Jump to content


Photo
- - - - -

I seem to be infected.


  • This topic is locked This topic is locked
20 replies to this topic

#1 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 05 April 2012 - 08:35 AM

I have 'Malwarebytes', 'Avast', and 'SUPER Anti-Spyware', and yet I now have 'btsearch.name' insisting on being my Mozilla homepage. I also have 'Malwarebytes' constantly popping up with another 'incoming' or 'outgoing' site that is only numbers.
I would really appreciate any help you can offer.
Thanks,

JAttached File  dds.txt   12.69KB   13 downloads

Attached Files

  • Attached File  dds.txt   12.69KB   13 downloads


#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 April 2012 - 03:28 PM

Hello superhawk and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • OTL log with Extras.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 08 April 2012 - 08:09 PM

Thank you, Maniac, for your assistance.
The following are what you've requested.
I really do appreciate this. Let me know what else I can do.

Jay (Superhawk)

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.07.11

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.11
Owner :: COMPUTER [administrator]

Protection: Enabled

4/7/2012 11:40:36 PM
mbam-log-2012-04-07 (23-40-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182377
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


OTL logfile created on: 4/8/2012 8:47:14 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 253.74 Mb Available Physical Memory | 24.99% Memory free
2.38 Gb Paging File | 1.47 Gb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.88 Gb Total Space | 65.86 Gb Free Space | 45.77% Space Free | Partition Type: NTFS
Drive D: | 5.16 Gb Total Space | 1.79 Gb Free Space | 34.77% Space Free | Partition Type: FAT32
Drive F: | 27.94 Gb Total Space | 14.15 Gb Free Space | 50.65% Space Free | Partition Type: FAT32
Drive G: | 233.75 Gb Total Space | 202.90 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/07 23:37:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2012/04/04 18:16:29 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/12/01 06:11:06 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/10/19 18:13:46 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/02 11:30:46 | 001,095,336 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2007/06/21 14:06:28 | 001,318,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/11 06:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2007/03/12 13:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/03/12 13:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006/11/07 17:34:26 | 000,053,248 | ---- | M] (Chicony) -- C:\WINDOWS\ModPS2Key.exe
PRC - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
PRC - [2006/09/01 11:13:52 | 000,487,424 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe
PRC - [2003/12/25 19:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/08 02:33:14 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040800\algo.dll
MOD - [2012/04/07 13:07:21 | 001,755,136 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040701\algo.dll
MOD - [2012/04/05 04:28:44 | 001,754,112 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12040500\algo.dll
MOD - [2011/10/19 18:58:04 | 001,003,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\60c3690533633d00ad58c252233af648\System.Configuration.ni.dll
MOD - [2011/10/19 18:57:53 | 000,237,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\4322b7a091e842659855f3d776049198\CustomMarshalers.ni.dll
MOD - [2011/10/19 18:56:17 | 005,623,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\9a1588049400c5d2e5adca628948fb18\System.Xml.ni.dll
MOD - [2011/10/19 18:54:57 | 008,130,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\68a2426bea6c6e516ed0729f0fa586cd\System.ni.dll
MOD - [2011/10/19 18:54:31 | 011,304,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3da75e6fa6243633469098ff1e30120a\mscorlib.ni.dll
MOD - [2011/10/19 18:53:20 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/10/19 18:53:14 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/19 18:53:12 | 000,068,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/12/02 11:31:10 | 000,348,328 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl
MOD - [2010/12/02 11:31:10 | 000,182,440 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madBasic_.bpl
MOD - [2010/12/02 11:31:10 | 000,048,808 | ---- | M] () -- C:\Program Files\Auslogics\Auslogics BoostSpeed\madDisAsm_.bpl
MOD - [2007/01/13 06:01:28 | 000,475,136 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll
MOD - [2007/01/13 06:01:28 | 000,397,312 | R--- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll
MOD - [2006/11/07 17:08:40 | 000,547,840 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
MOD - [2006/09/01 11:13:52 | 000,487,424 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe
MOD - [2006/09/01 11:13:44 | 000,045,056 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.dll
MOD - [2006/05/08 13:06:26 | 000,212,992 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\dot1x_dll.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- F:\WinRAR\RarExt.dll
MOD - [2004/08/04 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/12/25 19:53:08 | 000,270,336 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
MOD - [2003/12/25 19:53:08 | 000,049,152 | ---- | M] () -- C:\Program Files\NETGEAR GA311 Adapter\Rtl8169LibC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/28 19:31:20 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/10/19 18:13:46 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2007/08/29 17:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/07/15 20:45:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2008/08/12 00:08:32 | 000,157,568 | R--- | M] (ViXS Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcbda.sys -- (xcbdaNtsc) ASUS PHC3-100 (NTSC)
DRV - [2007/04/23 20:12:28 | 004,402,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/02/27 12:39:26 | 000,032,256 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/10/10 13:53:48 | 000,005,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/08/24 13:44:14 | 000,477,696 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2006/02/27 07:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/09/23 20:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/06/08 18:44:20 | 000,020,608 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BRGSp50.sys -- (BRGSp50)
DRV - [2004/10/25 13:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/04 01:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/25 19:53:10 | 000,011,237 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2003/12/25 19:53:10 | 000,008,440 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2001/08/17 08:10:58 | 000,069,692 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el575ND5.sys -- (el575nd5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKLM\..\SearchScopes,DefaultScope = {DC6A1391-C464-47F9-89A6-8204B5926FEE}
IE - HKLM\..\SearchScopes\{DC6A1391-C464-47F9-89A6-8204B5926FEE}: "URL" = http://www.google.co...age={startPage}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...Sys=DTP&M=W3650
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes,DefaultScope = {BC4AF00B-4E70-406E-84C4-6311F39303B2}
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes\{BC4AF00B-4E70-406E-84C4-6311F39303B2}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes\{DC6A1391-C464-47F9-89A6-8204B5926FEE}: "URL" = http://www.google.co...ie7&rlz=1I7GWYE
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.btsearch.name/"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=937811&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/18 10:06:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/05 09:23:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 19:50:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/05 09:23:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/01/05 16:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/10/21 10:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2012/04/03 23:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions
[2012/02/16 20:09:50 | 000,000,000 | ---D | M] (Click&amp;Clean) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\clickclean@hotcleaner.com
[2012/03/25 22:57:55 | 000,000,000 | ---D | M] ("Torrent") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com
[2012/03/18 19:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{792BDDFE-2E7C-42ED-B18D-18154D2761BD}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{B347DFB4-AC21-11DD-9016-B77D55D89593}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\91YTP5BE.DEFAULT\EXTENSIONS\TOGGLEPRIVATEBROWSING@SUPERNOVA00.BIZ.XPI
[2012/03/05 09:23:34 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/18 19:50:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/21 14:01:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (Show Xmlbar Toolbar) - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files\Xmlbar\56 Downloader\IEBar\xbietb.dll (Xmlbar.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ModPS2] C:\WINDOWS\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GA311 Smart Wizard Utility.lnk = C:\Program Files\NETGEAR GA311 Adapter\GA311.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.co...English&ver=1.0 File not found
O9 - Extra Button: Run 56Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)
O9 - Extra 'Tools' menuitem : 56 Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79FA29D3-2724-4F82-866D-7B62D3F3C634}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/06 20:38:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{63de94e0-fbec-11e0-83e4-806d6172696f}\Shell\AutoRun\command - "" = F:\Info.exe folder.htt 480 480
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 23:37:46 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/04 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/04/04 14:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft
[2012/04/04 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\VERIZONDM
[2012/04/04 14:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/04/04 14:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2012/04/04 14:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/04/04 11:55:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Verizon
[2012/04/04 11:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2012/04/03 23:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/04/03 23:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2012/04/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2012/04/03 23:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/03 23:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/28 19:23:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/26 16:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2012/03/26 16:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/26 16:53:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/26 16:52:56 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/26 16:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/25 23:07:45 | 000,000,000 | ---D | C] -- C:\Program Files\1-Click YouTube Downloader
[2012/03/25 23:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\1-Click YouTube Downloader
[2012/03/25 01:22:13 | 000,000,000 | ---D | C] -- C:\YouTubeVideos
[2012/03/23 11:38:24 | 000,000,000 | ---D | C] -- C:\downloads
[2012/03/23 11:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\56 Downloader(xmlbar)
[2012/03/23 11:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xmlbar
[2012/03/12 01:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2012/01/14 21:22:39 | 000,048,128 | ---- | C] (DBS GmbH, Bremen-Germany) -- C:\Program Files\WNDTLS32.DLL
[2012/01/14 21:22:38 | 000,605,184 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLI32.DLL
[2012/01/14 21:22:38 | 000,238,080 | ---- | C] (DBS GmbH) -- C:\Program Files\TX4OLE.OCX
[2012/01/14 21:22:38 | 000,173,568 | ---- | C] (DFL Software, Inc.) -- C:\Program Files\LLO32.DLL
[2012/01/14 21:22:38 | 000,066,560 | ---- | C] (DBS GmbH) -- C:\Program Files\TXTLS32.DLL
[2011/10/20 14:45:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/08 08:13:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/07 23:37:49 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2012/04/05 12:04:52 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/05 12:04:48 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 11:57:42 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2012/04/04 11:55:42 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2012/04/04 11:55:42 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2012/04/04 11:55:29 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2012/04/04 11:54:54 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FiOS Information.lnk
[2012/04/04 11:54:53 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Install Verizon Media Manager.lnk
[2012/04/04 00:01:22 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
[2012/04/03 23:59:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/03 23:59:47 | 1064,882,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 23:58:13 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2012/03/27 17:45:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/25 23:16:00 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk
[2012/03/23 11:48:08 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2012/03/23 11:35:02 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\56 Downloader.lnk
[2012/03/18 15:43:05 | 000,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/18 15:43:05 | 000,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/18 10:06:25 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/18 09:52:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 11:55:42 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2012/04/04 11:55:42 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2012/04/04 11:55:29 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vz In-Home Agent.lnk
[2012/04/04 11:54:54 | 000,002,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FiOS Information.lnk
[2012/04/04 11:54:53 | 000,002,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Install Verizon Media Manager.lnk
[2012/04/03 23:58:13 | 000,001,756 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2012/03/28 19:31:21 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/27 17:45:48 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/03/25 23:16:00 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\1-Click YouTube Downloader.lnk
[2012/03/23 11:35:02 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\56 Downloader.lnk
[2012/01/14 21:22:40 | 000,244,984 | ---- | C] () -- C:\Program Files\TUTIL32.DLL
[2012/01/14 21:22:38 | 000,314,880 | ---- | C] () -- C:\Program Files\TX32.DLL
[2011/11/20 23:00:26 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2011/10/29 23:40:38 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2011/10/29 23:40:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2011/10/29 23:40:37 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2011/10/25 08:56:41 | 000,017,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\CCDECODE.sys
[2011/10/25 08:54:22 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/10/21 10:51:23 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/21 10:12:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/10/21 09:36:31 | 000,000,070 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2011/10/21 09:02:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/20 18:24:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/10/20 15:00:40 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2011/10/20 14:45:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2011/10/20 14:45:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2011/10/20 14:45:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2011/10/20 12:20:38 | 000,716,470 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2011/10/19 18:26:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/10/19 18:24:01 | 000,547,840 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2011/10/19 18:24:01 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2011/10/19 18:24:01 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2011/10/19 18:24:01 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2011/10/19 18:23:35 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2011/10/19 17:53:14 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011/10/19 15:09:24 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2011/10/19 15:09:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/10/19 15:09:09 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/10/19 15:09:08 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/10/19 15:09:04 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/10/19 15:08:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/10/19 15:08:53 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/10/19 15:08:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/10/19 15:08:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/10/19 15:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/10/19 15:06:27 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010/07/15 20:45:44 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== LOP Check ==========

[2011/10/30 18:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/11/20 23:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
[2012/04/04 14:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/04/08 08:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/11/05 11:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/10/21 14:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/10/19 18:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/10/25 08:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B7A015B7-4802-4678-8CEC-700380BA9AFD}
[2011/10/19 18:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/03/12 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2012/03/23 11:33:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\56 Downloader(xmlbar)
[2011/11/27 11:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Application Updater
[2012/03/26 20:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Auslogics
[2012/03/05 09:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DDMSettings
[2012/01/15 01:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DeepBurner
[2011/10/21 10:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FUJIFILM
[2011/10/19 18:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2012/04/04 11:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TechWizard
[2011/10/31 15:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Thunderbird
[2012/04/08 08:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2012/03/23 11:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2012/04/04 00:01:22 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

OTL Extras logfile created on: 4/8/2012 8:47:14 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 253.74 Mb Available Physical Memory | 24.99% Memory free
2.38 Gb Paging File | 1.47 Gb Available in Paging File | 61.64% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.88 Gb Total Space | 65.86 Gb Free Space | 45.77% Space Free | Partition Type: NTFS
Drive D: | 5.16 Gb Total Space | 1.79 Gb Free Space | 34.77% Space Free | Partition Type: FAT32
Drive F: | 27.94 Gb Total Space | 14.15 Gb Free Space | 50.65% Space Free | Partition Type: FAT32
Drive G: | 233.75 Gb Total Space | 202.90 Gb Free Space | 86.80% Space Free | Partition Type: NTFS

Computer Name: COMPUTER | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3282513949-1523809867-2825289854-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:FiOS Tech Wizard
"50000:UDP" = 50000:UDP:*:Enabled:IHA_MessageCenter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Disabled:Nero Home -- (Nero AG)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"G:\Program Files\uTorrent\uTorrent.exe" = G:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\VSO\VSO Downloader\2\VsoDownloader.exe" = C:\Program Files\VSO\VSO Downloader\2\VsoDownloader.exe:*:Enabled:VSO Downloader -- (VSO Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}" = Vz In Home Agent
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}" = IHA_MessageCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{581CE7EA-A30D-0000-1211-088635773309}" = IOGEAR 802.11 b+g Utility
"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347
"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.5.1.2
"{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Gigabit Adapter
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5DAFD10-6E61-49BF-B3C5-5AA9AF3A0863}" = Verizon Download Manager
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"1-Click YouTube Downloader_is1" = 1-Click YouTube Downloader 6.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Active@ Data CD/DVD Burner v 2.0" = Active@ Data CD/DVD Burner v 2.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"avast" = avast! Free Antivirus
"DivX Setup" = DivX Setup
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{DBD40476-78A4-4738-86B4-A5FB8807946D}" = NETGEAR GA311 Smart Wizard Utility
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xmlbar 56Downloader" = 56 Downloader(xmlbar)(remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2012 10:19:25 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 3.5.5.1, faulting module
showtime.exe, version 3.5.5.1, fault address 0x000a2e3c.

Error - 1/30/2012 10:20:40 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 1/30/2012 10:21:00 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 2/8/2012 3:36:03 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application i_view32.exe, version 4.3.0.0, faulting module
video.dll, version 4.3.0.0, fault address 0x0000267f.

Error - 2/8/2012 3:38:00 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application i_view32.exe, version 4.3.0.0, faulting module
video.dll, version 4.3.0.0, fault address 0x00003083.

Error - 2/22/2012 5:35:50 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 2/22/2012 5:36:01 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application formsmaker.exe, version 7.0.0.0, faulting module
kernel32.dll, version 5.1.2600.3119, fault address 0x00012a5b.

Error - 2/29/2012 4:23:08 PM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 3.5.5.1, faulting module
nevideo.ax, version 4.9.4.1, fault address 0x000738d0.

Error - 3/2/2012 11:08:13 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application showtime.exe, version 3.5.5.1, faulting module
nevideo.ax, version 4.9.4.1, fault address 0x000738d0.

Error - 3/8/2012 10:07:22 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application nero.exe, version 7.8.5.0, faulting module msvcp71.dll,
version 7.10.3077.0, fault address 0x0003040d.

[ System Events ]
Error - 11/14/2011 8:34:24 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/14/2011 8:34:24 AM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 11/21/2011 2:49:49 AM | Computer Name = COMPUTER | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.11 for the Network Card with network
address E091F5A0276A has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 April 2012 - 01:08 AM

Step 1

Please uninstall µTorrent, because of our rules:
http://forums.malwar...showtopic=97700


Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {DC6A1391-C464-47F9-89A6-8204B5926FEE}
    IE - HKU\S-1-5-21-3282513949-1523809867-2825289854-1003\..\SearchScopes,DefaultScope = {BC4AF00B-4E70-406E-84C4-6311F39303B2}
    FF - prefs.js..browser.startup.homepage: "http://www.btsearch.name/"
    [2012/03/25 22:57:55 | 000,000,000 | ---D | M] ("Torrent") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com
    O8 - Extra context menu item: &Xmlbar Search - http://www.xmlbar.com/iebar/iemenu.php?lang=English&ver=1.0 File not found
    O9 - Extra Button: Run 56Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)
    O9 - Extra 'Tools' menuitem : 56 Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe (Xmlbar.com, Inc.)
    [2012/04/04 18:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2012/03/23 11:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Xmlbar
    [2011/10/20 14:45:33 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
    [2011/10/20 14:45:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
    [2011/10/20 14:45:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
    [2012/04/08 08:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 09 April 2012 - 11:24 AM

I did as you asked (deleted UTorrent), and then followed your directions for the scan (copy and paste) however, the scan stopped and the following 'bubble' appeared:
MBAMService terminated unexpectedly: see Event Log for details.
But the computer was frozen (locked up). Everything on the desktop disappeared except the desktop background picture, the OTL screen and MBAM message. I re-booted and tried again with the same results.
What am I doing wrong?

Jay

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 April 2012 - 11:30 AM

What am I doing wrong?


There is a problem with Malwarebytes' Anti-Malware Protection Module, it is not your fault. Right click on Malwarebytes' Anti-Malware icon in System Tray and click use Exit to turn it off for awhile.

Then try again.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 09 April 2012 - 07:06 PM

Thank you for being so patient, Maniac.
O.K., I 'Exited' Malwarebytes and retried OTL (copy & paste, etc). It's been over three hours and is still saying
Killing processes. DO NOT INTERRUPT...
But, it has not displayed the MBAMService terminated unexpectedly... message. Does it take this long or should I reboot and try again?
I'm sorry I don't understand computers better to help your assistance.

Jay

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 10 April 2012 - 10:14 AM

Let's try another way. Boot in Safe Mode and try again.
http://www.microsoft...t_failsafe.mspx
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 13 April 2012 - 12:55 PM

It worked! Thank you for your help, Maniac.

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 13 April 2012 - 04:05 PM

Where is your log file? Do you still with me? We have work to do.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 14 April 2012 - 10:29 PM

Is this it?

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3282513949-1523809867-2825289854-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "http://www.btsearch.name/" removed from browser.startup.homepage
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\locale folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome\components folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\extensions\MFToolbar@skywebsearch.com folder moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Xmlbar Search\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.
C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{612F6E5C-B314-4bab-93D1-D266AAFBE700}\ not found.
File C:\Program Files\Xmlbar\56 Downloader\56Downloader(xmlbar).exe not found.
Folder C:\Program Files\uTorrent\ not found.
C:\Program Files\Xmlbar\56 Downloader\sounds folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\language folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar\config\defaults folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar\config\Chinese Simplified folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar\config folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\IEBar folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader\config folder moved successfully.
C:\Program Files\Xmlbar\56 Downloader folder moved successfully.
C:\Program Files\Xmlbar folder moved successfully.
C:\Documents and Settings\Owner\Application Data\inst.exe moved successfully.
C:\Documents and Settings\Owner\Application Data\pcouffin.cat moved successfully.
C:\Documents and Settings\Owner\Application Data\pcouffin.inf moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\ie folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\dlimagecache folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\Cache folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent\apps folder moved successfully.
C:\Documents and Settings\Owner\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 589084 bytes
->Temporary Internet Files folder emptied: 42837481 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49848754 bytes
->Flash cache emptied: 26 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 89.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.39.2 log created on 04102012_133210

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 April 2012 - 03:54 AM

Yes, the same one.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 15 April 2012 - 01:17 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1aa40d1ebe1faa4ea132c0de212e852c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-15 05:11:39
# local_time=2012-04-15 01:11:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=105139
# found=6
# cleaned=6
# scan_time=2787
C:\Documents and Settings\Owner\My Documents\Downloads\cnet2_MozillaRestorer_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Setups\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Setups\YouTubeDownloaderSetup27.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
F:\Downloads\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\System Volume Information\_restore{39C571A2-5C6A-433B-8AC6-DBD815F09639}\RP6\A0000404.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
F:\Setups\Programs\registrybooster.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 April 2012 - 06:08 AM

Any progress?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 16 April 2012 - 06:00 PM

Yes. The 'btsearch.name' has disappeared. Mozilla now has its' regular homepage.The balloons/bubbles that say Malwarebytes has stopped an "incoming"/"outgoing" threat are still showing up, but not as frequently. Is that O.K.?
I will add that I am not the only one using this computer in the house (only recently took possesion of it). I have stopped all other users for the duration of this issue (and maybe beyond). I assume that it will help to not have a bunch of people doing things that I can't control.

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 April 2012 - 05:39 AM

Thanks for letting me know!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 17 April 2012 - 04:31 PM

Is this it?

ComboFix 12-04-17.01 - Owner 04/17/2012 17:09:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.505 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\vso_ts_preview.xml
c:\documents and settings\Owner\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Thumbs.db
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-15 16:21 . 2012-04-15 16:21 -------- d-----w- c:\program files\ESET
2012-04-13 21:54 . 2012-04-15 03:17 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2012-04-09 12:52 . 2012-04-10 17:47 -------- d-----w- C:\_OTL
2012-04-08 03:37 . 2012-04-08 03:37 593920 ----a-w- c:\program files\OTL.exe
2012-04-04 18:29 . 2012-04-04 18:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft
2012-04-04 18:29 . 2012-04-04 18:29 -------- d-----w- c:\program files\VERIZONDM
2012-04-04 18:29 . 2012-04-04 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2012-04-04 18:28 . 2012-04-04 18:29 -------- d-----w- c:\program files\Common Files\SupportSoft
2012-04-04 18:21 . 2012-04-04 18:21 -------- d-----w- c:\windows\Sun
2012-04-04 15:55 . 2012-04-04 15:55 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2012-04-04 15:55 . 2012-04-04 15:55 256 ----a-w- c:\windows\system32\MSIevent.bat
2012-04-04 15:51 . 2012-04-04 15:55 -------- d-----w- c:\documents and settings\Owner\Application Data\TechWizard
2012-04-04 03:51 . 2012-04-04 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-04 03:51 . 2012-04-06 03:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-04 03:51 . 2012-04-04 03:51 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2012-04-04 03:50 . 2012-04-04 03:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-28 23:31 . 2012-04-14 18:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 20:53 . 2012-03-26 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-03-26 20:53 . 2012-03-26 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-03-26 20:52 . 2012-04-10 11:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-26 20:52 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 03:07 . 2012-03-26 03:13 -------- d-----w- c:\program files\1-Click YouTube Downloader
2012-03-25 05:22 . 2012-03-26 12:29 -------- d-----w- C:\YouTubeVideos
2012-03-23 15:38 . 2012-03-26 12:28 -------- d-----w- C:\downloads
2012-03-23 15:33 . 2012-03-23 15:33 -------- d-----w- c:\documents and settings\Owner\Application Data\56 Downloader(xmlbar)
2012-03-18 23:50 . 2012-03-18 23:50 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 23:50 . 2012-03-18 23:50 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 18:13 . 2012-01-07 00:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-06 23:15 . 2011-10-30 22:45 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-10-30 22:45 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-10-30 22:45 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-10-30 22:45 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2011-10-30 22:45 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-06 23:01 . 2011-10-30 22:45 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-10-30 22:45 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-03-06 23:01 . 2011-10-30 22:45 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-03-06 23:01 . 2011-10-30 22:45 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-06 22:58 . 2011-10-30 22:45 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-02-24 23:19 . 2011-10-19 22:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-24 23:19 . 2011-11-08 13:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-12 23:17 . 2011-10-20 18:45 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-02-12 23:17 . 2011-10-20 18:45 47360 ----a-w- c:\documents and settings\Owner\Application Data\pcouffin.sys
1998-07-20 07:47 . 2012-01-15 01:22 605184 ----a-w- c:\program files\LLI32.DLL
1998-07-20 07:47 . 2012-01-15 01:22 173568 ----a-w- c:\program files\LLO32.DLL
1998-06-09 02:00 . 2012-01-15 01:22 244984 ----a-w- c:\program files\TUTIL32.DLL
1997-07-23 11:01 . 2012-01-15 01:22 314880 ----a-w- c:\program files\TX32.DLL
1997-07-21 23:11 . 2012-01-15 01:22 238080 ----a-w- c:\program files\TX4OLE.OCX
1997-07-21 07:31 . 2012-01-15 01:22 66560 ----a-w- c:\program files\TXTLS32.DLL
1997-07-21 07:22 . 2012-01-15 01:22 48128 ----a-w- c:\program files\WNDTLS32.DLL
2012-03-18 23:50 . 2011-10-30 21:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 16132608]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 58928]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-12-25 270336]
ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\IOGEAR_802.11g_Utility\ZDWlan.exe [2011-10-29 487424]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\VSO\\VSO Downloader\\2\\VsoDownloader.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/30/2011 6:45 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/30/2011 6:45 PM 337880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/30/2011 6:45 PM 20696]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [12/25/2003 7:53 PM 8440]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/26/2012 4:53 PM 654408]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 8:45 PM 35088]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [12/1/2011 6:11 AM 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [12/1/2011 6:11 AM 185640]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [12/25/2003 7:53 PM 11237]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/26/2012 4:52 PM 22344]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [10/20/2011 2:45 PM 47360]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [12/12/2011 11:03 AM 290832]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/28/2012 7:31 PM 253088]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [10/19/2011 5:49 PM 69692]
S3 xcbdaNtsc;ASUS PHC3-100 (NTSC);c:\windows\system32\drivers\xcbda.sys [10/25/2011 8:54 AM 157568]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 18:13]
.
2012-04-15 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Windows Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2011-11-12 15:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.search.yahoo.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=EM&Loc=ENG_US&Sys=DTP&M=W3650
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\91ytp5be.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{6B896ADB-4A82-46e2-858C-13134782CE34} - c:\program files\Xmlbar\56 Downloader\IEBar\xbietb.dll
AddRemove-uTorrent - g:\program files\uTorrent\uTorrent.exe
AddRemove-Xmlbar 56Downloader - c:\program files\Xmlbar\56 Downloader\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-17 17:14
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2012-04-17 17:16:17
ComboFix-quarantined-files.txt 2012-04-17 21:16
.
Pre-Run: 76,858,933,248 bytes free
Post-Run: 76,819,906,560 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 002A7C4B8D372FFB0B4F64869E5DF6D0

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 April 2012 - 02:31 AM

What about now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 superhawk

superhawk

    New Member

  • Members
  • Pip
  • 28 posts

Posted 18 April 2012 - 05:38 PM

No change. Mozilla is still keeping it's correct homepage, but there are still balloons saying that Malwarebytes is successfully blocking access to a potentially malicious website (incoming/outgoing) However, they don't seem to show up as often.
I'm not that familiar with how Malwarbytes works. Is this 'notice' what it's supposed to do? Do I ignore them?

#20 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 April 2012 - 06:31 AM

We should the find the source of the problem, not to ignore the problem. This happens only when you open your web browser right?

Please locate and manually delete this folder:
c:\documents and settings\Owner\Application Data\56 Downloader(xmlbar)

Reboot and check again.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users