Jump to content

Malwarebytes

Trojan.Agent MBAM removes but they reappear upon reboot

- - - - -
Started by gwick001, May 15 2012 11:46 PM
Trojan

8 replies to this topic

#1
gwick001
Posted 15 May 2012 - 11:46 PM

    New Member

  • Members
  • Pip
  • 4 posts
Hi guys,

I've been reading through the forums and from what it seems, the removal of a Trojan.Agent seems to vary upon each user.

I am having the same problem as some other's on the forum except the Trojan.Agent's are infecting my C:\chrome\chrome.exe file and one other here is the MBAM log

MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Greg :: GREG-PC [administrator]

Protection: Disabled

5/15/2012 8:28:47 PM
mbam-log-2012-05-15 (20-28-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334239
Time elapsed: 20 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

I read a few of the other posts relating to this problem and I'm fairly sure that this is the next step:

DDS.txt: Attached File  DDS.txt   25.64K   18 downloads

Attach.zip: Attached File  Attach.zip   2.99K   13 downloads

I also went ahead and downloaded RogueKiller.

RKreport.txt: Attached File  RKreport1.txt   1.79K   7 downloads

Any information on the effects of the virus' would be very helpful as well.

Thank you,

-Greg

#2
Maniac
Posted 16 May 2012 - 12:33 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,047 posts
  • Gender:Male
  • Location:Bulgaria, EU
Hello Greg and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications:

Babylon Toolbar by Visicom
Codec-V
uTorrentBar Toolbar


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 3

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#3
gwick001
Posted 16 May 2012 - 10:44 AM

    New Member

  • Members
  • Pip
  • 4 posts
Hi Maniac,

Thank you for your help, I really appreciate it.

MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Greg :: GREG-PC [administrator]

5/16/2012 6:25:19 AM
mbam-log-2012-05-16 (06-25-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203597
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)


OTL.txt

OTL logfile created on: 5/16/2012 8:36:30 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Greg\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 65.50% Memory free
8.00 Gb Paging File | 6.38 Gb Available in Paging File | 79.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 734.29 Gb Free Space | 78.84% Space Free | Partition Type: NTFS
Drive E: | 1.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 08:35:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
PRC - [2012/05/10 10:40:56 | 000,932,528 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/21 13:04:27 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Greg\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/19 23:43:18 | 000,609,792 | ---- | M] () -- C:\DiskManager\Updater.exe
PRC - [2012/03/19 04:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/02/03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2010/01/20 18:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2009/10/07 02:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Greg\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/10 10:40:56 | 000,932,528 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/04/27 19:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 19:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 19:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 19:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 19:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/20 18:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009/09/29 20:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Greg\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2009/03/25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll
MOD - [2009/03/19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009/03/19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/11/09 23:08:52 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/11/09 20:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/19 18:43:23 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/04 00:32:11 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/19 23:43:18 | 000,609,792 | ---- | M] () [Auto | Running] -- C:\DiskManager\Updater.exe -- (DiskManager)
SRV - [2012/03/19 04:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/12 12:11:24 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/11 20:23:25 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/09 20:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/09 20:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 19:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 10:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/24 07:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/04/26 08:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/05/15 19:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/11/06 09:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/15 20:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/30 15:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2008/07/26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/01/19 19:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {21A51130-7285-49FE-B3F6-2385CC71CDEA}
IE - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...00000ffaeb68560
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000ffaeb68560
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\SearchScopes\{4EA1D2D1-CB45-49CD-9112-463CE4998199}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Greg\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Greg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Greg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/03 22:01:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/03 22:01:55 | 000,000,000 | ---D | M]

[2012/05/07 00:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Extensions
[2011/12/10 21:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions
[2011/12/10 21:28:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\Greg\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Greg\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Greg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Greg\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Cloud Reader = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnkloegafmkhgpjglcbldhaokjpandj\1.0.0.0_0\
CHR - Extension: YouTube = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Privacy SafeGuard = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.0_0\
CHR - Extension: Gmail = C:\Users\Greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll File not found
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Chrome] C:\chrome\chrome.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [F.lux] C:\Users\Greg\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [Facebook Update] C:\Users\Greg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [Spotify] C:\Users\Greg\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001..\Run: [Spotify Web Helper] C:\Users\Greg\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files (x86)\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21E50541-94ED-4005-916C-37298AA54D2B}: DhcpNameServer = 192.168.0.1 68.94.156.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89397627-39FC-4883-8785-7EBE7C5502E7}: DhcpNameServer = 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AEB68560-65C0-4123-8550-99A6860FD021}: DhcpNameServer = 195.24.72.6 83.243.8.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 08:35:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2012/05/16 05:15:23 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Etude médico-légale sur la simulation de la folie considérations cliniques ... - Armand Laurent - Google Books_files
[2012/05/15 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\RK_Quarantine
[2012/05/15 21:23:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Greg\Desktop\dds.com
[2012/05/15 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Desktop 51512
[2012/05/15 19:50:59 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2012/05/12 12:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/05/12 12:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/05/12 12:36:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/05/12 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/05/12 12:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/05/12 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications
[2012/05/08 21:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\PrivacySafeGuard
[2012/05/08 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy SafeGuard
[2012/05/08 21:32:46 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012/05/08 21:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fliptoast
[2012/05/08 21:32:45 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\com.w3i.fliptoast
[2012/05/08 21:32:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\W3i, LLC
[2012/05/08 21:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/05/08 21:30:34 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/05/08 21:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/05/07 01:07:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Babylon
[2012/05/07 01:07:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Babylon
[2012/05/07 01:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/07 01:04:43 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\YourFileDownloader
[2012/05/07 00:51:26 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Media Finder
[2012/05/07 00:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012/04/29 13:54:06 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\dvdcss
[2012/04/24 18:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/24 18:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/24 18:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/04/24 18:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/24 18:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/04/24 18:17:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/04/19 23:16:14 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\My Kindle Content
[2012/04/19 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/04/19 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Amazon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Greg\Desktop\*.tmp files -> C:\Users\Greg\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 08:35:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2012/05/16 08:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3938067013-2281349994-2270558466-1001UA.job
[2012/05/16 07:49:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 06:39:01 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 06:39:01 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 06:35:13 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/16 06:35:13 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/16 06:35:13 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/16 06:31:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 06:30:53 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 05:47:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3938067013-2281349994-2270558466-1001UA.job
[2012/05/16 05:17:59 | 000,002,453 | ---- | M] () -- C:\Users\Greg\Desktop\books.png
[2012/05/16 05:15:23 | 000,312,196 | ---- | M] () -- C:\Users\Greg\Desktop\Etude médico-légale sur la simulation de la folie considérations cliniques ... - Armand Laurent - Google Books.htm
[2012/05/16 02:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3938067013-2281349994-2270558466-1001Core.job
[2012/05/15 21:39:05 | 001,420,288 | ---- | M] () -- C:\Users\Greg\Desktop\RogueKiller.exe
[2012/05/15 21:32:47 | 000,003,062 | ---- | M] () -- C:\Users\Greg\Desktop\Attach.zip
[2012/05/15 21:23:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Greg\Desktop\dds.com
[2012/05/15 19:51:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Greg\Desktop\tdsskiller.exe
[2012/05/15 13:09:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3938067013-2281349994-2270558466-1001Core.job
[2012/05/14 03:33:12 | 000,352,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/08 21:32:45 | 000,000,967 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fliptoast.lnk
[2012/05/07 01:07:51 | 000,001,491 | ---- | M] () -- C:\user.js
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Greg\Desktop\*.tmp files -> C:\Users\Greg\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 05:18:02 | 000,002,453 | ---- | C] () -- C:\Users\Greg\Desktop\books.png
[2012/05/16 05:15:22 | 000,312,196 | ---- | C] () -- C:\Users\Greg\Desktop\Etude médico-légale sur la simulation de la folie considérations cliniques ... - Armand Laurent - Google Books.htm
[2012/05/15 21:39:01 | 001,420,288 | ---- | C] () -- C:\Users\Greg\Desktop\RogueKiller.exe
[2012/05/15 21:32:50 | 000,003,062 | ---- | C] () -- C:\Users\Greg\Desktop\Attach.zip
[2012/05/08 21:32:45 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Fliptoast.lnk
[2012/05/08 21:32:45 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlipToast.lnk
[2012/05/07 01:07:49 | 000,001,491 | ---- | C] () -- C:\user.js
[2012/03/22 16:26:15 | 000,000,017 | ---- | C] () -- C:\Users\Greg\AppData\Local\resmon.resmoncfg
[2012/01/23 01:33:37 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/03 22:07:00 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/03 21:58:11 | 000,207,034 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/12/02 22:43:56 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2011/11/09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/11/09 19:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/11/09 19:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/28 03:31:43 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/10/28 03:31:43 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/10/28 03:31:39 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/10/28 03:31:39 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/10/28 03:31:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/01 15:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/03/19 03:19:57 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Ableton
[2012/05/07 01:07:39 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Babylon
[2012/05/08 21:40:01 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.w3i.fliptoast
[2011/12/14 16:15:58 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\DAEMON Tools Lite
[2012/05/12 11:50:32 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Dropbox
[2012/02/14 01:13:13 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leadertech
[2012/01/23 01:50:25 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Leawo
[2012/05/07 03:38:48 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Media Finder
[2012/04/15 15:48:05 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Mixologist
[2012/05/12 11:23:08 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\SoftGrid Client
[2012/05/16 08:33:45 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Spotify
[2012/04/13 00:57:06 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\TeraCopy
[2011/12/03 22:07:34 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\TP
[2012/05/08 21:32:39 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\W3i, LLC
[2012/03/25 22:19:11 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/01/23 01:08:41 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Xilisoft
[2012/05/07 01:04:43 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\YourFileDownloader
[2012/05/16 02:47:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3938067013-2281349994-2270558466-1001Core.job
[2012/05/16 05:47:01 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3938067013-2281349994-2270558466-1001UA.job
[2012/04/03 18:57:59 | 000,014,384 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Thank you and hope to hear from you,
-Greg

#4
Maniac
Posted 17 May 2012 - 10:25 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,047 posts
  • Gender:Male
  • Location:Bulgaria, EU
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=112457&tt=290412_1_vs&babsrc=HP_ss&mntrId=640b32a900000000000000ffaeb68560
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112457&tt=290412_1_vs&babsrc=SP_ss&mntrId=640b32a900000000000000ffaeb68560
[2011/12/10 21:28:39 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll File not found
O3 - HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Chrome] C:\chrome\chrome.exe ()
[2012/05/08 21:30:34 | 000,000,000 | ---D | C] -- C:\codec-info
[2012/05/08 21:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/05/07 01:07:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Babylon
[2012/05/07 01:07:39 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\Babylon
[2012/05/07 01:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/08 21:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy SafeGuard

:files
C:\chrome

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#5
gwick001
Posted 17 May 2012 - 07:44 PM

    New Member

  • Members
  • Pip
  • 4 posts
Hi Maniac,

Thank you for helping!

Here's the latest OTL fix log


All processes killed
========== OTL ==========
HKU\S-1-5-21-3938067013-2281349994-2270558466-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3938067013-2281349994-2270558466-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
HKEY_USERS\S-1-5-21-3938067013-2281349994-2270558466-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3938067013-2281349994-2270558466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3938067013-2281349994-2270558466-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Chrome deleted successfully.
C:\chrome\chrome.exe moved successfully.
C:\codec-info folder moved successfully.
C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\BB3DA80EF703F4AF folder moved successfully.
C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632} folder moved successfully.
C:\ProgramData\InstallMate folder moved successfully.
C:\Users\Greg\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Greg\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Greg\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Greg\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privacy SafeGuard folder moved successfully.
========== FILES ==========
C:\chrome\chrome\SKEL folder moved successfully.
C:\chrome\chrome folder moved successfully.
C:\chrome folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Greg
->Temp folder emptied: 699350211 bytes
->Temporary Internet Files folder emptied: 155627634 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 390710785 bytes
->Flash cache emptied: 63487 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 289619949 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 22557 bytes

Total Files Cleaned = 1,464.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.43.0 log created on 05172012_173350

Files\Folders moved on Reboot...
C:\Users\Greg\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#6
Maniac
Posted 18 May 2012 - 06:13 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,047 posts
  • Gender:Male
  • Location:Bulgaria, EU
Now, please try again:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#7
gwick001
Posted 20 May 2012 - 07:57 PM

    New Member

  • Members
  • Pip
  • 4 posts
No malicious items detected! thank you!

#8
Maniac
Posted 21 May 2012 - 09:49 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,047 posts
  • Gender:Male
  • Location:Bulgaria, EU
Glad I could help! :)

Please run OTL and click on CleanUp button.

Some malware prevention tips here:
http://forums.malwar...=0


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#9
Maurice Naggar
Posted 31 May 2012 - 12:53 PM

    Eradicator de logiciels malveillants

  • Moderators
  • PipPipPipPipPipPip
  • 13,181 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar

I close my threads if there is 5 days without a response.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us