just get that screen asking to complete a survey, although malwarebytes has been blocking it all I get now is a blank page... after looking at the DDS file it looks like I have a few issues... your help is greatly appreciated

heres the files from DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Administrator at 11:40:52 on 2013-05-08

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3067.1655 [GMT -7:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Hotspot Shield\bin\openvpnas.exe

C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe

C:\Program Files\Hotspot Shield\bin\hsswd.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Program Files\AOL\DataMask by AOL\epservice.exe

C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWlan.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AOL\DataMask by AOL\ep.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\AOL\DataMask by AOL\dps.exe

C:\Program Files\AOL\DataMask by AOL\pl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SetPoint\SetPoint.exe

C:\Users\Administrator\Desktop\PCMeter\PCMeterV0.3.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Hotspot Shield\bin\openvpntray.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uProxyOverride = <local>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: DataMask by AOL: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\aol\datamask by aol\epbho32.dll

BHO: AppGraffiti: {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - c:\program files\appgraffiti\AppGraffiti.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} -

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll

BHO: DataMask by AOL: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\aol\datamask by aol\plbho32.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [Akamai NetSession Interface] "c:\users\administrator\appdata\local\akamai\netsession_win.exe"

mRun: [starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Data Protection Suite] "c:\program files\aol\datamask by aol\dps.exe"

mRun: [PhishLock] "c:\program files\aol\datamask by aol\pl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [HostManager] c:\program files\common files\aol\1367732423\ee\AOLSoftware.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}\14D616E64616 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}\2656C6B696E6E2332663E2765756374737 : DHCPNameServer = 192.168.169.1

TCP: Interfaces\{4CE62BF1-B672-4A6D-802E-4CB49D5343DA} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\2516D6164616 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\34624472370264275656027596F56496 : DHCPNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\458656026456564696E676023547164796F6E6 : DHCPNameServer = 192.168.254.254

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\4596070797D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\86F6D656027457563747 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{4E55D295-F01F-42F6-A231-43D1498ADC24}\E4F62747865627E61557563747D456564796E676 : DHCPNameServer = 4.2.2.1

TCP: Interfaces\{8A5F0E29-CD98-4B27-B1B0-8491E9616787} : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{B0A1DE32-301C-4595-BD15-84AD4E594649} : DHCPNameServer = 172.26.38.1 172.26.38.2

AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

Hosts: 184.22.81.15 www.imeetzu.com

Hosts: 184.22.81.15 imeetzu.com

Hosts: 184.22.81.15 www.omegle.com

Hosts: 184.22.81.15 omegle.com

Hosts: 184.22.81.15 www.runescape.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\oys2u84h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\free ride games\npExentCtl.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-03-25 09:13; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com

FF - ExtSQL: 2013-04-22 13:25; sss@sentrybay.com; c:\program files\aol\datamask by aol\ffext

FF - ExtSQL: 2013-04-25 10:53; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-4-24 40648]

R1 MpKsl92a13521;MpKsl92a13521;c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\MpKsl92a13521.sys [2013-5-8 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 TsLwWfF;WiFi Capture Driver;c:\windows\system32\drivers\TsLwWfF.sys [2012-10-6 23184]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 EntryProtect;DataMask by AOL;c:\program files\aol\datamask by aol\epservice.exe [2012-11-13 45960]

R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-4-26 570664]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-4-26 390440]

R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]

R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-30 418376]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-30 701512]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]

R2 Realtek87B;Realtek87B;c:\program files\realtek\rtl8187 wireless lan utility\RtlService.exe [2013-3-15 40960]

R2 X6XSEx;X6XSEx;c:\program files\free ride games\X6XSEx.sys [2012-4-28 46184]

R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]

R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2013-4-22 18240]

R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-6-7 273448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-30 22856]

R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-1-27 7087616]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187.sys [2013-3-15 375808]

R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-4-2 621568]

S2 DefaultTabUpdate;DefaultTabUpdate;"c:\users\stem\appdata\roaming\defaulttab\defaulttab\dtupdate.exe" --> c:\users\stem\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-1-20 100328]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-29 14848]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-29 49664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-4-22 1343400]

.

=============== Created Last 30 ================

.

2013-05-08 15:42:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\MpKsl92a13521.sys

2013-05-07 19:52:28 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{07c6ffc2-2077-4578-a224-1bcc9923734f}\mpengine.dll

2013-05-07 10:42:45 53248 ----a-w- c:\windows\system32\CSVer.dll

2013-05-07 10:14:41 170512 ----a-w- c:\windows\system32\kemutb.dll

2013-05-07 10:14:40 84496 ----a-w- c:\windows\system32\KemXML.dll

2013-05-07 10:14:40 145936 ----a-w- c:\windows\system32\KemUtil.dll

2013-05-07 10:14:40 117264 ----a-w- c:\windows\system32\KemWnd.dll

2013-05-07 10:14:14 -------- d-----w- c:\program files\SetPoint

2013-05-07 10:09:51 -------- d-----w- c:\program files\Dell

2013-05-07 10:02:00 38400 ----a-w- c:\windows\system32\drivers\rixdptsk.sys

2013-05-07 10:01:59 90112 ----a-w- c:\windows\system32\snymsico.dll

2013-05-07 10:01:59 48128 ----a-w- c:\windows\system32\drivers\rimmptsk.sys

2013-05-07 10:01:59 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2013-05-07 10:01:59 172032 ----a-w- c:\windows\system32\rixdicon.dll

2013-05-07 10:00:04 -------- d-----w- c:\program files\Broadcom

2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\framework\root\AddGadgets

2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\framework\root

2013-05-07 07:17:01 -------- d-----w- c:\windows\system32\wbem\Framework

2013-05-06 18:50:29 6906960 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-05-05 05:41:31 -------- d-----w- c:\users\administrator\appdata\roaming\AOL

2013-05-05 05:41:13 58696 ----a-w- c:\windows\system32\AOLParconLink.exe

2013-05-05 05:41:13 -------- d-----w- c:\programdata\Viewpoint

2013-05-05 05:41:13 -------- d-----w- c:\program files\Viewpoint

2013-05-05 05:40:41 33588 ----a-w- c:\windows\system32\drivers\wanatw4.sys

2013-05-05 05:40:32 -------- d-----w- c:\users\administrator\appdata\local\AOL

2013-05-05 05:40:08 -------- d-----w- c:\program files\common files\AOL

2013-05-05 05:40:07 -------- d-----w- c:\program files\common files\aolshare

2013-05-05 05:40:07 -------- d-----w- c:\program files\AOL Desktop 9.7

2013-05-04 01:43:48 -------- d-----w- c:\users\administrator\appdata\roaming\Hotspot Shield

2013-05-01 05:28:54 -------- d-----w- c:\users\administrator\appdata\roaming\SUPERAntiSpyware.com

2013-05-01 05:28:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-05-01 05:28:48 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-05-01 04:12:49 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes

2013-05-01 04:12:32 -------- d-----w- c:\programdata\Malwarebytes

2013-05-01 04:12:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-01 04:12:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-05-01 04:10:08 -------- d-----w- c:\users\administrator\appdata\local\Programs

2013-04-25 17:54:11 -------- d-----w- c:\users\administrator\appdata\roaming\RealNetworks

2013-04-25 17:53:35 -------- d-----w- c:\program files\RealNetworks

2013-04-25 17:53:32 -------- d-----w- c:\programdata\RealNetworks

2013-04-25 17:53:22 -------- d-----w- c:\program files\common files\xing shared

2013-04-25 03:26:58 866720 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-04-25 03:26:58 788896 ----a-w- c:\windows\system32\deployJava1.dll

2013-04-25 03:26:55 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-04-24 19:25:44 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys

2013-04-24 19:12:34 40648 ----a-w- c:\windows\system32\drivers\hssdrv6.sys

2013-04-23 20:02:54 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2013-04-23 20:02:54 706640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{42322a06-2bea-4729-adc4-f3a9fdbf2a16}\gapaengine.dll

2013-04-23 18:09:01 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-23 04:43:38 -------- d-----w- c:\users\administrator\appdata\roaming\WinZip

2013-04-22 21:53:18 -------- d-----w- c:\programdata\TamoSoft

2013-04-22 21:52:32 -------- d-----w- c:\program files\CommViewWiFi

2013-04-22 21:04:37 -------- d-----w- c:\users\administrator\appdata\local\WinZip

2013-04-22 20:27:11 -------- d-----w- c:\users\administrator\appdata\roaming\SentryBay

2013-04-22 20:25:00 18240 ----a-w- c:\windows\system32\drivers\epfilter.sys

2013-04-22 20:24:30 -------- d-----w- c:\programdata\SentryBay

2013-04-22 19:01:59 -------- d-----w- c:\users\administrator\appdata\local\SentryBay

2013-04-22 19:01:59 -------- d-----w- c:\program files\SentryBay

2013-04-22 01:35:31 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL

2013-04-18 18:04:41 348160 ----a-w- c:\windows\system32\msvcr71.dll

2013-04-18 18:04:40 499712 ----a-w- c:\windows\system32\msvcp71.dll

2013-04-12 20:39:18 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-04-12 20:39:16 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-12 20:39:14 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-04-12 20:39:14 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-12 20:39:13 69632 ----a-w- c:\windows\system32\smss.exe

2013-04-12 20:39:13 38912 ----a-w- c:\windows\system32\csrsrv.dll

.

==================== Find3M ====================

.

2013-05-05 04:46:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-05 04:46:55 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-03-24 13:26:08 124 ----a-w- c:\users\administrator\advanced_ip_scanner_MAC.bin

2013-03-24 13:26:07 387 ----a-w- c:\users\administrator\advanced_ip_scanner_Favorites.bin

2013-02-21 10:30:16 1766912 ----a-w- c:\windows\system32\wininet.dll

2013-02-21 10:29:39 2877440 ----a-w- c:\windows\system32\jscript9.dll

2013-02-21 10:29:37 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-02-21 10:29:37 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-02-19 12:01:03 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-19 11:10:53 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 03:32:46 15872 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

============= FINISH: 11:41:42.31 ===============

Attach file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 4/21/2012 6:25:04 PM

System Uptime: 5/8/2013 8:42:05 AM (3 hours ago)

.

Motherboard: Dell Inc. | | 0P786H

Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 298 GiB total, 238.33 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP69: 4/22/2013 2:53:53 PM - Device Driver Package Install: TamoSoft Network Service

RP70: 4/23/2013 1:02:03 PM - Windows Update

RP71: 4/24/2013 8:26:26 PM - Installed Java 7 Update 21

RP72: 4/29/2013 4:18:05 PM - Windows Update

RP73: 5/3/2013 9:27:43 AM - Windows Update

RP74: 5/3/2013 6:44:47 PM - Device Driver Package Install: Anchorfree Inc Network Service

RP75: 5/3/2013 6:45:57 PM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters

RP76: 5/3/2013 7:05:34 PM - Device Driver Package Install: Anchorfree HSS VPN Adapter Network adapters

RP77: 5/6/2013 11:50:03 AM - Windows Update

RP78: 5/6/2013 5:05:25 PM - Removed InstallIQ Updater

RP79: 5/7/2013 2:59:36 AM - Installed Broadcom Gigabit NetLink Controller.

RP81: 5/7/2013 3:01:49 AM - Installed RICOH Media Driver ver.2.07.01.00

RP82: 5/7/2013 3:09:39 AM - Installed QuickSet.

RP84: 5/7/2013 3:17:59 AM - Installed RICOH Media Driver ver.2.07.01.00

RP85: 5/7/2013 12:51:02 PM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 184.22.81.15 www.imeetzu.com

Hosts: 184.22.81.15 imeetzu.com

Hosts: 184.22.81.15 www.omegle.com

Hosts: 184.22.81.15 omegle.com

Hosts: 184.22.81.15 www.runescape.com

Hosts: 184.22.81.15 runescape.com

Hosts: 184.22.81.15 google.com

Hosts: 184.22.81.15 www.google.ae

Hosts: 184.22.81.15 www.google.com.af

Hosts: 184.22.81.15 www.google.com.ag

Hosts: 184.22.81.15 www.google.off.ai

Hosts: 184.22.81.15 www.google.am

Hosts: 184.22.81.15 www.google.com.ar

Hosts: 184.22.81.15 www.google.as

Hosts: 184.22.81.15 www.google.at

Hosts: 184.22.81.15 www.google.com.au

Hosts: 184.22.81.15 www.google.az

Hosts: 184.22.81.15 www.google.ba

Hosts: 184.22.81.15 www.google.com.bd

Hosts: 184.22.81.15 www.google.be

Hosts: 184.22.81.15 www.google.bg

Hosts: 184.22.81.15 www.google.com.bh

Hosts: 184.22.81.15 www.google.bi

Hosts: 184.22.81.15 www.google.com.bo

Hosts: 184.22.81.15 www.google.com.br

Hosts: 184.22.81.15 www.google.bs

Hosts: 184.22.81.15 www.google.co.bw

Hosts: 184.22.81.15 www.google.com.bz

Hosts: 184.22.81.15 www.google.ca

Hosts: 184.22.81.15 www.google.cd

Hosts: 184.22.81.15 www.google.cg

Hosts: 184.22.81.15 www.google.ch

Hosts: 184.22.81.15 www.google.ci

Hosts: 184.22.81.15 www.google.co.ck

Hosts: 184.22.81.15 www.google.cl

Hosts: 184.22.81.15 www.google.cn

Hosts: 184.22.81.15 www.google.com.co

Hosts: 184.22.81.15 www.google.co.cr

Hosts: 184.22.81.15 www.google.com.cu

Hosts: 184.22.81.15 www.google.cz

Hosts: 184.22.81.15 www.google.de

Hosts: 184.22.81.15 www.google.dj

Hosts: 184.22.81.15 www.google.dk

Hosts: 184.22.81.15 www.google.dm

Hosts: 184.22.81.15 www.google.com.do

Hosts: 184.22.81.15 www.google.com.ec

Hosts: 184.22.81.15 www.google.ee

Hosts: 184.22.81.15 www.google.com.eg

Hosts: 184.22.81.15 www.google.es

Hosts: 184.22.81.15 www.google.com.et

Hosts: 184.22.81.15 www.google.fi

Hosts: 184.22.81.15 www.google.com.fj

Hosts: 184.22.81.15 www.google.fm

Hosts: 184.22.81.15 www.google.fr

Hosts: 184.22.81.15 www.google.ge

Hosts: 184.22.81.15 www.google.gg

Hosts: 184.22.81.15 www.google.com.gi

Hosts: 184.22.81.15 www.google.gl

Hosts: 184.22.81.15 www.google.gm

Hosts: 184.22.81.15 www.google.gr

Hosts: 184.22.81.15 www.google.com.gt

Hosts: 184.22.81.15 www.google.gy

Hosts: 184.22.81.15 www.google.com.hk

Hosts: 184.22.81.15 www.google.hn

Hosts: 184.22.81.15 www.google.hr

Hosts: 184.22.81.15 www.google.ht

Hosts: 184.22.81.15 www.google.hu

Hosts: 184.22.81.15 www.google.co.id

Hosts: 184.22.81.15 www.google.ie

Hosts: 184.22.81.15 www.google.co.il

Hosts: 184.22.81.15 www.google.co.im

Hosts: 184.22.81.15 www.google.co.in

Hosts: 184.22.81.15 www.google.is

Hosts: 184.22.81.15 www.google.it

Hosts: 184.22.81.15 www.google.co.je

Hosts: 184.22.81.15 www.google.com.jm

Hosts: 184.22.81.15 www.google.jo

Hosts: 184.22.81.15 www.google.co.jp

Hosts: 184.22.81.15 www.google.co.ke

Hosts: 184.22.81.15 www.google.kg

Hosts: 184.22.81.15 www.google.co.kr

Hosts: 184.22.81.15 www.google.kz

Hosts: 184.22.81.15 www.google.li

Hosts: 184.22.81.15 www.google.lk

Hosts: 184.22.81.15 www.google.co.ls

Hosts: 184.22.81.15 www.google.lt

Hosts: 184.22.81.15 www.google.lu

Hosts: 184.22.81.15 www.google.lv

Hosts: 184.22.81.15 www.google.com.ly

Hosts: 184.22.81.15 www.google.co.ma

Hosts: 184.22.81.15 www.google.md

Hosts: 184.22.81.15 www.google.mn

Hosts: 184.22.81.15 www.google.ms

Hosts: 184.22.81.15 www.google.com.mt

Hosts: 184.22.81.15 www.google.mu

Hosts: 184.22.81.15 www.google.mw

Hosts: 184.22.81.15 www.google.com.mx

Hosts: 184.22.81.15 www.google.com.my

Hosts: 184.22.81.15 www.google.com.na

Hosts: 184.22.81.15 www.google.com.nf

Hosts: 184.22.81.15 www.google.com.ng

Hosts: 184.22.81.15 www.google.com.ni

Hosts: 184.22.81.15 www.google.nl

Hosts: 184.22.81.15 www.google.no

Hosts: 184.22.81.15 www.google.com.np

Hosts: 184.22.81.15 www.google.nr

Hosts: 184.22.81.15 www.google.nu

Hosts: 184.22.81.15 www.google.co.nz

Hosts: 184.22.81.15 www.google.com.om

Hosts: 184.22.81.15 www.google.com.pa

Hosts: 184.22.81.15 www.google.com.pe

Hosts: 184.22.81.15 www.google.com.ph

Hosts: 184.22.81.15 www.google.com.pk

Hosts: 184.22.81.15 www.google.pl

Hosts: 184.22.81.15 www.google.pn

Hosts: 184.22.81.15 www.google.com.pr

Hosts: 184.22.81.15 www.google.pt

Hosts: 184.22.81.15 www.google.com.py

Hosts: 184.22.81.15 www.google.com.qa

Hosts: 184.22.81.15 www.google.ro

Hosts: 184.22.81.15 www.google.rw

Hosts: 184.22.81.15 www.google.com.sa

Hosts: 184.22.81.15 www.google.com.sb

Hosts: 184.22.81.15 www.google.sc

Hosts: 184.22.81.15 www.google.se

Hosts: 184.22.81.15 www.google.com.sg

Hosts: 184.22.81.15 www.google.sh

Hosts: 184.22.81.15 www.google.si

Hosts: 184.22.81.15 www.google.sk

Hosts: 184.22.81.15 www.google.sn

Hosts: 184.22.81.15 www.google.sm

Hosts: 184.22.81.15 www.google.com.sv

Hosts: 184.22.81.15 www.google.co.th

Hosts: 184.22.81.15 www.google.com.tj

Hosts: 184.22.81.15 www.google.tm

Hosts: 184.22.81.15 www.google.to

Hosts: 184.22.81.15 www.google.tp

Hosts: 184.22.81.15 www.google.com.tr

Hosts: 184.22.81.15 www.google.tt

Hosts: 184.22.81.15 www.google.com.tw

Hosts: 184.22.81.15 www.google.com.ua

Hosts: 184.22.81.15 www.google.co.ug

Hosts: 184.22.81.15 www.google.com.uy

Hosts: 184.22.81.15 www.google.co.uz

Hosts: 184.22.81.15 www.google.com.vc

Hosts: 184.22.81.15 www.google.co.ve

Hosts: 184.22.81.15 www.google.vg

Hosts: 184.22.81.15 www.google.co.vi

Hosts: 184.22.81.15 www.google.com.vn

Hosts: 184.22.81.15 www.google.vu

Hosts: 184.22.81.15 www.google.ws

Hosts: 184.22.81.15 www.google.co.za

Hosts: 184.22.81.15 www.google.co.zm

Hosts: 184.22.81.15 google.ae

Hosts: 184.22.81.15 google.com.af

Hosts: 184.22.81.15 google.com.ag

Hosts: 184.22.81.15 google.off.ai

Hosts: 184.22.81.15 google.am

Hosts: 184.22.81.15 google.com.ar

Hosts: 184.22.81.15 google.as

Hosts: 184.22.81.15 google.at

Hosts: 184.22.81.15 google.com.au

Hosts: 184.22.81.15 google.az

Hosts: 184.22.81.15 google.ba

Hosts: 184.22.81.15 google.com.bd

Hosts: 184.22.81.15 google.be

Hosts: 184.22.81.15 google.bg

Hosts: 184.22.81.15 google.com.bh

Hosts: 184.22.81.15 google.bi

Hosts: 184.22.81.15 google.com.bo

Hosts: 184.22.81.15 google.com.br

Hosts: 184.22.81.15 google.bs

Hosts: 184.22.81.15 google.co.bw

Hosts: 184.22.81.15 google.com.bz

Hosts: 184.22.81.15 google.ca

Hosts: 184.22.81.15 google.cd

Hosts: 184.22.81.15 google.cg

Hosts: 184.22.81.15 google.ch

Hosts: 184.22.81.15 google.ci

Hosts: 184.22.81.15 google.co.ck

Hosts: 184.22.81.15 google.cl

Hosts: 184.22.81.15 google.cn

Hosts: 184.22.81.15 google.com.co

Hosts: 184.22.81.15 google.co.cr

Hosts: 184.22.81.15 google.com.cu

Hosts: 184.22.81.15 google.cz

Hosts: 184.22.81.15 google.de

Hosts: 184.22.81.15 google.dj

Hosts: 184.22.81.15 google.dk

Hosts: 184.22.81.15 google.dm

Hosts: 184.22.81.15 google.com.do

Hosts: 184.22.81.15 google.com.ec

Hosts: 184.22.81.15 google.ee

Hosts: 184.22.81.15 google.com.eg

Hosts: 184.22.81.15 google.es

Hosts: 184.22.81.15 google.com.et

Hosts: 184.22.81.15 google.fi

Hosts: 184.22.81.15 google.com.fj

Hosts: 184.22.81.15 google.fm

Hosts: 184.22.81.15 google.fr

Hosts: 184.22.81.15 google.ge

Hosts: 184.22.81.15 google.gg

Hosts: 184.22.81.15 google.com.gi

Hosts: 184.22.81.15 google.gl

Hosts: 184.22.81.15 google.gm

Hosts: 184.22.81.15 google.gr

Hosts: 184.22.81.15 google.com.gt

Hosts: 184.22.81.15 google.gy

Hosts: 184.22.81.15 google.com.hk

Hosts: 184.22.81.15 google.hn

Hosts: 184.22.81.15 google.hr

Hosts: 184.22.81.15 google.ht

Hosts: 184.22.81.15 google.hu

Hosts: 184.22.81.15 google.co.id

Hosts: 184.22.81.15 google.ie

Hosts: 184.22.81.15 google.co.il

Hosts: 184.22.81.15 google.co.im

Hosts: 184.22.81.15 google.co.in

Hosts: 184.22.81.15 google.is

Hosts: 184.22.81.15 google.it

Hosts: 184.22.81.15 google.co.je

Hosts: 184.22.81.15 google.com.jm

Hosts: 184.22.81.15 google.jo

Hosts: 184.22.81.15 google.co.jp

Hosts: 184.22.81.15 google.co.ke

Hosts: 184.22.81.15 google.kg

Hosts: 184.22.81.15 google.co.kr

Hosts: 184.22.81.15 google.kz

Hosts: 184.22.81.15 google.li

Hosts: 184.22.81.15 google.lk

Hosts: 184.22.81.15 google.co.ls

Hosts: 184.22.81.15 google.lt

Hosts: 184.22.81.15 google.lu

Hosts: 184.22.81.15 google.lv

Hosts: 184.22.81.15 google.com.ly

Hosts: 184.22.81.15 google.co.ma

Hosts: 184.22.81.15 google.md

Hosts: 184.22.81.15 google.mn

Hosts: 184.22.81.15 google.ms

Hosts: 184.22.81.15 google.com.mt

Hosts: 184.22.81.15 google.mu

Hosts: 184.22.81.15 google.mw

Hosts: 184.22.81.15 google.com.mx

Hosts: 184.22.81.15 google.com.my

Hosts: 184.22.81.15 google.com.na

Hosts: 184.22.81.15 google.com.nf

Hosts: 184.22.81.15 google.com.ng

Hosts: 184.22.81.15 google.com.ni

Hosts: 184.22.81.15 google.nl

Hosts: 184.22.81.15 google.no

Hosts: 184.22.81.15 google.com.np

Hosts: 184.22.81.15 google.nr

Hosts: 184.22.81.15 google.nu

Hosts: 184.22.81.15 google.co.nz

Hosts: 184.22.81.15 google.com.om

Hosts: 184.22.81.15 google.com.pa

Hosts: 184.22.81.15 google.com.pe

Hosts: 184.22.81.15 google.com.ph

Hosts: 184.22.81.15 google.com.pk

Hosts: 184.22.81.15 google.pl

Hosts: 184.22.81.15 google.pn

Hosts: 184.22.81.15 google.com.pr

Hosts: 184.22.81.15 google.pt

Hosts: 184.22.81.15 google.com.py

Hosts: 184.22.81.15 google.com.qa

Hosts: 184.22.81.15 google.ro

Hosts: 184.22.81.15 google.ru

Hosts: 184.22.81.15 google.rw

Hosts: 184.22.81.15 google.com.sa

Hosts: 184.22.81.15 google.com.sb

Hosts: 184.22.81.15 google.sc

Hosts: 184.22.81.15 google.se

Hosts: 184.22.81.15 google.com.sg

Hosts: 184.22.81.15 google.sh

Hosts: 184.22.81.15 google.si

Hosts: 184.22.81.15 google.sk

Hosts: 184.22.81.15 google.sn

Hosts: 184.22.81.15 google.sm

Hosts: 184.22.81.15 google.com.sv

Hosts: 184.22.81.15 google.co.th

Hosts: 184.22.81.15 google.com.tj

Hosts: 184.22.81.15 google.tm

Hosts: 184.22.81.15 google.to

Hosts: 184.22.81.15 google.tp

Hosts: 184.22.81.15 google.com.tr

Hosts: 184.22.81.15 google.tt

Hosts: 184.22.81.15 google.com.tw

Hosts: 184.22.81.15 google.com.ua

Hosts: 184.22.81.15 google.co.ug

Hosts: 184.22.81.15 google.co.uk

Hosts: 184.22.81.15 google.com.uy

Hosts: 184.22.81.15 google.co.uz

Hosts: 184.22.81.15 google.com.vc

Hosts: 184.22.81.15 google.co.ve

Hosts: 184.22.81.15 google.vg

Hosts: 184.22.81.15 google.co.vi

Hosts: 184.22.81.15 google.com.vn

Hosts: 184.22.81.15 google.vu

Hosts: 184.22.81.15 google.ws

Hosts: 184.22.81.15 google.co.za

Hosts: 184.22.81.15 google.co.zm

Hosts: 184.22.81.15 www.youtube.com

Hosts: 184.22.81.15 youtube.com

Hosts: 184.22.81.15 msn.com

Hosts: 184.22.81.15 facebook.com

Hosts: 184.22.81.15 www.yahoo.com

Hosts: 184.22.81.15 yahoo.com

Hosts: 184.22.81.15 www.hotmail.com

Hosts: 184.22.81.15 hotmail.com

Hosts: 184.22.81.15 www.bing.com

Hosts: 184.22.81.15 bing.com

Hosts: 184.22.81.15 www.twitter.com

Hosts: 184.22.81.15 twitter.com

Hosts: 184.22.81.15 myspace.com

Hosts: 184.22.81.15 192.168.1.254

Hosts: 184.22.81.15 localhost

Hosts: 184.22.81.15 www.wordpress.org

Hosts: 184.22.81.15 wordpress.org

Hosts: 184.22.81.15 wikipedia.org

Hosts: 184.22.81.15 www.wikipedia.org

Hosts: 184.22.81.15 blogspot.com

Hosts: 184.22.81.15 wordpress.com

Hosts: 184.22.81.15 live.com

Hosts: 184.22.81.15 www.ebay.com

Hosts: 184.22.81.15 ebay.com

Hosts: 184.22.81.15 www.amazon.com

Hosts: 184.22.81.15 amazon.com

Hosts: 184.22.81.15 www.tumblr.com

Hosts: 184.22.81.15 tumblr.com

Hosts: 184.22.81.15 www.paypal.com

Hosts: 184.22.81.15 paypal.com

Hosts: 184.22.81.15 imdb.com

Hosts: 184.22.81.15 www.imdb.com

Hosts: 184.22.81.15 www.steampowered.com

Hosts: 184.22.81.15 steampowered.com

Hosts: 184.22.81.15 minecraft.com

Hosts: 184.22.81.15 www.minecraft.net

Hosts: 184.22.81.15 minecraft.net

Hosts: 184.22.81.15 www.minecraft.com

Hosts: 184.22.81.15 www.google.com/search

==== Installed Programs ======================

.

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Akamai NetSession Interface

AOL Uninstaller (Choose which Products to Remove)

AppGraffiti

Apple Software Update

Broadcom Gigabit NetLink Controller

CDDRV_Installer

CommView for WiFi

Cricket Broadband 1.0

DataMask by AOL

DefaultTab

DefaultTab Chrome

Driver Genius Professional Edition

Google Chrome

Google Earth

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Hotspot Shield 2.93

Java 7 Update 21

Java Auto Updater

KhalInstallWrapper

Living 3D Dolphin

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

QuickSet

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

REALTEK Wireless LAN Driver and Utility

RealUpgrade 1.1

RICOH Media Driver ver.2.07.01.00

Roads of Rome

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

SetPoint

SUPERAntiSpyware

Swarm Gold

The Treasures of Montezuma

U3Launcher

Unlikely Suspects

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Viewpoint Media Player

Windows 7 USB/DVD Download Tool

WinZip 17.0

.

==== Event Viewer Messages From Past Week ========

.

5/8/2013 8:46:37 AM, Error: Service Control Manager [7000] - The WinRing0_1_2_0 service failed to start due to the following error: The system cannot find the file specified.

5/8/2013 8:42:42 AM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

5/8/2013 8:42:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DefaultTabSearch service to connect.

5/8/2013 8:42:41 AM, Error: Service Control Manager [7000] - The DefaultTabUpdate service failed to start due to the following error: The system cannot find the file specified.

5/8/2013 8:42:41 AM, Error: Service Control Manager [7000] - The DefaultTabSearch service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/8/2013 8:42:18 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

5/8/2013 8:42:18 AM, Error: atikmdag [43029] - Display is not active

5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:56:07 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:56:07 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

5/8/2013 12:56:07 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.

5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:11:28 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The service did not start due to a logon failure.

5/8/2013 12:11:28 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

5/6/2013 6:14:14 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

5/4/2013 9:36:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/4/2013 9:19:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

5/4/2013 9:16:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.149.1176.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

5/4/2013 9:16:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/4/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/4/2013 9:06:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/4/2013 9:06:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/4/2013 9:06:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/4/2013 9:06:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASDIFSV SASKUTIL spldr Wanarpv6

5/4/2013 10:40:37 PM, Error: Service Control Manager [7030] - The AOL Connectivity Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

5/3/2013 7:06:03 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s).

5/3/2013 7:05:59 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

deltalima · May 8, 2013

checking your log - back soon.

deltalima · May 8, 2013

Hi Dell1737,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please do not run any scans or make any changes to the system unless I ask you too.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

Windows 7 and Vista users

The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.

Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.

When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Please Uninstall the following programs

Viewpoint Media Player
DataMask by AOL
DefaultTab
DefaultTab Chrome

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
[*]Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Double click the .exe file (Right click and choose "Run as administrator" in Vista/Win7). If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Dell1737 · May 8, 2013

ok. removed the programs you specified, don't know why there still showing up in a few places? Ran OTL and I'll post those results now... going to run GMER and be back with results in a few,

OTL logfile created on: 5/8/2013 2:32:17 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.59% Memory free

5.99 Gb Paging File | 4.40 Gb Available in Paging File | 73.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297.99 Gb Total Space | 238.32 Gb Free Space | 79.98% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)

PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)

PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()

PRC - C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\AOL Desktop 9.7\waol.exe (AOL Inc.)

PRC - C:\Program Files\AOL Desktop 9.7\shellmon.exe (AOL Inc.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)

PRC - C:\Users\Administrator\Desktop\PCMeter\PCMeterV0.3.exe (AddGadgets)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe (AOL Inc.)

PRC - C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech, Inc.)

PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)

PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

PRC - C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AOL Desktop 9.7\zlib.dll ()

MOD - C:\Program Files\AOL Desktop 9.7\libcef.dll ()

MOD - C:\Program Files\AOL Desktop 9.7\libGLESv2.dll ()

MOD - C:\Program Files\AOL Desktop 9.7\libEGL.dll ()

MOD - C:\Program Files\AOL Desktop 9.7\avcodec-54.dll ()

MOD - C:\Program Files\AOL Desktop 9.7\avformat-54.dll ()

MOD - C:\Program Files\AOL Desktop 9.7\avutil-51.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\MCESidebarCtrl\04963ea62d2cf90bfc1225bf11f11e59\MCESidebarCtrl.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehshell\8b774924750abed3185570922871989a\ehshell.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\e26eca09671bb3080b96ef36cc2e11ba\Microsoft.MediaCenter.Sports.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7c6a11cf74acbfe5c8c8d654c7cadf45\Microsoft.MediaCenter.Shell.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\b8e516ed0f2c0bee78580ac0a758d7b3\mcstoredb.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\744604b4a3bb3625de9541f0f81a3893\mcstore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\1355556186a0cfcef21dadab36b38355\mcepg.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\840830c6a4fd76901574202fa9e7c9ef\Microsoft.MediaCenter.UI.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\a0715e7b679c7dd85fa64ab9e7b7ead0\Microsoft.MediaCenter.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\454ecc5a1795270b2dbe55bfe3dd87be\ehiProxy.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\1ea01658676f73cf48ebde8e904a0464\System.Configuration.Install.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\SystemInfo.dll ()

MOD - C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\GetCoreTempInfoNET.dll ()

MOD - C:\Users\Administrator\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.6.gadget\CoreTempReader.dll ()

MOD - C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll ()

MOD - C:\Program Files\SetPoint\khalwrapper.dll ()

========== Services (SafeList) ==========

SRV - (DefaultTabUpdate) -- C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe File not found

SRV - (DefaultTabSearch) -- C:\Program Files\DefaultTab\DefaultTabSearch.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)

SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()

SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe ()

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe ()

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (Realtek87B) -- C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe (Realtek)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV - (WinRing0_1_2_0) -- C:\Users\Administrator\AppData\Local\Temp\tmp2B05.tmp File not found

DRV - (snozyqra) -- C:\Windows\system32\drivers\snozyqra.sys File not found

DRV - (sfdwpfse) -- C:\Windows\system32\drivers\sfdwpfse.sys File not found

DRV - (rswouoic) -- C:\Windows\system32\drivers\rswouoic.sys File not found

DRV - (ocgzvzwg) -- C:\Windows\system32\drivers\ocgzvzwg.sys File not found

DRV - (mvsjswsw) -- C:\Windows\system32\drivers\mvsjswsw.sys File not found

DRV - (jnldlrae) -- C:\Windows\system32\drivers\jnldlrae.sys File not found

DRV - (hqgqtnxa) -- C:\Windows\system32\drivers\hqgqtnxa.sys File not found

DRV - (drkokjnr) -- C:\Windows\system32\drivers\drkokjnr.sys File not found

DRV - (ATMFVsp) -- system32\DRIVERS\ATMFVsp.sys File not found

DRV - (ATMFNVsp) -- system32\DRIVERS\ATMFNVsp.sys File not found

DRV - (ATMFNET) -- system32\DRIVERS\ATMFNET.sys File not found

DRV - (ATMFMdm) -- system32\DRIVERS\ATMFMdm.sys File not found

DRV - (ATMFFLT) -- system32\DRIVERS\ATMFFLT.sys File not found

DRV - (ATMFCVsp) -- system32\DRIVERS\ATMFCVsp.sys File not found

DRV - (ATMFBUS) -- system32\DRIVERS\ATMFBUS.sys File not found

DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)

DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft)

DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)

DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)

DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)

DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)

DRV - (NETwNs32) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)

DRV - (X6XSEx) -- C:\Program Files\Free Ride Games\X6XSEx.sys (Exent Technologies Ltd.)

DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)

DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdserd) -- C:\Windows\System32\drivers\sscdserd.sys (MCCI Corporation)

DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )

DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation )

DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)

DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)

DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)

DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)

DRV - (k57nd60x) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)

DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=590&systemid=1&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS480

IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: sss%40sentrybay.com:5.6.0.8207

FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1

FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/25 10:53:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/25 10:53:36 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/25 12:17:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/03/27 06:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions

[2013/03/23 07:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\extensions

[2013/03/25 08:46:31 | 000,000,000 | ---D | M] (Hotspot Shield) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}

[2013/04/25 12:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/05/03 18:44:44 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com

File not found (No name found) -- C:\PROGRAM FILES\AOL\DATAMASK BY AOL\FFEXT

[2013/04/25 10:53:36 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT

[2013/04/25 12:17:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2013/01/17 09:59:39 | 000,002,362 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2013/04/25 12:17:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/04/25 12:17:23 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN15291429738283060&ctid=CT3282134&sspv=SB_CHWSP04

CHR - default_search_provider: suggest_url =

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.0.10_0\plugins/npDefaultTabSearch.dll

CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll

CHR - Extension: TinEye Reverse Image Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\

CHR - Extension: RealDownloader = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

CHR - Extension: Wikipedia\u2122 search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmlmagkbjnbhonjmeihmahmeabaafc\1.1_0\

CHR - Extension: Image Search Options = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl\0.0.7_0\

CHR - Extension: DataMask by AOL = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kochbcmingebnmbcpbbpfpmipakoipge\4.2.0.8207_0\

O1 HOSTS File: ([2013/04/22 21:46:52 | 000,009,475 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 184.22.81.15 www.imeetzu.com

O1 - Hosts: 184.22.81.15 imeetzu.com

O1 - Hosts: 184.22.81.15 www.omegle.com

O1 - Hosts: 184.22.81.15 omegle.com

O1 - Hosts: 184.22.81.15 www.runescape.com

O1 - Hosts: 184.22.81.15 runescape.com

O1 - Hosts: 184.22.81.15 google.com

O1 - Hosts: 184.22.81.15 www.google.ae

O1 - Hosts: 184.22.81.15 www.google.com.af

O1 - Hosts: 184.22.81.15 www.google.com.ag

O1 - Hosts: 184.22.81.15 www.google.off.ai

O1 - Hosts: 184.22.81.15 www.google.am

O1 - Hosts: 184.22.81.15 www.google.com.ar

O1 - Hosts: 184.22.81.15 www.google.as

O1 - Hosts: 184.22.81.15 www.google.at

O1 - Hosts: 184.22.81.15 www.google.com.au

O1 - Hosts: 184.22.81.15 www.google.az

O1 - Hosts: 184.22.81.15 www.google.ba

O1 - Hosts: 184.22.81.15 www.google.com.bd

O1 - Hosts: 184.22.81.15 www.google.be

O1 - Hosts: 184.22.81.15 www.google.bg

O1 - Hosts: 184.22.81.15 www.google.com.bh

O1 - Hosts: 184.22.81.15 www.google.bi

O1 - Hosts: 184.22.81.15 www.google.com.bo

O1 - Hosts: 184.22.81.15 www.google.com.br

O1 - Hosts: 323 more lines...

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)

O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1367732423\ee\aolsoftware.exe (AOL Inc.)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)

O4 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500..\Run: [Akamai NetSession Interface] C:\Users\Administrator\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.7\AOL.EXE (AOL Inc.)

O4 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-3002901495-3278968862-1281311716-500\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{036BEE32-ADF8-4545-A30B-1F58E63E0FE2}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CE62BF1-B672-4A6D-802E-4CB49D5343DA}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A5F0E29-CD98-4B27-B1B0-8491E9616787}: DhcpNameServer = 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B0A1DE32-301C-4595-BD15-84AD4E594649}: DhcpNameServer = 172.26.38.1 172.26.38.2

O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - C:\Windows\System32\RtlGina\RtlGina.dll (Realtek)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{228e0012-8c19-11e1-88e1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{228e0012-8c19-11e1-88e1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/08 14:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint

[2013/05/08 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\MetaStream

[2013/05/08 14:13:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2013/05/08 10:36:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.com

[2013/05/07 13:00:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Themes

[2013/05/07 03:42:45 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll

[2013/05/07 03:16:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech

[2013/05/07 03:14:41 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\kemutb.dll

[2013/05/07 03:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SetPoint

[2013/05/07 03:14:40 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemUtil.dll

[2013/05/07 03:14:40 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemWnd.dll

[2013/05/07 03:14:40 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\Windows\System32\KemXML.dll

[2013/05/07 03:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech

[2013/05/07 03:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd

[2013/05/07 03:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\SetPoint

[2013/05/07 03:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Dell

[2013/05/07 03:02:00 | 000,038,400 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys

[2013/05/07 03:01:59 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\System32\rixdicon.dll

[2013/05/07 03:01:59 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\System32\snymsico.dll

[2013/05/07 03:01:59 | 000,048,128 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys

[2013/05/07 03:01:59 | 000,044,544 | ---- | C] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys

[2013/05/07 03:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom

[2013/05/07 02:41:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Dell Updates

[2013/05/07 00:16:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\PCMeter

[2013/05/04 22:41:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AOL

[2013/05/04 22:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia

[2013/05/04 22:41:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL

[2013/05/04 22:41:13 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe

[2013/05/04 22:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint

[2013/05/04 22:40:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads

[2013/05/04 22:40:41 | 000,033,588 | ---- | C] (America Online, Inc.) -- C:\Windows\System32\drivers\wanatw4.sys

[2013/05/04 22:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP

[2013/05/04 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AOL

[2013/05/04 22:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL

[2013/05/04 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare

[2013/05/04 22:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Desktop 9.7

[2013/05/04 22:40:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL

[2013/05/04 22:28:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads

[2013/05/03 18:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield

[2013/05/03 18:43:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Hotspot Shield

[2013/04/30 22:28:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com

[2013/04/30 22:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/04/30 22:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/04/30 22:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/04/30 21:12:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2013/04/30 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/30 21:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/30 21:12:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/04/30 21:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/04/30 21:10:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Programs

[2013/04/25 12:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/04/25 10:54:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RealNetworks

[2013/04/25 10:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks

[2013/04/25 10:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks

[2013/04/25 10:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared

[2013/04/25 10:53:12 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2013/04/25 10:53:04 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2013/04/25 10:53:04 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2013/04/25 10:53:03 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2013/04/25 10:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2013/04/25 10:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real

[2013/04/25 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Real

[2013/04/25 10:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2013/04/25 08:28:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Oracle

[2013/04/24 23:08:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Misc

[2013/04/24 20:28:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2013/04/24 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2013/04/24 20:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/04/24 20:26:58 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2013/04/24 20:26:58 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/04/24 20:26:57 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/04/24 20:26:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/04/24 20:26:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/04/24 20:26:55 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/04/24 20:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2013/04/24 20:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2013/04/24 12:25:44 | 000,037,064 | ---- | C] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys

[2013/04/24 12:12:34 | 000,040,648 | ---- | C] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys

[2013/04/23 12:14:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\aircrack-ng-1.1-win

[2013/04/22 21:43:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinZip

[2013/04/22 20:17:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\oclHashcat-plus-0.14

[2013/04/22 14:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft

[2013/04/22 14:53:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\CommView for WiFi

[2013/04/22 14:52:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommView for WiFi

[2013/04/22 14:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi

[2013/04/22 14:45:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\crack-wi-fi-passwords-for-beginners

[2013/04/22 14:04:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WinZip

[2013/04/22 14:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

[2013/04/22 14:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2013/04/22 14:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2013/04/22 13:27:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SentryBay

[2013/04/22 13:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\AOL

[2013/04/22 13:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SentryBay

[2013/04/22 12:29:19 | 012,143,656 | ---- | C] (White Sky, Inc.) -- C:\Users\Administrator\Desktop\aolonepoint.exe

[2013/04/22 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\SentryBay

[2013/04/22 12:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\SentryBay

[2013/04/21 18:35:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ

[2013/04/18 11:04:50 | 000,163,840 | ---- | C] (America Online) -- C:\Windows\System32\jgdw400.dll

[2013/04/18 11:04:50 | 000,027,648 | ---- | C] (Johnson-Grace Company) -- C:\Windows\System32\jgpl400.dll

[2013/04/14 11:17:17 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/04/14 11:17:15 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/04/14 11:17:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/04/14 11:17:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/04/14 11:17:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/04/14 11:17:13 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/04/14 11:17:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/04/14 11:17:13 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/04/14 11:17:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/04/14 11:17:12 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/04/12 13:39:18 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/04/12 13:39:14 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2013/04/12 13:39:14 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2013/04/12 13:39:13 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

========== Files - Modified Within 30 Days ==========

[2013/05/08 14:31:22 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/08 14:31:22 | 000,014,448 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/08 14:29:42 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/05/08 14:29:42 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/05/08 14:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/08 14:25:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/08 14:25:29 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job

[2013/05/08 14:24:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2013/05/08 14:23:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/08 14:23:55 | 2411,900,928 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/08 14:14:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3002901495-3278968862-1281311716-1000UA.job

[2013/05/08 14:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/08 14:13:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe

[2013/05/08 14:08:55 | 000,377,856 | ---- | M] () -- C:\Users\Administrator\Desktop\p4gewi0o.exe

[2013/05/08 10:43:09 | 000,816,128 | ---- | M] () -- C:\Users\Administrator\Desktop\RogueKiller.exe

[2013/05/08 10:36:23 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.com

[2013/05/08 00:51:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/05/08 00:51:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2013/05/07 03:15:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

[2013/05/07 03:15:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

[2013/05/07 03:14:41 | 000,001,849 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk

[2013/05/07 03:10:02 | 000,002,020 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

[2013/05/07 02:45:18 | 000,000,368 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Digital Clock_Settings.ini

[2013/05/07 02:13:52 | 000,000,578 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\All CPU MeterV3_Settings.ini

[2013/05/07 00:53:31 | 000,000,263 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Battery Meter_Settings.ini

[2013/05/07 00:14:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3002901495-3278968862-1281311716-1000Core.job

[2013/05/04 22:41:27 | 000,001,103 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk

[2013/05/04 22:41:26 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk

[2013/05/04 22:30:56 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\System32\AOLParconLink.exe

[2013/05/04 22:28:32 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat

[2013/05/04 21:46:55 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/05/04 21:46:55 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/05/03 18:48:53 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk

[2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013/04/30 22:28:51 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/04/30 21:12:32 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/25 10:53:45 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2013/04/25 10:53:12 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2013/04/25 10:53:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2013/04/25 10:53:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2013/04/25 10:53:03 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll

[2013/04/24 20:26:48 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/04/24 20:26:44 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/04/24 20:26:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/04/24 20:26:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/04/24 20:26:42 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2013/04/24 20:26:42 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/04/24 12:25:44 | 000,037,064 | ---- | M] (Anchorfree Inc.) -- C:\Windows\System32\drivers\taphss6.sys

[2013/04/24 12:12:34 | 000,040,648 | ---- | M] (AnchorFree Inc.) -- C:\Windows\System32\drivers\hssdrv6.sys

[2013/04/24 00:32:22 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2013/04/22 22:41:40 | 002,245,758 | ---- | M] () -- C:\Users\Administrator\Documents\Easy WIFI Radar 1.0.5v Installer.exe

[2013/04/22 21:46:52 | 000,009,475 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2013/04/22 21:41:17 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk

[2013/04/22 13:25:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_epfilter_01009.Wdf

[2013/04/22 12:29:50 | 012,143,656 | ---- | M] (White Sky, Inc.) -- C:\Users\Administrator\Desktop\aolonepoint.exe

[2013/04/18 11:04:50 | 000,163,840 | ---- | M] (America Online) -- C:\Windows\System32\jgdw400.dll

[2013/04/18 11:04:50 | 000,027,648 | ---- | M] (Johnson-Grace Company) -- C:\Windows\System32\jgpl400.dll

[2013/04/14 11:20:20 | 000,268,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/05/08 14:08:55 | 000,377,856 | ---- | C] () -- C:\Users\Administrator\Desktop\p4gewi0o.exe

[2013/05/08 10:42:58 | 000,816,128 | ---- | C] () -- C:\Users\Administrator\Desktop\RogueKiller.exe

[2013/05/08 00:51:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2013/05/08 00:51:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2013/05/07 03:15:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf

[2013/05/07 03:15:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf

[2013/05/07 03:14:41 | 000,001,849 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk

[2013/05/07 03:10:02 | 000,002,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

[2013/05/07 00:19:27 | 000,000,578 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\All CPU MeterV3_Settings.ini

[2013/05/07 00:08:37 | 000,000,368 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Digital Clock_Settings.ini

[2013/05/06 17:32:31 | 000,000,263 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Battery Meter_Settings.ini

[2013/05/04 22:41:27 | 000,001,103 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk

[2013/05/04 22:41:26 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk

[2013/05/04 22:28:32 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2013/05/03 18:48:53 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk

[2013/04/30 22:28:51 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2013/04/30 21:12:32 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/25 10:53:45 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2013/04/22 22:41:40 | 002,245,758 | ---- | C] () -- C:\Users\Administrator\Documents\Easy WIFI Radar 1.0.5v Installer.exe

[2013/04/22 14:03:49 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk

[2013/04/22 13:25:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_epfilter_01009.Wdf

[2013/03/23 11:30:06 | 000,000,387 | ---- | C] () -- C:\Users\Administrator\advanced_ip_scanner_Favorites.bin

[2013/03/23 08:08:52 | 000,000,124 | ---- | C] () -- C:\Users\Administrator\advanced_ip_scanner_MAC.bin

[2013/03/15 19:04:30 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2013/03/15 06:33:04 | 000,007,598 | ---- | C] () -- C:\Users\Administrator\AppData\Local\resmon.resmoncfg

[2012/05/20 22:04:23 | 000,003,160 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2012/04/28 06:42:21 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2012/04/23 13:39:38 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2012/04/21 18:21:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

< End of report >

NOW THE SECOND REPORT "EXTRAS"

OTL Extras logfile created on: 5/8/2013 2:32:17 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16540)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.59% Memory free

5.99 Gb Paging File | 4.40 Gb Available in Paging File | 73.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 297.99 Gb Total Space | 238.32 Gb Free Space | 79.98% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{009B3F76-E2A6-4BBA-8ECE-3752C6064CE0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{091FD56E-60CD-4F5C-BDE8-03B40F77D8E2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{19D73310-D753-4469-A701-C8669C4642D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1F75ECD5-E86A-4289-BA05-56FDEB282D5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{21F96128-7ADC-4257-B485-AE65958D7329}" = rport=10243 | protocol=6 | dir=out | app=system |

"{26162079-58D1-4A13-933B-680C4278B6E2}" = lport=139 | protocol=6 | dir=in | app=system |

"{2F9F07A9-156D-46B7-9168-D630D0AA0E22}" = lport=445 | protocol=6 | dir=in | app=system |

"{38EE3BF7-2FAF-44C7-85BD-1D01671240F4}" = lport=2869 | protocol=6 | dir=in | app=system |

"{420B28EE-707F-4917-87FB-109C15C454EA}" = rport=138 | protocol=17 | dir=out | app=system |

"{5B2F8C94-AD8C-4123-97E2-C32EEAE37080}" = lport=49169 | protocol=6 | dir=in | name=akamai netsession interface |

"{629A8E50-4ECD-44F9-8DAA-027E326D3E6D}" = rport=139 | protocol=6 | dir=out | app=system |

"{62D34D07-23D9-4669-B13E-66907CA81333}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{63AEF0E9-100F-4299-BEF5-CB43030E62C4}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |

"{66F64F82-6ABF-463E-8218-DA55EA23CCE2}" = lport=138 | protocol=17 | dir=in | app=system |

"{71A0D943-8E81-48C7-A263-8592E59EFF47}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{7C53AED1-33FE-4BD3-8171-5BAC67A3D849}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{802FFF4B-65AA-4C3F-9777-FB2F697821D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{85BDA737-42DA-4529-B0A7-FDC71D45B466}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{8B8F0508-D360-4884-A501-1A3978433437}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9E4BEF77-BDA5-4381-822A-D326E6FAD158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{A127FD4B-A0A8-47B2-A7E3-A3FA8ABC6A9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B1CEC84D-7791-48FD-B26A-F1FC3C403FF1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BAA27B76-F92A-40E0-8DF9-5434EEC66E07}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{C1F935D1-EAA5-4C8B-9BD6-7F4E1F13C7D7}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |

"{C30B62DC-85D4-4F3F-8905-C0812DE71C44}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CADF3BCA-0E82-4BC4-957D-4CE41D4BC013}" = lport=10243 | protocol=6 | dir=in | app=system |

"{CC90737B-DFF4-481F-A86F-DA9DA63ACAB0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{D0D40DCE-B676-4675-A7C0-FC8AF3776926}" = rport=445 | protocol=6 | dir=out | app=system |

"{D368BD42-C569-47A4-AA86-30ADFA8946F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D93D1157-54F2-46BF-BC06-61FD10E97938}" = lport=137 | protocol=17 | dir=in | app=system |

"{DC38B0BE-E231-414E-83FB-9416A926B621}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |

"{E67F6B05-5276-4B55-9DD9-DC4F738DDFF9}" = rport=137 | protocol=17 | dir=out | app=system |

"{EABFD2C9-99FE-414C-8730-736952382E76}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{EBF679C5-D679-4308-8982-F1E0C22D1C22}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EE770399-B3FA-4685-A0BF-8D8340EF2651}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F19EA5BB-2B50-450D-946D-5470E7EBEFAB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1173D141-9E9D-4EF8-9610-C6AEAE838CAA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{239167BD-0F1E-4EE3-94F5-4D6555AA5FE8}" = protocol=17 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |

"{24D33C1A-59C6-4D31-BB0A-E7ED4F9162C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{2744835C-42C6-4ACB-BDBE-AEFC5BE03AAC}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{2E06CC47-96C3-46F3-BF41-5FF690B013CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{32C3F048-F216-4708-8E1C-D3E89E55C29F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{33E3EC46-B4CA-459D-961E-2405CAE79763}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{33E83602-B63B-4187-8867-233E1D2D2C71}" = protocol=6 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{361AFF01-8021-4DA1-B855-E1DA7BF0E49B}" = protocol=17 | dir=in | app=c:\program files\realtek\rtl8187 wireless lan utility\rtwlan.exe |

"{38F2FB55-B7AD-462D-ACBD-424A1C10CE23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{3D2F434F-336C-4F5B-8068-A7E2D2AAC591}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3E37D22A-E096-43B8-AE80-B7A9140E8E0E}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |

"{3FAA5DEC-D20F-4EBB-A862-3C323360AD3D}" = protocol=17 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{406C3798-4369-4BE8-A74E-65DA857F3BD8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{47F06259-F964-4E4E-8CFA-354708862380}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{4898EFC3-19AE-4033-83E5-120CBDC47E1A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{4B313D4F-0483-409D-BB61-7E62912ACB58}" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |

"{4CEEF212-3BE3-4898-83EA-5B8732E314A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{543A7D4F-B181-4AB1-AEC3-A1A7DAC838AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{65B64F72-4DF9-4CAC-AAD9-66FD50CA99DA}" = protocol=17 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{688115EB-8D5D-4020-B77E-91A927B05678}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1367732423\ee\aolsoftware.exe |

"{6A7495FC-525E-48D2-A3A3-B4F10B8A7394}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"{7A6A9DFB-BA3F-4A8E-86C8-9E31812CBFD9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |

"{7BE49DFA-545D-4131-A9F3-798EC501C469}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7F37F4E7-FADB-4737-890A-A642600F8765}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{971C50A1-07AB-458C-88F2-2774FA92BF79}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{9B4ED8D0-41DF-486F-9CB4-53A3A4F4A026}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1367732423\ee\aolsoftware.exe |

"{9E669978-5CBF-424C-BAA7-B44A8483C375}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"{A26EF4AE-D84D-427F-B341-E0894740C379}" = protocol=6 | dir=in | app=c:\program files\itibiti soft phone\itibiti.exe |

"{A58EE36A-497E-4A68-8B15-C2ECAC1B728C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |

"{A8E24FDC-AD13-4CCB-A578-30A1E9025DD4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AC77B2AB-0787-41E6-B5B3-B738B988DA01}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |

"{AD70FC21-B495-4CCD-A8AD-8FEDEA83D8BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AE43062B-FE5D-4B75-8C9A-0333556B07AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AFC2275F-B498-49D7-AC2E-0C93535DCC66}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |

"{B47C4387-ED27-425B-BAEB-A32FA08D039E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BB63BD37-4F02-4112-9637-2071E416FB2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BC9A05CB-B5CC-4FB3-B666-37CDEE980D65}" = protocol=6 | dir=out | app=system |

"{C19D1A2A-2343-40B8-BBD7-DE1EB2ED90FC}" = protocol=17 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |

"{C4D151A7-B108-4102-91C6-3161EF5A8C7C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C564D9F7-55B6-4D8A-9B90-BEDD957EB31B}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\waol.exe |

"{C6667F69-6F86-4EF7-8A1A-37BD8FA2E1CF}" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |

"{CAFF00F2-2B34-409D-B7BB-A9867332FA59}" = protocol=6 | dir=in | app=c:\program files\realtek\rtl8187 wireless lan utility\rtwlan.exe |

"{D88038DE-3BCD-4274-82AB-B6E15845925F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{DCCBF1FD-F443-4C88-8FF8-83C78B97386B}" = protocol=6 | dir=in | app=c:\program files\aol desktop 9.7\aolbrowser\aolbrowser.exe |

"{DECA7434-84D8-405F-A9EC-79A6F14A7207}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |

"{DEEB8114-0C73-4227-934F-71CB6EFE673E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{E1D5EB95-5933-44E3-8253-0C24BBD16628}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |

"{E56171B1-B403-4BED-827E-6619A0D0889A}" = protocol=6 | dir=in | app=c:\users\stem\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{EB8748A6-C309-4787-BA27-E688EFE47443}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F40DCEB8-8399-432D-A906-D23DE2A2AA1F}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"TCP Query User{1136D5D5-30D2-4359-A1C8-04A542E0BC00}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |

"TCP Query User{44EE037C-3BCF-469E-B6ED-182CB874335E}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"TCP Query User{A6C4610C-9F14-4D04-83E2-B4E8D19F3547}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"TCP Query User{DBB6FF2B-CC81-4D98-968A-63DEF395B97E}C:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe |

"TCP Query User{EB23C033-10BF-42C1-A054-619C4F2FA6F4}C:\program files\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"UDP Query User{27720E58-8AE7-480D-95EB-2D48177EC830}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"UDP Query User{4379F761-E1E7-4134-AAE2-02FFE87D9EDD}C:\program files\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe |

"UDP Query User{4A9D7509-6335-442A-ABCC-0FE4FB82B56D}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"UDP Query User{8CE2250C-5E75-4576-A339-927E418FDB8B}C:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\aircrack-ng-1.1-win\aircrack-ng-1.1-win\bin\buddy-ng.exe |

"UDP Query User{963F9A75-B130-459B-A711-E605D6BF3BAA}C:\users\administrator\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\administrator\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00

"{2B9B1B9E-45E5-4A76-9CA8-E06F897A3201}" = Cricket Broadband 1.0

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant

"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{C2B9C70F-165E-450D-9EC1-F7B160016291}" = Living 3D Dolphin

"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CDED9EF0-D072-11DF-2EA6-0104A00B0BB3}" = CommView for WiFi

"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher

"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = SetPoint

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition

"exent_466550" = The Treasures of Montezuma

"exent_706250" = Roads of Rome

"exent_708650" = Unlikely Suspects

"Google Chrome" = Google Chrome

"HotspotShield" = Hotspot Shield 2.93

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"RealPlayer 16.0" = RealPlayer

"Swarm Gold1.0" = Swarm Gold

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3002901495-3278968862-1281311716-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/7/2013 9:14:27 PM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x734 Faulting application start time: 0x01ce4b89596f4e1c Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: a00f89d9-b77c-11e2-8d0b-00038a000015

Error - 5/8/2013 3:11:22 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x70 Faulting application start time: 0x01ce4bbb35eb481d Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: 7c8c2025-b7ae-11e2-bee2-00c0ca3f28d5

Error - 5/8/2013 3:22:35 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7fc Faulting application start time: 0x01ce4bbcc73af04e Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: 0de07b75-b7b0-11e2-a38f-00038a000015

Error - 5/8/2013 3:56:02 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7cc Faulting application start time: 0x01ce4bc173072510 Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: b9a7fd18-b7b4-11e2-a35f-00038a000015

Error - 5/8/2013 3:59:14 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7d4 Faulting application start time: 0x01ce4bc1e5f77600 Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: 2c95eca8-b7b5-11e2-a3ba-00038a000015

Error - 5/8/2013 4:36:09 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7ec Faulting application start time: 0x01ce4bc70da5b7a4 Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: 54442e4c-b7ba-11e2-a340-00038a000015

Error - 5/8/2013 6:40:10 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7d4 Faulting application start time: 0x01ce4bd860fec88e Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: a79f6218-b7cb-11e2-a81d-00038a000015

Error - 5/8/2013 6:51:59 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7e0 Faulting application start time: 0x01ce4bda07d7af59 Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: 4e754b3c-b7cd-11e2-a3bb-00038a000015

Error - 5/8/2013 11:42:41 AM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x7d4 Faulting application start time: 0x01ce4c02a3e0c1b9 Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: ea81d841-b7f5-11e2-bee0-00038a000015

Error - 5/8/2013 5:11:55 PM | Computer Name = Home | Source = Application Error | ID = 1000

Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,

time stamp: 0x4f6c234d Exception code: 0xc0000005 Fault offset: 0x0006c3fb Faulting

process id: 0x1508 Faulting application start time: 0x01ce4c30ab0ab927 Faulting application

path: C:\Program Files\DefaultTab\DefaultTabSearch.exe Faulting module path: C:\Program

Files\DefaultTab\DefaultTabSearch.exe Report Id: e90e2786-b823-11e2-bee0-00038a000015

[ System Events ]

Error - 3/16/2013 9:23:56 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000

Description = The DefaultTabUpdate service failed to start due to the following

error: %%2

Error - 3/16/2013 9:24:09 AM | Computer Name = Home | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 3/16/2013 9:24:09 AM | Computer Name = Home | Source = Service Control Manager | ID = 7034

Description = The DefaultTabSearch service terminated unexpectedly. It has done

this 1 time(s).

Error - 3/16/2013 9:24:20 AM | Computer Name = Home | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 3/16/2013 11:17:38 AM | Computer Name = Home | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

Error - 3/16/2013 11:17:38 AM | Computer Name = Home | Source = atikmdag | ID = 43029

Description = Display is not active

Error - 3/16/2013 11:17:43 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000

Description = The DefaultTabUpdate service failed to start due to the following

error: %%2

Error - 3/16/2013 11:17:45 AM | Computer Name = Home | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error - 3/16/2013 11:17:57 AM | Computer Name = Home | Source = Service Control Manager | ID = 7034

Description = The DefaultTabSearch service terminated unexpectedly. It has done

this 1 time(s).

Error - 3/16/2013 11:18:08 AM | Computer Name = Home | Source = atikmdag | ID = 43029

Description = Display is not active

< End of report ></key></extension></extension></local>

Dell1737 · May 9, 2013

Heres the results of GMER: thanks again for your help

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-05-08 18:01:43

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11 298.09GB

Running: p4gewi0o.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E47A09 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E811F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A2A000, 0x2D5378, 0xE8000020]

? C:\Users\Administrator\AppData\Local\Temp\tmp9F2B.tmp The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4064] kernel32.dll!SetUnhandledExceptionFilter 7742F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs X6XSEx.Sys

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f66ee

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f66ee (not active ControlSet)

---- EOF - GMER 2.1 ----

Dell1737 · May 9, 2013

I ran GMER again with "ADS" checked and got a little more data, I unchecked it the first time because it shut down Windows

unexpectedly, ran no problem the second time running with "ADS" checked... hope this helps

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-75ZCT2 rev.11.01A11 298.09GB

Running: p4gewi0o.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldipow.sys

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E47A09 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E811F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93A2A000, 0x2D5378, 0xE8000020]

? C:\Users\Administrator\AppData\Local\Temp\tmp9F2B.tmp The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[4064] kernel32.dll!SetUnhandledExceptionFilter 7742F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs X6XSEx.Sys

---- Threads - GMER 2.1 ----

Thread System [4:4412] 9E4F2F2E

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0002721f66ee

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0002721f66ee (not active ControlSet)

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 1376

---- EOF - GMER 2.1 ----

deltalima · May 9, 2013

Hi Dell1737,

Run OTL Script

Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).

Copy and Paste the following code into the

textbox. Do not include the word Code


:Commands
[CREATERESTOREPOINT]

:processes
killallprocesses
:otl
CHR - default_search_provider: Conduit (Enabled)
CHR - Extension: DataMask by AOL = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kochbcmingebnmbcpbbpfpmipakoipge\4.2.0.8207_0\
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - plugin: npDefaultTabSearch plugin (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.0.10_0\plugins/npDefaultTabSearch.dll
DRV - (WinRing0_1_2_0) -- C:\Users\Administrator\AppData\Local\Temp\tmp2B05.tmp File not found
DRV - (drkokjnr) -- C:\Windows\system32\drivers\drkokjnr.sys File not found
DRV - (hqgqtnxa) -- C:\Windows\system32\drivers\hqgqtnxa.sys File not found
DRV - (jnldlrae) -- C:\Windows\system32\drivers\jnldlrae.sys File not found
DRV - (mvsjswsw) -- C:\Windows\system32\drivers\mvsjswsw.sys File not found
DRV - (ocgzvzwg) -- C:\Windows\system32\drivers\ocgzvzwg.sys File not found
DRV - (rswouoic) -- C:\Windows\system32\drivers\rswouoic.sys File not found
DRV - (sfdwpfse) -- C:\Windows\system32\drivers\sfdwpfse.sys File not found
DRV - (snozyqra) -- C:\Windows\system32\drivers\snozyqra.sys File not found
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...&q={searchTerms}
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
SRV - (DefaultTabSearch) -- C:\Program Files\DefaultTab\DefaultTabSearch.exe File not found
SRV - (DefaultTabUpdate) -- C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe File not found
:services
:reg
:files
C:\Program Files\AOL\DataMask by AOL\
C:\ProgramData\Viewpoint
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
[RESETHOSTS]
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

TDSSKiller - Rootkit Removal Tool

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool. Vista - W7 users: Right-click and select "Run As Administrator".
If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
Click Change parameters
Under Additional Options CHECK Verify file digital signatures
IMPORTANT: Ensure Detect TDLFS file system remains UNCHECKED.
Click Start scan and allow it to scan for Malicious objects.
- If Malicious objects are detected, the default action will be Cure, ensure SKIP is selected... then click Continue
- If suspicious objects are detected, the default action will be Skip, ensure Skip is selected... then click Continue
- If Unsigned files are detected, the default action will be Skip, ensure Skip is selected... then click Continue

DO NOT change the default actions, other than CURE to SKIP.

You may be asked to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
A log will be created on your root drive (usually C:) drive. The log will have a name like Name.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
If no reboot is required, click on Report. A log file should appear.
Please post the contents of the log file in your next reply

Please let me know how the computer is running now.

Dell1737 · May 9, 2013

ok.... I ran OTL with your code and now I can goto any site without being redirected to the "Jennycam.us" page!

you really know your stuff, the computer is working great... should I still run TDSSKiller to look for more <Malware>

or skip?

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== PROCESSES ==========

========== OTL ==========

Use Chrome's Settings page to remove the default_search_provider items.

File C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kochbcmingebnmbcpbbpfpmipakoipge\4.2.0.8207_0 not found.

C:\Program Files\Free Ride Games\npExentCtl.dll moved successfully.

File C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.0.10_0\plugins/npDefaultTabSearch.dll not found.

Service WinRing0_1_2_0 stopped successfully!

Service WinRing0_1_2_0 deleted successfully!

File C:\Users\Administrator\AppData\Local\Temp\tmp2B05.tmp File not found not found.

Service drkokjnr stopped successfully!

Service drkokjnr deleted successfully!

File C:\Windows\system32\drivers\drkokjnr.sys File not found not found.

Service hqgqtnxa stopped successfully!

Service hqgqtnxa deleted successfully!

File C:\Windows\system32\drivers\hqgqtnxa.sys File not found not found.

Service jnldlrae stopped successfully!

Service jnldlrae deleted successfully!

File C:\Windows\system32\drivers\jnldlrae.sys File not found not found.

Service mvsjswsw stopped successfully!

Service mvsjswsw deleted successfully!

File C:\Windows\system32\drivers\mvsjswsw.sys File not found not found.

Service ocgzvzwg stopped successfully!

Service ocgzvzwg deleted successfully!

File C:\Windows\system32\drivers\ocgzvzwg.sys File not found not found.

Service rswouoic stopped successfully!

Service rswouoic deleted successfully!

File C:\Windows\system32\drivers\rswouoic.sys File not found not found.

Service sfdwpfse stopped successfully!

Service sfdwpfse deleted successfully!

File C:\Windows\system32\drivers\sfdwpfse.sys File not found not found.

Service snozyqra stopped successfully!

Service snozyqra deleted successfully!

File C:\Windows\system32\drivers\snozyqra.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.

C:\Program Files\Hotspot Shield\HssIE\HssIE.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.

C:\Program Files\Free Ride Games\GPlayer.exe moved successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender not found.

File C:\Program Files\Free Ride Games\GPlayer.exe not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.

File C:\Program Files\Free Ride Games\GPlayer.exe not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender deleted successfully.

File C:\Program Files\Free Ride Games\GPlayer.exe not found.

Service DefaultTabSearch stopped successfully!

Service DefaultTabSearch deleted successfully!

File C:\Program Files\DefaultTab\DefaultTabSearch.exe File not found not found.

Service DefaultTabUpdate stopped successfully!

Service DefaultTabUpdate deleted successfully!

File C:\Users\Stem\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe File not found not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

Folder C:\Program Files\AOL\DataMask by AOL not found.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\ProgramData\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\ProgramData\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 88207665 bytes

->Temporary Internet Files folder emptied: 116979000 bytes

->Java cache emptied: 374011 bytes

->FireFox cache emptied: 19693123 bytes

->Google Chrome cache emptied: 388157508 bytes

->Flash cache emptied: 798 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: fbwuser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 128 bytes

->Flash cache emptied: 56466 bytes

User: Public

User: User2

->Temp folder emptied: 306321 bytes

->Temporary Internet Files folder emptied: 785136 bytes

->Google Chrome cache emptied: 64038391 bytes

->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 377816365 bytes

RecycleBin emptied: 128537 bytes

Total Files Cleaned = 1,008.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: fbwuser

->Flash cache emptied: 0 bytes

User: Public

User: User2

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: fbwuser

User: Public

User: User2

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05092013_003953

Files\Folders moved on Reboot...

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Dell1737 · May 9, 2013

actually, since the "Jennycam.us" virus I've been getting a error box "Invalid Database File" that just pops up once in a while?

and it just poped up a few minutes ago

so I"ll run the TDSSKiller in case there is more malware

Dell1737 · May 9, 2013

TDSSKiller Report.txt

heres the Results from TDSSKiller, it found 3 "suspicious" files, Realtek is for my WIFI adapter that I use 24/7 so I hope we don't have to delete that one

had to attach the the Report "post too long" message

deltalima · May 9, 2013

Hi Dell1737,

Download SystemLook 32 bit and save it to your Desktop

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:regfind
Jennycam.us
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Next, run a new scan with OTL and post the OTL.txt log file.

Dell1737 · May 9, 2013

OTL.Txt

Hi deltalima,

looks like "Jennycam.us" is gone! it's great being able to access all Web Sites again and

videos that weren't playing before are playing now, do you think theres still more malware

on my comp?

SystemLook 04.09.10 by jpshortstuff

Log created at 03:04 on 09/05/2013 by Administrator

Administrator - Elevation successful

========== regfind ==========

Searching for "Jennycam.us"

No data found.

-= EOF =-

Attached OTL.txt "Too Long"

deltalima · May 9, 2013

Hi Dell1737,

Run OTL Script

Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).

Copy and Paste the following code into the

textbox. Do not include the word Code


:Commands
[CREATERESTOREPOINT]

:processes
killallprocesses
:otl
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files\Free Ride Games\npExentCtl.dll
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN15291429738283060&ctid=CT3282134&sspv=SB_CHWSP04
:files
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
:commands
[EMPTYTEMP]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Dell1737 · May 9, 2013

Hi deltalima,

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== PROCESSES ==========

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0\ deleted successfully.

File C:\Program Files\Free Ride Games\npExentCtl.dll not found.

Use Chrome's Settings page to remove the default_search_provider items.

========== FILES ==========

C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 5452 bytes

->Temporary Internet Files folder emptied: 1000405 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 74616953 bytes

->Flash cache emptied: 41 bytes

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: fbwuser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: User2

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7400 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 72.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05092013_111431

Files\Folders moved on Reboot...

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

deltalima · May 9, 2013

Hi Dell1737,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Clear restore points

Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
Copy and Paste the following code into the textbox. Do not include the word Code
```
:commands
[clearallrestorepoints]
```
Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.

Clean up with OTL

Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!

Dell1737 · May 10, 2013

deltalima,

Thank so much for your help! before I found Malwarebytes I was just using the antivirus Scanners,

as it turns out, the "Jennycam.us" virus was buried to deep for them to work, now I know these viruses can

be removed without reformatting the whole HD and reinstalling everything like I used to do.... again thanks for

everything, seems like alot of work! I noticed the other Experts have paypal in there signatures, do you have

a paypal email?

Rich

deltalima · May 10, 2013

You're welcome!

Glad we could be of help.

LDTate · May 10, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Jennycam.us infection doesn't allow Youtube, Amazon, Paypal, etc. DDS files

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information