Jump to content


Photo
- - - - -

Infected with http://websearch.pu-results.info unable to remove


  • This topic is locked This topic is locked
17 replies to this topic

#1 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 01:21 PM

Please need to get rid of http://websearch.pu-results.info

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by SUMEDIC1 at 13:54:31 on 2013-05-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.158 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\PLFSetL.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\SUMEDIC1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN&cc=PR
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: continnuetosavve: {6A71DF0A-B068-7F1C-6C00-3F85427A6581} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: continnuetosavve: {9083FFB5-ACF4-8412-D363-A147474467C5} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Searcchh-NyeewTab: {F2A410B2-8D94-9D1A-987B-2574F04B4A56} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\sumedic1\startm~1\programs\startup\stream~1.0\stream~1.lnk - c:\program files\streamtorrent 1.0\StreamTorrent.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243629184048
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2A8F26B4-B3D9-4F60-9E77-6D24065DFC7F} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{68975139-BDB1-4842-8AE5-870B148F79E5} : NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs= c:\progra~1\contin~1\sprote~1.dll c:\progra~1\websea~1\sprote~1.dll
Hosts: 127.94.0.1 client.openvpn.net
Hosts: 127.94.0.2 openvpn-client.us.shieldexchange.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sumedic1\application data\mozilla\firefox\profiles\11427b8p.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN&cc=PR&l=1&q=
FF - prefs.js: keyword.URL - hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN&cc=PR&l=1&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\sumedic1\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: !HIDDEN! 2009-11-25 18:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2009-4-7 94048]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2009-4-7 159712]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2009-4-7 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-9-26 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-11-14 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-5 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-5 701512]
R2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files\openvpn technologies\openvpn client\core\capiws.exe [2011-3-23 24064]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2013-1-14 769920]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesService32.exe [2012-8-23 1532280]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-5 22856]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2011-3-23 26112]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\avg\avg pc tuneup\TuneUpUtilitiesDriver32.sys [2012-7-4 10088]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-3-24 96856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-5-5 40776]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-05-05 16:03:02 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2013-05-05 15:11:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-05-05 14:44:42 -------- d-----w- c:\documents and settings\sumedic1\application data\Malwarebytes
2013-05-05 14:44:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-05-05 14:44:16 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-05 14:44:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-05 05:18:41 110080 ----a-r- c:\documents and settings\sumedic1\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconF7A21AF7.exe
2013-05-05 05:18:41 110080 ----a-r- c:\documents and settings\sumedic1\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconD7F16134.exe
2013-05-05 05:18:41 110080 ----a-r- c:\documents and settings\sumedic1\application data\microsoft\installer\{0ac0f1b2-61c7-4b6e-acef-58fcc0b94835}\IconCF33A0CE.exe
2013-05-05 05:18:26 -------- d-----w- C:\sh4ldr
2013-05-05 05:18:26 -------- d-----w- c:\program files\Enigma Software Group
2013-05-05 05:17:22 -------- d-----w- c:\windows\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-05-05 05:17:12 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-05-05 03:44:54 -------- d-----w- c:\documents and settings\all users\application data\Searcchh-NyeewTab
2013-05-05 03:44:51 -------- d-----w- c:\documents and settings\all users\application data\StarApp
2013-05-05 03:44:34 -------- d-----w- c:\program files\WebSearch
2013-05-05 03:43:57 -------- d-----w- c:\documents and settings\all users\application data\BetterSoft
2013-05-05 03:37:55 -------- d-----w- c:\program files\ContinueToSave
2013-05-05 03:37:36 -------- d-----w- c:\documents and settings\all users\application data\continnuetosavve
2013-05-05 03:36:26 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-04-19 17:31:36 -------- d-----w- c:\windows\pss
2013-04-12 23:33:25 32120 ----a-w- c:\windows\system32\TURegOpt.exe
2013-04-12 23:32:43 -------- d-----w- c:\documents and settings\sumedic1\application data\AVG
2013-04-12 23:31:25 -------- d-----w- c:\documents and settings\all users\application data\AVG
2013-04-12 23:31:03 -------- d-sh--w- c:\documents and settings\all users\application data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-12 00:51:04 26520 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
.
==================== Find3M ====================
.
2013-04-26 03:14:07 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-26 03:14:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08:47 385024 ----a-w- c:\windows\system32\html.iec
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
============= FINISH: 14:00:53.56 ===============


ATTACH


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/7/2009 7:55:50 PM
System Uptime: 5/5/2013 1:18:04 PM (1 hours ago)
.
Motherboard: Acer | |
Processor: Intel® Atom™ CPU N270 @ 1.60GHz | CPU | 1324/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 144 GiB total, 122.001 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP565: 2/4/2013 8:37:50 PM - System Checkpoint
RP566: 2/5/2013 11:37:18 PM - System Checkpoint
RP567: 2/7/2013 12:02:31 AM - System Checkpoint
RP568: 2/8/2013 12:41:29 AM - System Checkpoint
RP569: 2/9/2013 12:43:22 AM - System Checkpoint
RP570: 2/10/2013 1:43:16 AM - System Checkpoint
RP571: 2/11/2013 2:43:22 AM - System Checkpoint
RP572: 2/12/2013 3:33:15 AM - System Checkpoint
RP573: 2/13/2013 3:01:26 AM - Software Distribution Service 3.0
RP574: 2/14/2013 8:44:34 PM - System Checkpoint
RP575: 2/15/2013 9:48:21 PM - System Checkpoint
RP576: 2/16/2013 11:08:03 PM - System Checkpoint
RP577: 2/17/2013 11:41:31 PM - System Checkpoint
RP578: 2/19/2013 12:26:47 AM - System Checkpoint
RP579: 2/20/2013 12:48:49 AM - System Checkpoint
RP580: 2/24/2013 12:20:43 AM - System Checkpoint
RP581: 2/25/2013 11:38:18 PM - System Checkpoint
RP582: 2/27/2013 12:01:58 AM - System Checkpoint
RP583: 3/1/2013 8:34:00 PM - System Checkpoint
RP584: 3/2/2013 11:32:39 PM - System Checkpoint
RP585: 3/3/2013 11:59:25 PM - System Checkpoint
RP586: 3/5/2013 12:22:26 AM - System Checkpoint
RP587: 3/9/2013 4:40:06 PM - System Checkpoint
RP588: 3/12/2013 8:34:19 PM - System Checkpoint
RP589: 3/16/2013 3:42:57 PM - Software Distribution Service 3.0
RP590: 3/17/2013 4:39:28 PM - System Checkpoint
RP591: 3/18/2013 11:33:02 PM - System Checkpoint
RP592: 3/19/2013 11:58:22 PM - System Checkpoint
RP593: 3/23/2013 3:50:14 PM - System Checkpoint
RP594: 3/24/2013 3:00:29 AM - Software Distribution Service 3.0
RP595: 3/25/2013 1:47:48 PM - Avg8 Update
RP596: 3/26/2013 4:08:37 PM - System Checkpoint
RP597: 3/27/2013 4:41:24 PM - System Checkpoint
RP598: 3/27/2013 7:27:11 PM - Installed AVG 2013
RP599: 3/27/2013 7:28:37 PM - Installed AVG 2013
RP600: 3/28/2013 4:44:43 PM - Software Distribution Service 3.0
RP601: 3/29/2013 5:33:33 PM - System Checkpoint
RP602: 3/30/2013 7:23:22 PM - System Checkpoint
RP603: 3/31/2013 9:05:27 PM - System Checkpoint
RP604: 4/2/2013 6:29:06 PM - System Checkpoint
RP605: 4/3/2013 9:46:51 PM - System Checkpoint
RP606: 4/4/2013 11:17:53 PM - System Checkpoint
RP607: 4/7/2013 9:44:57 PM - System Checkpoint
RP608: 4/10/2013 11:30:44 AM - Software Distribution Service 3.0
RP609: 4/12/2013 7:31:51 PM - Installed AVG PC TuneUp
RP610: 4/23/2013 5:33:47 PM - System Checkpoint
RP611: 4/24/2013 8:58:14 PM - System Checkpoint
RP612: 4/26/2013 6:34:59 PM - System Checkpoint
RP613: 4/27/2013 8:48:04 PM - System Checkpoint
RP614: 4/28/2013 10:16:59 PM - System Checkpoint
RP615: 4/29/2013 11:45:41 PM - System Checkpoint
RP616: 5/5/2013 1:18:10 AM - Installed SpyHunter
.
==== Installed Programs ======================
.
Acer Crystal Eye webcam
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Bonjour
continnuetosavve
ContinueToSave 1.74
Data Lifeguard Diagnostic for Windows 1.24
Dropbox
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iLivid
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java™ 6 Update 37
Java™ 6 Update 7
JMicron JMB38X Flash Media Controller
Launch Manager
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird (7.0.1)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenVPN Connect
OptimizerPro
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Searcchh-NyeewTab
Search Assistant WebSearch 1.74
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpyHunter
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
XnView 1.96
.
==== Event Viewer Messages From Past Week ========
.
4/28/2013 12:49:51 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 01:30 PM

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>Please stick with me until I give you the "all clear".


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)


Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 01:46 PM

ogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : SUMEDIC1 [Admin rights]
Mode : Remove -- Date : 05/05/2013 12:14:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[BLPATH] OptimizerPro.exe -- C:\Documents and Settings\All Users\Application Data\BetterSoft\OptimizerPro\OptimizerPro.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{68975139-BDB1-4842-8AE5-870B148F79E5} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{68975139-BDB1-4842-8AE5-870B148F79E5} : NameServer (8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1) -> NOT REMOVED, USE DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[50] : NtCreateSection @ 0x8056DB66 -> HOOKED (\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys @ 0xF7C27700)

¤¤¤ Infection : Rogue.ProgFiles ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.94.0.1 client.openvpn.net
127.94.0.2 openvpn-client.us.shieldexchange.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543216L9A300 +++++
--- User ---
[MBR] 7cb3943294ecd87e39cd94dc8f24b530
[BSP] 0639599f9f10526a8845373803eb7b9b : Acer MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 147628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_D_05052013_02d1214.txt >>
RKreport[1]_S_05052013_02d1206.txt ; RKreport[2]_D_05052013_02d1208.txt ; RKreport[3]_D_05052013_02d1209.txt ; RKreport[4]_S_05052013_02d1212.txt ; RKreport[5]_D_05052013_02d1213.txt ;
RKreport[6]_D_05052013_02d1214.txt

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 02:01 PM

Did you install --->OptimizerPro?

--------------------------------------

I see Firefox and IE are being affected, any other browser?

---------------------------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 02:20 PM

No idea what OptimizerPro........!! Don't think I installed

Chrome has affected too....is the main browser I use.



# AdwCleaner v2.300 - Logfile created 05/05/2013 at 15:15:35
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : SUMEDIC1 - ACER-6E40E97492
# Boot Mode : Normal
# Running from : C:\Documents and Settings\SUMEDIC1\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\searchplugins\WebSearch.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\Documents and Settings\All Users\Application Data\BetterSoft
Folder Found : C:\Documents and Settings\All Users\Application Data\continnuetosavve
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Searcchh-NyeewTab
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\continnuetosavve
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Ilivid
Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\Searcchh-NyeewTab
Folder Found : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\calkabijppolfijhkopiickpeefmknff
Folder Found : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcopnlhadlbjjfeabjpjoonhnjfbijem
Folder Found : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\PackageAware
Folder Found : C:\Program Files\continuetosave
Folder Found : C:\Program Files\Ilivid
Folder Found : C:\Program Files\WebSearch

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\contin~1\sprote~1.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A71DF0A-B068-7F1C-6C00-3F85427A6581}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2A410B2-8D94-9D1A-987B-2574F04B4A56}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A71DF0A-B068-7F1C-6C00-3F85427A6581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F2A410B2-8D94-9D1A-987B-2574F04B4A56}
Key Found : HKLM\SOFTWARE\Classes\ilivid
Key Found : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A71DF0A-B068-7F1C-6C00-3F85427A6581}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2A410B2-8D94-9D1A-987B-2574F04B4A56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN&cc=PR

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("browser.search.defaultenginename", "WebSearch");
Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Found : user_pref("browser.search.order.1", "WebSearch");
Found : user_pref("browser.search.order.1,S", "WebSearch");
Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Found : user_pref("extensions.5185d3f17e22e.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.5185d5155afeb.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");
Found : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=2[...]
Found : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN[...]
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7529 octets] - [05/05/2013 15:15:35]

########## EOF - C:\AdwCleaner[R1].txt - [7589 octets] ##########

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 02:29 PM

I didn't think so, please uninstall it from your add/remove programs: OptimizerPro

-------------------------------

Lots of adware found....lets clear it out.....
  • Please re-run AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK if asked.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Then......

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassoci...T-Tools/OTL.exe
http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.
Double click on the icon on your desktop.
Click the Scan All Users checkbox.
Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 02:52 PM

# AdwCleaner v2.300 - Logfile created 05/05/2013 at 15:40:28
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : SUMEDIC1 - ACER-6E40E97492
# Boot Mode : Normal
# Running from : C:\Documents and Settings\SUMEDIC1\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\calkabijppolfijhkopiickpeefmknff
Deleted on reboot : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dcopnlhadlbjjfeabjpjoonhnjfbijem
File Deleted : C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\Documents and Settings\All Users\Application Data\continnuetosavve
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Searcchh-NyeewTab
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\continnuetosavve
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Ilivid
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Searcchh-NyeewTab
Folder Deleted : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\continuetosave
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\Program Files\WebSearch

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\contin~1\sprote~1.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\websea~1\sprote~1.dll
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A71DF0A-B068-7F1C-6C00-3F85427A6581}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2A410B2-8D94-9D1A-987B-2574F04B4A56}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A71DF0A-B068-7F1C-6C00-3F85427A6581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F2A410B2-8D94-9D1A-987B-2574F04B4A56}
Key Deleted : HKLM\SOFTWARE\Classes\ilivid
Key Deleted : HKLM\Software\Classes\Installer\Features\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A71DF0A-B068-7F1C-6C00-3F85427A6581}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2A410B2-8D94-9D1A-987B-2574F04B4A56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN&cc=PR --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.5185d3f17e22e.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.5185d5155afeb.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=2[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=724&r=2013/05/05&hid=292155183&lg=EN[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7658 octets] - [05/05/2013 15:15:35]
AdwCleaner[S1].txt - [7595 octets] - [05/05/2013 15:40:28]

########## EOF - C:\AdwCleaner[S1].txt - [7655 octets] ##########

#8 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 03:20 PM

OTL logfile created on: 5/5/2013 3:54:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SUMEDIC1\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.88 Mb Total Physical Memory | 135.33 Mb Available Physical Memory | 13.37% Memory free
2.37 Gb Paging File | 1.29 Gb Available in Paging File | 54.44% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 122.02 Gb Free Space | 84.64% Space Free | Partition Type: NTFS

Computer Name: ACER-6E40E97492 | User Name: SUMEDIC1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/05 15:53:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SUMEDIC1\My Documents\Downloads\OTL.exe
PRC - [2013/04/09 04:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/14 21:33:34 | 006,320,000 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2013/01/14 21:33:14 | 000,769,920 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/11/21 19:59:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/11/21 19:58:23 | 000,374,704 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
PRC - [2012/08/23 11:31:24 | 001,222,008 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/03/23 17:34:50 | 000,033,280 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
PRC - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2008/08/15 13:58:44 | 000,212,992 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Documents and Settings\SUMEDIC1\Local Settings\Temp\RtkBtMnt.exe
PRC - [2008/05/22 14:30:16 | 000,425,984 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2008/05/13 23:14:34 | 000,821,768 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\QtZgAcer.EXE
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/05 15:35:54 | 000,094,208 | ---- | M] (sonix) -- C:\WINDOWS\PLFSetL.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/23 17:34:50 | 000,720,896 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
MOD - [2011/03/23 17:34:50 | 000,585,728 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\unicodedata.pyd
MOD - [2011/03/23 17:34:50 | 000,354,304 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pythoncom26.dll
MOD - [2011/03/23 17:34:50 | 000,286,208 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
MOD - [2011/03/23 17:34:50 | 000,265,728 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32com.shell.shell.pyd
MOD - [2011/03/23 17:34:50 | 000,167,424 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32gui.pyd
MOD - [2011/03/23 17:34:50 | 000,153,088 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
MOD - [2011/03/23 17:34:50 | 000,112,128 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
MOD - [2011/03/23 17:34:50 | 000,110,080 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
MOD - [2011/03/23 17:34:50 | 000,110,080 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
MOD - [2011/03/23 17:34:50 | 000,096,768 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
MOD - [2011/03/23 17:34:50 | 000,073,728 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
MOD - [2011/03/23 17:34:50 | 000,053,248 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
MOD - [2011/03/23 17:34:50 | 000,040,960 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
MOD - [2011/03/23 17:34:50 | 000,040,448 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
MOD - [2011/03/23 17:34:50 | 000,039,424 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
MOD - [2011/03/23 17:34:50 | 000,035,840 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
MOD - [2011/03/23 17:34:50 | 000,033,280 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe
MOD - [2011/03/23 17:34:50 | 000,027,648 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
MOD - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
MOD - [2011/03/23 17:34:50 | 000,023,552 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
MOD - [2011/03/23 17:34:50 | 000,022,528 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32ts.pyd
MOD - [2011/03/23 17:34:50 | 000,019,968 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
MOD - [2011/03/23 17:34:50 | 000,017,408 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
MOD - [2011/03/23 17:34:50 | 000,011,776 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\select.pyd
MOD - [2011/03/23 17:34:50 | 000,010,240 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
MOD - [2011/03/23 17:34:50 | 000,007,680 | ---- | M] () -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
MOD - [2007/04/06 00:56:30 | 000,356,352 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006/01/12 08:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/25 23:14:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/11 20:51:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/14 21:33:14 | 000,769,920 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/11/21 19:59:12 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/11/21 19:58:23 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/23 11:31:24 | 001,532,280 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/03/23 17:34:50 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/05/05 12:03:02 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2013/05/05 11:11:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/21 19:58:26 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/07/04 15:26:12 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/06/22 11:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/05/06 15:57:10 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/03/23 17:20:32 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapoas.sys -- (tapoas)
DRV - [2008/08/07 06:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/07 21:16:26 | 000,096,856 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/05/20 20:31:26 | 001,312,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/05/20 05:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/10/01 17:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2005/01/13 13:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\..\SearchScopes\{590A682C-86DF-46D2-BAB0-9A0A949B3ABC}: "URL" = http://www.google.co...ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: es-es%40dictionaries.addons.mozilla.org:1.5
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: es-es@dictionaries.addons.mozilla.org:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.100
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/04/11 20:51:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/04/11 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/01/12 18:06:48 | 000,000,000 | ---D | M]

[2009/04/07 20:31:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Extensions
[2013/05/05 01:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\extensions
[2010/05/08 14:48:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/11 17:50:06 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\extensions\es-es@dictionaries.addons.mozilla.org
[2011/03/24 16:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\SUMEDIC1\Application Data\Mozilla\Firefox\Profiles\11427b8p.default\extensions\nostmp
[2013/04/11 20:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/11 20:50:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/21 20:24:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013/04/11 20:51:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/08 17:50:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 20:07:46 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: continnuetosavve = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmockkkehclemmjnifmamkllncopmjpj\1\
CHR - Extension: Gmail = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/05/18 20:57:06 | 000,000,904 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.94.0.1 client.openvpn.net
O1 - Hosts: 127.94.0.2 openvpn-client.us.shieldexchange.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (continnuetosavve) - {9083FFB5-ACF4-8412-D363-A147474467C5} - C:\Documents and Settings\All Users\Application Data\continnuetosavve\5185d3f17e316.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
O4 - Startup: C:\Documents and Settings\SUMEDIC1\Start Menu\Programs\Startup\StreamTorrent 1.0 [2013/01/04 22:28:52 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1783393844-3669122764-1182378568-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1243629184048 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A8F26B4-B3D9-4F60-9E77-6D24065DFC7F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68975139-BDB1-4842-8AE5-870B148F79E5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/15 13:37:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{fd098d89-23d0-11de-bd45-00234e77722f}\Shell\AutoRun\command - "" = D:\tmpdata\tmpdata.exe
O33 - MountPoints2\{fd098d89-23d0-11de-bd45-00234e77722f}\Shell\explore\command - "" = D:\tmpdata\tmpdata.exe
O33 - MountPoints2\{fd098d89-23d0-11de-bd45-00234e77722f}\Shell\open\command - "" = D:\tmpdata\tmpdata.exe
O33 - MountPoints2\{fd098d89-23d0-11de-bd45-00234e77722f}\Shell\search\command - "" = D:\tmpdata\tmpdata.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/05 13:54:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/05/05 13:54:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUMEDIC1\My Documents\My Videos
[2013/05/05 13:54:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\SUMEDIC1\Start Menu\Programs\Administrative Tools
[2013/05/05 11:11:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/05/05 10:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUMEDIC1\Application Data\Malwarebytes
[2013/05/05 10:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/05 10:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/05/05 10:44:16 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/05/05 10:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/05 01:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUMEDIC1\Start Menu\Programs\SpyHunter
[2013/05/05 01:18:26 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/05/05 01:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/05/05 01:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/05/04 23:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\StarApp
[2013/04/19 13:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/04/19 13:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/04/12 19:33:25 | 000,032,120 | ---- | C] (AVG) -- C:\WINDOWS\System32\TURegOpt.exe
[2013/04/12 19:33:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp
[2013/04/12 19:32:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SUMEDIC1\Application Data\AVG
[2013/04/12 19:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/04/12 19:31:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/04/11 20:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/10 11:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/05 16:13:01 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1783393844-3669122764-1182378568-1006UA.job
[2013/05/05 15:44:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/05 15:44:04 | 1061,105,664 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/05 15:35:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/05 12:03:02 | 000,015,616 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/05/05 11:11:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/05/05 10:44:22 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/05 01:18:40 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Desktop\SpyHunter.lnk
[2013/05/04 22:43:05 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{479C7E99-7F92-404A-A968-D4AB250DDB21}.job
[2013/05/04 22:37:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/29 22:13:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1783393844-3669122764-1182378568-1006Core.job
[2013/04/19 13:37:56 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/04/12 19:33:16 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/04/12 19:33:16 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 1-Click Maintenance.lnk
[2013/04/12 19:33:16 | 000,001,733 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp.lnk
[2013/04/10 11:45:25 | 000,359,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/10 11:39:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/04/10 11:19:34 | 000,002,331 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/10 11:19:33 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\SUMEDIC1\Desktop\Google Chrome.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/05 12:03:02 | 000,015,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2013/05/05 10:44:22 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/05 01:18:40 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\SUMEDIC1\Desktop\SpyHunter.lnk
[2013/04/12 19:33:16 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\SUMEDIC1\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC TuneUp.lnk
[2013/04/12 19:33:16 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 1-Click Maintenance.lnk
[2013/04/12 19:33:16 | 000,001,733 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG PC TuneUp.lnk
[2013/04/12 19:33:04 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC TuneUp.lnk
[2012/06/22 11:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\ESGScanner.sys
[2012/06/22 11:01:32 | 000,019,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\EsgScanner.sys
[2012/02/16 19:52:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/02 21:14:14 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== ZeroAccess Check ==========

[2008/08/15 13:44:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 23:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 23:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/01/12 18:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/04/12 19:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/03/27 19:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/03/27 19:25:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/05/05 11:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2013/05/05 08:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/12/11 21:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2013/05/04 23:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\StarApp
[2011/10/24 21:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/12 19:31:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/03/27 20:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\TuneUp Software
[2013/04/19 13:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2013/04/12 19:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\AVG
[2013/03/27 19:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\AVG2013
[2013/04/12 19:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\Dropbox
[2009/04/08 13:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\OpenOffice.org
[2013/01/04 22:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\StreamTorrent
[2011/10/19 12:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\Thunderbird
[2013/03/27 19:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\TuneUp Software
[2013/02/11 11:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\SUMEDIC1\Application Data\XnView

========== Purity Check ==========



< End of report >

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 03:30 PM

Looks pretty good, what browsers are still being affected?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 03:36 PM

OTL Extras logfile created on: 5/5/2013 3:54:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\SUMEDIC1\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.88 Mb Total Physical Memory | 135.33 Mb Available Physical Memory | 13.37% Memory free
2.37 Gb Paging File | 1.29 Gb Available in Paging File | 54.44% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.17 Gb Total Space | 122.02 Gb Free Space | 84.64% Space Free | Partition Type: NTFS

Computer Name: ACER-6E40E97492 | User Name: SUMEDIC1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1783393844-3669122764-1182378568-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe" = C:\Program Files\OpenVPN Technologies\OpenVPN Client\core\ovpntray.exe:*:Enabled:ovpntray -- ()
"C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\SUMEDIC1\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\SUMEDIC1\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\SUMEDIC1\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0AC0F1B2-61C7-4B6E-ACEF-58FCC0B94835}" = SpyHunter
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F1477EB-0DFE-424E-909A-DFEE5AFEF101}" = OpenVPN Connect
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"AVG PC TuneUp" = AVG PC TuneUp
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"SP_09b71135" = ContinueToSave 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"XnView_is1" = XnView 1.96

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1783393844-3669122764-1182378568-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2013 12:04:07 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3705110

Error - 3/24/2013 12:04:10 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/24/2013 12:04:10 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3707157

Error - 3/24/2013 12:04:10 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3707157

Error - 3/24/2013 12:04:14 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/24/2013 12:04:14 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3711157

Error - 3/24/2013 12:04:14 PM | Computer Name = ACER-6E40E97492 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3711157

Error - 4/19/2013 1:31:45 PM | Computer Name = ACER-6E40E97492 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 20.0.1.4847, faulting
module mozalloc.dll, version 20.0.1.4847, fault address 0x0000199f.

Error - 5/4/2013 11:43:36 PM | Computer Name = ACER-6E40E97492 | Source = Application Hang | ID = 1002
Description = Hanging application Live Nude Girls 1995 720p BluRay x264-Japhson
[PublicHD](1).exe, version 2013.5.1.1725, hang module hungapp, version 0.0.0.0,
hang address 0x00000000.

Error - 5/5/2013 12:06:58 PM | Computer Name = ACER-6E40E97492 | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.75.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/28/2013 12:49:51 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 4/28/2013 12:49:51 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/4/2013 10:38:15 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/4/2013 10:38:15 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/5/2013 11:07:42 AM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/5/2013 11:07:42 AM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/5/2013 1:19:36 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/5/2013 1:19:36 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/5/2013 3:44:52 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 5/5/2013 3:44:52 PM | Computer Name = ACER-6E40E97492 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 03:37 PM

Looks pretty good, what browsers are still being affected?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 03:38 PM

Now, when opening a new tab on Chrome browser I get this message,

No webpage was found for the web address: chrome-extension://dcopnlhadlbjjfeabjpjoonhnjfbijem/newtab.html

Is this ok?

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 03:51 PM

That was the bad one....try this:


Type the following into the address box and hit Enter:

chrome:extensions

See what's listed...MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 04:01 PM

Bunch of stragely named extensions, deleted them all , seems to be working fine.

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 04:13 PM

Good, all the other browsers are OK??

If so, lets check your security and we also have some clean up to do:

Download Security Check by screen317 from HERE or HERE.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 jcolon

jcolon

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 May 2013 - 04:24 PM

Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG 2013
AVG PC TuneUp
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
Malwarebytes Anti-Malware version 1.75.0.1300
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Java™ 6 Update 37
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
Mozilla Thunderbird (7.0.1) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 19% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#17 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,137 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 05 May 2013 - 04:40 PM

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


Uninstall these and any other Java from your add/remove programs:
Java™ 6 Update 37
Java™ 6 Update 7


Java version out of Date! <-------Download and install the latest version from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

------------------

Mozilla Thunderbird (7.0.1) Thunderbird out of Date! <---check for an update if available

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#18 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 06 May 2013 - 07:36 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users