Jump to content

I seem to be infected.


Recommended Posts

Hello superhawk and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

Link to post
Share on other sites

Thank you, Maniac, for your assistance.

The following are what you've requested.

I really do appreciate this. Let me know what else I can do.

Jay (Superhawk)

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.04.07.11

Windows XP Service Pack 2 x86 NTFS

Internet Explorer 7.0.5730.11

Owner :: COMPUTER [administrator]

Protection: Enabled

4/7/2012 11:40:36 PM

mbam-log-2012-04-07 (23-40-36).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 182377

Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

OTL logfile created on: 4/8/2012 8:47:14 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 253.74 Mb Available Physical Memory | 24.99% Memory free

2.38 Gb Paging File | 1.47 Gb Available in Paging File | 61.64% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.88 Gb Total Space | 65.86 Gb Free Space | 45.77% Space Free | Partition Type: NTFS

Drive D: | 5.16 Gb Total Space | 1.79 Gb Free Space | 34.77% Space Free | Partition Type: FAT32

Drive F: | 27.94 Gb Total Space | 14.15 Gb Free Space | 50.65% Space Free | Partition Type: FAT32

Drive G: | 233.75 Gb Total Space | 202.90 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 23:37:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2012/04/04 18:16:29 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe

PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe

PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe

PRC - [2011/10/19 18:13:46 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/12/02 11:30:46 | 001,095,336 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe

PRC - [2007/06/21 14:06:28 | 001,318,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/11 06:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe

PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe

PRC - [2006/09/01 11:13:52 | 000,487,424 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe

PRC - [2003/12/25 19:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/08 02:33:14 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040800\algo.dll

MOD - [2012/04/07 13:07:21 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040701\algo.dll

MOD - [2012/04/05 04:28:44 | 001,754,112 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040500\algo.dll

MOD - [2011/10/19 18:58:04 | 001,003,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\60c3690533633d00ad58c252233af648\System.Configuration.ni.dll

MOD - [2011/10/19 18:57:53 | 000,237,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\4322b7a091e842659855f3d776049198\CustomMarshalers.ni.dll

MOD - [2011/10/19 18:56:17 | 005,623,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9a1588049400c5d2e5adca628948fb18\System.Xml.ni.dll

MOD - [2011/10/19 18:54:57 | 008,130,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\68a2426bea6c6e516ed0729f0fa586cd\System.ni.dll

MOD - [2011/10/19 18:54:31 | 011,304,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3da75e6fa6243633469098ff1e30120a\mscorlib.ni.dll

MOD - [2011/10/19 18:53:20 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2011/10/19 18:53:14 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MOD - [2011/10/19 18:53:12 | 000,068,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/12/02 11:31:10 | 000,348,328 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl

MOD - [2010/12/02 11:31:10 | 000,182,440 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madBasic_.bpl

MOD - [2010/12/02 11:31:10 | 000,048,808 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madDisAsm_.bpl

MOD - [2007/01/13 06:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll

MOD - [2007/01/13 06:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll

MOD - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe

MOD - [2006/09/01 11:13:52 | 000,487,424 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe

MOD - [2006/09/01 11:13:44 | 000,045,056 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.dll

MOD - [2006/05/08 13:06:26 | 000,212,992 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\dot1x_dll.dll

MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- F:\WinRAR\RarExt.dll

MOD - [2004/08/04 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2003/12/25 19:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe

MOD - [2003/12/25 19:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012/03/28 19:31:20 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)

SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)

SRV - [2011/10/19 18:13:46 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/07/15 20:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

DRV - [2008/08/12 00:08:32 | 000,157,568 | R--- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcbda.sys -- (xcbdaNtsc) ASUS PHC3-100 (NTSC)

DRV - [2007/04/23 20:12:28 | 004,402,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/02/27 12:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2006/08/24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)

DRV - [2006/02/27 07:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)

DRV - [2005/09/23 20:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)

DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)

DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/12/25 19:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)

DRV - [2003/12/25 19:53:10 | 000,008,440 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)

DRV - [2001/08/17 08:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKLM\..\SearchScopes,DefaultScope = {DC6A1391-C464-47F9-89A6-8204B5926FEE}

IE - HKLM\..\SearchScopes\{DC6A1391-C464-47F9-89A6-8204B5926FEE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes,DefaultScope = {BC4AF00B-4E70-406E-84C4-6311F39303B2}

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes\{BC4AF00B-4E70-406E-84C4-6311F39303B2}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes\{DC6A1391-C464-47F9-89A6-8204B5926FEE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://www.btsearch.name/"

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/18 10:06:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/05 09:23:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 19:50:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/05 09:23:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/05 16:27:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/10/21 10:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

[2012/04/03 23:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions

[2012/02/16 20:09:50 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\clickclean@hotcleaner.com

[2012/03/25 22:57:55 | 000,000,000 | ---D | M] ("Torrent") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com

[2012/03/18 19:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{792BDDFE-2E7C-42ED-B18D-18154D2761BD}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{B347DFB4-AC21-11DD-9016-B77D55D89593}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI

() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\TOGGLEPRIVATEBROWSING@SUPERNOVA00.BIZ.XPI

[2012/03/05 09:23:34 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

[2012/03/18 19:50:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/21 14:01:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.)

O3 - HKLM\..\Toolbar: (Show Xmlbar Toolbar) - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files\Xmlbar\56 Downloader\IEBar\xbietb.dll (Xmlbar.com)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [showWnd] C:\WINDOWS\ShowWnd.exe ()

O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0 File not found

O9 - Extra Button: Run 56Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)

O9 - Extra 'Tools' menuitem : 56 Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FA29D3-2724-4F82-866D-7B62D3F3C634}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{63de94e0-fbec-11e0-83e4-806d6172696f}\Shell\AutoRun\command - "" = F:\Info.exe folder.htt 480 480

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 23:37:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/04/04 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2012/04/04 14:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft

[2012/04/04 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\VERIZONDM

[2012/04/04 14:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2012/04/04 14:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft

[2012/04/04 14:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2012/04/04 11:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon

[2012/04/04 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TechWizard

[2012/04/03 23:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2012/04/03 23:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware

[2012/04/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com

[2012/04/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012/04/03 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012/03/28 19:23:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos

[2012/03/26 16:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2012/03/26 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/26 16:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/03/26 16:52:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/03/26 16:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/25 23:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\1-Click YouTube Downloader

[2012/03/25 23:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1-Click YouTube Downloader

[2012/03/25 01:22:13 | 000,000,000 | ---D | C] -- C:\YouTubeVideos

[2012/03/23 11:38:24 | 000,000,000 | ---D | C] -- C:\downloads

[2012/03/23 11:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\56 Downloader(xmlbar)

[2012/03/23 11:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xmlbar

[2012/03/12 01:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft

[2012/01/14 21:22:39 | 000,048,128 | ---- | C] (DBS GmbH, Bremen-Germany) -- C:\Program Files\WNDTLS32.DLL

[2012/01/14 21:22:38 | 000,605,184 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLI32.DLL

[2012/01/14 21:22:38 | 000,238,080 | ---- | C] (DBS GmbH) -- C:\Program Files\TX4OLE.OCX

[2012/01/14 21:22:38 | 000,173,568 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLO32.DLL

[2012/01/14 21:22:38 | 000,066,560 | ---- | C] (DBS GmbH) -- C:\Program Files\TXTLS32.DLL

[2011/10/20 14:45:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/08 08:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/04/07 23:37:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2012/04/05 12:04:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012/04/05 12:04:48 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/04/05 11:57:42 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls

[2012/04/04 11:55:42 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs

[2012/04/04 11:55:42 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat

[2012/04/04 11:55:29 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk

[2012/04/04 11:54:54 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FiOS Information.lnk

[2012/04/04 11:54:53 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Install Verizon Media Manager.lnk

[2012/04/04 00:01:22 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

[2012/04/03 23:59:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/04/03 23:59:47 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/03 23:58:13 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk

[2012/03/27 17:45:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/03/25 23:16:00 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk

[2012/03/23 11:48:08 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2012/03/23 11:35:02 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\56 Downloader.lnk

[2012/03/18 15:43:05 | 000,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/03/18 15:43:05 | 000,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/03/18 10:06:25 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/03/18 09:52:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 11:55:42 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs

[2012/04/04 11:55:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat

[2012/04/04 11:55:29 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk

[2012/04/04 11:54:54 | 000,002,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FiOS Information.lnk

[2012/04/04 11:54:53 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Install Verizon Media Manager.lnk

[2012/04/03 23:58:13 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk

[2012/03/28 19:31:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/03/27 17:45:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2012/03/25 23:16:00 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk

[2012/03/23 11:35:02 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\56 Downloader.lnk

[2012/01/14 21:22:40 | 000,244,984 | ---- | C] () -- C:\Program Files\TUTIL32.DLL

[2012/01/14 21:22:38 | 000,314,880 | ---- | C] () -- C:\Program Files\TX32.DLL

[2011/11/20 23:00:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI

[2011/10/29 23:40:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe

[2011/10/29 23:40:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2011/10/29 23:40:37 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2011/10/25 08:56:41 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys

[2011/10/25 08:54:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2011/10/21 10:51:23 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/10/21 10:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2011/10/21 09:36:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini

[2011/10/21 09:02:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2011/10/20 18:24:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/10/20 15:00:40 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml

[2011/10/20 14:45:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe

[2011/10/20 14:45:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat

[2011/10/20 14:45:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf

[2011/10/20 12:20:38 | 000,716,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate

[2011/10/19 18:26:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2011/10/19 18:24:01 | 000,547,840 | ---- | C] () -- C:\WINDOWS\zHotkey.exe

[2011/10/19 18:24:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll

[2011/10/19 18:24:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe

[2011/10/19 18:24:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll

[2011/10/19 18:23:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2011/10/19 17:53:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT

[2011/10/19 15:09:24 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2011/10/19 15:09:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2011/10/19 15:09:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2011/10/19 15:09:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2011/10/19 15:09:04 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2011/10/19 15:08:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2011/10/19 15:08:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2011/10/19 15:08:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2011/10/19 15:08:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2011/10/19 15:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2011/10/19 15:06:27 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2010/07/15 20:45:44 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== LOP Check ==========

[2011/10/30 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2011/11/20 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass

[2012/04/04 14:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2012/04/08 08:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2011/11/05 11:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

[2011/10/21 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

[2011/10/19 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}

[2011/10/25 08:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}

[2011/10/19 18:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView

[2012/03/12 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft

[2012/03/23 11:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\56 Downloader(xmlbar)

[2011/11/27 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Application Updater

[2012/03/26 20:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics

[2012/03/05 09:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings

[2012/01/15 01:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner

[2011/10/21 10:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM

[2011/10/19 18:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2012/04/04 11:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard

[2011/10/31 15:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird

[2012/04/08 08:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

[2012/03/23 11:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso

[2012/04/04 00:01:22 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

OTL Extras logfile created on: 4/8/2012 8:47:14 AM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 253.74 Mb Available Physical Memory | 24.99% Memory free

2.38 Gb Paging File | 1.47 Gb Available in Paging File | 61.64% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 143.88 Gb Total Space | 65.86 Gb Free Space | 45.77% Space Free | Partition Type: NTFS

Drive D: | 5.16 Gb Total Space | 1.79 Gb Free Space | 34.77% Space Free | Partition Type: FAT32

Drive F: | 27.94 Gb Total Space | 14.15 Gb Free Space | 50.65% Space Free | Partition Type: FAT32

Drive G: | 233.75 Gb Total Space | 202.90 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard

"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)

"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\VSO\VSO Downloader\2\VsoDownloader.exe" = C:\Program Files\VSO\VSO Downloader\2\VsoDownloader.exe:*:Enabled:VSO Downloader -- (VSO Software)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent

"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0

"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{581CE7EA-A30D-0000-1211-088635773309}" = IOGEAR 802.11 b+g Utility

"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional

"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347

"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.5.1.2

"{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Gigabit Adapter

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager

"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver

"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 6.0

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Active@ Data CD/DVD Burner v 2.0" = Active@ Data CD/DVD Burner v 2.0

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem

"avast" = avast! Free Antivirus

"DivX Setup" = DivX Setup

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Smart Wizard Utility

"IrfanView" = IrfanView (remove only)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"MozBackup" = MozBackup 1.5.1

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.11

"WildTangent emachines Master Uninstall" = eMachines Games

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinPcapInst" = WinPcap 4.1.2

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xmlbar 56Downloader" = 56 Downloader(xmlbar)(remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 1/17/2012 10:19:25 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application showtime.exe, version 3.5.5.1, faulting module

showtime.exe, version 3.5.5.1, fault address 0x000a2e3c.

Error - 1/30/2012 10:20:40 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module

kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 1/30/2012 10:21:00 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module

kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 2/8/2012 3:36:03 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application i_view32.exe, version 4.3.0.0, faulting module

video.dll, version 4.3.0.0, fault address 0x0000267f.

Error - 2/8/2012 3:38:00 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application i_view32.exe, version 4.3.0.0, faulting module

video.dll, version 4.3.0.0, fault address 0x00003083.

Error - 2/22/2012 5:35:50 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module

kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 2/22/2012 5:36:01 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module

kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 2/29/2012 4:23:08 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application showtime.exe, version 3.5.5.1, faulting module

nevideo.ax, version 4.9.4.1, fault address 0x000738d0.

Error - 3/2/2012 11:08:13 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application showtime.exe, version 3.5.5.1, faulting module

nevideo.ax, version 4.9.4.1, fault address 0x000738d0.

Error - 3/8/2012 10:07:22 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000

Description = Faulting application nero.exe, version 7.8.5.0, faulting module msvcp71.dll,

version 7.10.3077.0, fault address 0x0003040d.

[ System Events ]

Error - 11/14/2011 8:34:24 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 11/14/2011 8:34:24 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023

Description = The Application Management service terminated with the following error:

%%126

Error - 11/21/2011 2:49:49 AM | Computer Name = COMPUTER | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.11 for the Network Card with network

address E091F5A0276A has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall µTorrent, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {DC6A1391-C464-47F9-89A6-8204B5926FEE}
    IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes,DefaultScope = {BC4AF00B-4E70-406E-84C4-6311F39303B2}
    FF - prefs.js..browser.startup.homepage: "http://www.btsearch.name/"
    [2012/03/25 22:57:55 | 000,000,000 | ---D | M] ("Torrent") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com
    O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0 File not found
    O9 - Extra Button: Run 56Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)
    O9 - Extra 'Tools' menuitem : 56 Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)
    [2012/04/04 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2012/03/23 11:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xmlbar
    [2011/10/20 14:45:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
    [2011/10/20 14:45:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
    [2011/10/20 14:45:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
    [2012/04/08 08:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

I did as you asked (deleted UTorrent), and then followed your directions for the scan (copy and paste) however, the scan stopped and the following 'bubble' appeared:

MBAMService terminated unexpectedly: see Event Log for details.

But the computer was frozen (locked up). Everything on the desktop disappeared except the desktop background picture, the OTL screen and MBAM message. I re-booted and tried again with the same results.

What am I doing wrong?

Jay

Link to post
Share on other sites

What am I doing wrong?

There is a problem with Malwarebytes' Anti-Malware Protection Module, it is not your fault. Right click on Malwarebytes' Anti-Malware icon in System Tray and click use Exit to turn it off for awhile.

Then try again.

Link to post
Share on other sites

Thank you for being so patient, Maniac.

O.K., I 'Exited' Malwarebytes and retried OTL (copy & paste, etc). It's been over three hours and is still saying

Killing processes. DO NOT INTERRUPT...

But, it has not displayed the MBAMService terminated unexpectedly... message. Does it take this long or should I reboot and try again?

I'm sorry I don't understand computers better to help your assistance.

Jay

Link to post
Share on other sites

Is this it?

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Prefs.js: "http://www.btsearch.name/" removed from browser.startup.homepage

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\skin folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\locale\en-US folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\locale folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\content folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\components folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com folder moved successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Xmlbar Search\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.

C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.

File C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe not found.

Folder C:\Program Files\uTorrent\ not found.

C:\Program Files\Xmlbar\56 Downloader\sounds folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader\language folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader\IEBar\config\defaults folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader\IEBar\config\Chinese Simplified folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader\IEBar\config folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader\IEBar folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader\config folder moved successfully.

C:\Program Files\Xmlbar\56 Downloader folder moved successfully.

C:\Program Files\Xmlbar folder moved successfully.

C:\Documents and Settings\Owner\Application Data\inst.exe moved successfully.

C:\Documents and Settings\Owner\Application Data\pcouffin.cat moved successfully.

C:\Documents and Settings\Owner\Application Data\pcouffin.inf moved successfully.

C:\Documents and Settings\Owner\Application Data\uTorrent\ie folder moved successfully.

C:\Documents and Settings\Owner\Application Data\uTorrent\dlimagecache folder moved successfully.

C:\Documents and Settings\Owner\Application Data\uTorrent\Cache folder moved successfully.

C:\Documents and Settings\Owner\Application Data\uTorrent\apps folder moved successfully.

C:\Documents and Settings\Owner\Application Data\uTorrent folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

->Temp folder emptied: 589084 bytes

->Temporary Internet Files folder emptied: 42837481 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49848754 bytes

->Flash cache emptied: 26 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04102012_133210

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Yes, the same one.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=1aa40d1ebe1faa4ea132c0de212e852c

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-15 05:11:39

# local_time=2012-04-15 01:11:39 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=105139

# found=6

# cleaned=6

# scan_time=2787

C:\Documents and Settings\Owner\My Documents\Downloads\cnet2_MozillaRestorer_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Setups\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Program Files\Setups\YouTubeDownloaderSetup27.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C

F:\Downloads\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

F:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP6\A0000404.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

F:\Setups\Programs\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Yes. The 'btsearch.name' has disappeared. Mozilla now has its' regular homepage.The balloons/bubbles that say Malwarebytes has stopped an "incoming"/"outgoing" threat are still showing up, but not as frequently. Is that O.K.?

I will add that I am not the only one using this computer in the house (only recently took possesion of it). I have stopped all other users for the duration of this issue (and maybe beyond). I assume that it will help to not have a bunch of people doing things that I can't control.

Link to post
Share on other sites

Thanks for letting me know!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Is this it?

ComboFix 12-04-17.01 - Owner 04/17/2012 17:09:19.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.505 [GMT -4:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Owner\Application Data\vso_ts_preview.xml

c:\documents and settings\Owner\WINDOWS

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\Thumbs.db

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))

.

.

2012-04-15 16:21 . 2012-04-15 16:21 -------- d-----w- c:\program files\ESET

2012-04-13 21:54 . 2012-04-15 03:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent

2012-04-09 12:52 . 2012-04-10 17:47 -------- d-----w- C:\_OTL

2012-04-08 03:37 . 2012-04-08 03:37 593920 ----a-w- c:\program files\OTL.exe

2012-04-04 18:29 . 2012-04-04 18:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft

2012-04-04 18:29 . 2012-04-04 18:29 -------- d-----w- c:\program files\VERIZONDM

2012-04-04 18:29 . 2012-04-04 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft

2012-04-04 18:28 . 2012-04-04 18:29 -------- d-----w- c:\program files\Common Files\SupportSoft

2012-04-04 18:21 . 2012-04-04 18:21 -------- d-----w- c:\windows\Sun

2012-04-04 15:55 . 2012-04-04 15:55 260 ----a-w- c:\windows\system32\cmdVBS.vbs

2012-04-04 15:55 . 2012-04-04 15:55 256 ----a-w- c:\windows\system32\MSIevent.bat

2012-04-04 15:51 . 2012-04-04 15:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TechWizard

2012-04-04 03:51 . 2012-04-04 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2012-04-04 03:51 . 2012-04-06 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-04 03:51 . 2012-04-04 03:51 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

2012-04-04 03:50 . 2012-04-04 03:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2012-03-28 23:31 . 2012-04-14 18:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-26 20:53 . 2012-03-26 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-03-26 20:53 . 2012-03-26 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-03-26 20:52 . 2012-04-10 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-26 20:52 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-26 03:07 . 2012-03-26 03:13 -------- d-----w- c:\program files\1-Click YouTube Downloader

2012-03-25 05:22 . 2012-03-26 12:29 -------- d-----w- C:\YouTubeVideos

2012-03-23 15:38 . 2012-03-26 12:28 -------- d-----w- C:\downloads

2012-03-23 15:33 . 2012-03-23 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\56 Downloader(xmlbar)

2012-03-18 23:50 . 2012-03-18 23:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 23:50 . 2012-03-18 23:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 18:13 . 2012-01-07 00:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-06 23:15 . 2011-10-30 22:45 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2011-10-30 22:45 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2011-10-30 22:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2011-10-30 22:45 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2011-10-30 22:45 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2011-10-30 22:45 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2011-10-30 22:45 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-06 23:01 . 2011-10-30 22:45 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-06 23:01 . 2011-10-30 22:45 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 22:58 . 2011-10-30 22:45 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-02-24 23:19 . 2011-10-19 22:34 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-02-24 23:19 . 2011-11-08 13:35 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-12 23:17 . 2011-10-20 18:45 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2012-02-12 23:17 . 2011-10-20 18:45 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys

1998-07-20 07:47 . 2012-01-15 01:22 605184 ----a-w- c:\program files\LLI32.DLL

1998-07-20 07:47 . 2012-01-15 01:22 173568 ----a-w- c:\program files\LLO32.DLL

1998-06-09 02:00 . 2012-01-15 01:22 244984 ----a-w- c:\program files\TUTIL32.DLL

1997-07-23 11:01 . 2012-01-15 01:22 314880 ----a-w- c:\program files\TX32.DLL

1997-07-21 23:11 . 2012-01-15 01:22 238080 ----a-w- c:\program files\TX4OLE.OCX

1997-07-21 07:31 . 2012-01-15 01:22 66560 ----a-w- c:\program files\TXTLS32.DLL

1997-07-21 07:22 . 2012-01-15 01:22 48128 ----a-w- c:\program files\WNDTLS32.DLL

2012-03-18 23:50 . 2011-10-30 21:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]

"CHotkey"="zHotkey.exe" [2006-11-07 547840]

"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]

"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]

ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe [2011-10-29 487424]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Program Files\\VSO\\VSO Downloader\\2\\VsoDownloader.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"50000:UDP"= 50000:UDP:IHA_MessageCenter

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/30/2011 6:45 PM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/30/2011 6:45 PM 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/30/2011 6:45 PM 20696]

R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 7:53 PM 8440]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2012 4:53 PM 654408]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 8:45 PM 35088]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 6:11 AM 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 6:11 AM 185640]

R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 7:53 PM 11237]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2012 4:52 PM 22344]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/20/2011 2:45 PM 47360]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]

S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 290832]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 7:31 PM 253088]

S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [10/19/2011 5:49 PM 69692]

S3 xcbdaNtsc;ASUS PHC3-100 (NTSC);c:\windows\system32\drivers\xcbda.sys [10/25/2011 8:54 AM 157568]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 18:13]

.

2012-04-15 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-12 15:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.search.yahoo.com/

mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{6B896ADB-4A82-46e2-858C-13134782CE34} - c:\program files\Xmlbar\56 Downloader\IEBar\xbietb.dll

AddRemove-uTorrent - g:\program files\uTorrent\uTorrent.exe

AddRemove-Xmlbar 56Downloader - c:\program files\Xmlbar\56 Downloader\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-17 17:14

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

C:\avast! sandbox

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1036)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

Completion time: 2012-04-17 17:16:17

ComboFix-quarantined-files.txt 2012-04-17 21:16

.

Pre-Run: 76,858,933,248 bytes free

Post-Run: 76,819,906,560 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 002A7C4B8D372FFB0B4F64869E5DF6D0

Link to post
Share on other sites

No change. Mozilla is still keeping it's correct homepage, but there are still balloons saying that Malwarebytes is successfully blocking access to a potentially malicious website (incoming/outgoing) However, they don't seem to show up as often.

I'm not that familiar with how Malwarbytes works. Is this 'notice' what it's supposed to do? Do I ignore them?

Link to post
Share on other sites

We should the find the source of the problem, not to ignore the problem. This happens only when you open your web browser right?

Please locate and manually delete this folder:

c:\documents and settings\Owner\Application Data\56 Downloader(xmlbar)

Reboot and check again.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.