Sign in to follow this  
Followers 0
XLR8

Malwarebytes successfully blocked access to a potentially malicious website.

50 posts in this topic

Hello,

For the past month or so, my current antivirus (BitDefender) always blocked certain IPs, claiming it was a virus of some sorts. I scanned the computer, and it didn't detect anything. But the message kept popping up. So I download Malwarebytes and ran that because many people recommended it (and I've used it before on another computer). It didn't detect anything either. However, the message "Malwarebytes successfully blocked access to a potentially malicious website" appears every so often, and many different IPs — just like my antivirus, with the application it's trying to connect through. I'm sure it wasn't the application itself, but I deleted it anyways because I never use it (AVG linkscanner). However the message kept popping up, this time through firefox. I search the forum/googled some answers and most posters said to download and run a few programs (Combofix, etc) but it wasn't recommended unless someone specifically said to do so, so I didn't run it. (Combofix was the one I downloaded, if interested).

I bought the PRO version of Malwarebytes and scanned, but the message still pops up. I've pasted the requested DDS.txt & Attach.txt files below:

Attach.txt

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 21/09/2009 19:40:47

System Uptime: 22/04/2012 01:05:39 (0 hours ago)

.

Motherboard: Dell Inc. | | 0655KV

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 314.21 GiB free.

E: is FIXED (NTFS) - 15 GiB total, 6.621 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP574: 13/03/2012 21:05:51 - Scheduled Checkpoint

RP575: 13/03/2012 22:42:03 - Windows Update

RP576: 14/03/2012 18:02:37 - Windows Update

RP577: 16/03/2012 19:02:52 - Windows Update

RP578: 19/03/2012 20:06:39 - Scheduled Checkpoint

RP579: 20/03/2012 17:42:22 - Windows Update

RP580: 23/03/2012 18:39:20 - Windows Update

RP581: 27/03/2012 18:52:36 - Windows Update

RP582: 30/03/2012 17:04:41 - Windows Update

RP583: 31/03/2012 20:18:44 - Scheduled Checkpoint

RP584: 03/04/2012 10:07:36 - Windows Update

RP585: 06/04/2012 11:00:45 - Windows Update

RP586: 10/04/2012 12:47:01 - Windows Update

RP587: 11/04/2012 17:13:21 - Scheduled Checkpoint

RP588: 13/04/2012 12:22:43 - Windows Update

RP589: 13/04/2012 13:27:40 - Windows Update

RP590: 13/04/2012 13:39:36 - Installed Java™ 6 Update 31

RP591: 15/04/2012 16:20:08 - Windows Live Essentials

RP592: 15/04/2012 16:22:28 - Installed DirectX

RP593: 15/04/2012 16:23:46 - Installed DirectX

RP594: 17/04/2012 12:47:36 - Windows Update

RP595: 20/04/2012 11:45:53 - Windows Update

RP596: 21/04/2012 17:00:07 - Removed AVG LinkScanner® 8.5

RP597: 21/04/2012 17:02:26 - Installed AVG LinkScanner® 8.5

RP598: 21/04/2012 17:16:48 - Removed BitDefender Total Security 2010

RP599: 21/04/2012 17:57:31 - Device Driver Package Install: BITDEFENDER S.R.L. System devices

RP600: 21/04/2012 18:48:04 - Device Driver Package Install: BitDefender LLC Network Service

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Acrobat.com

Action Replay Code Manager

Action Replay DSi Code Manager

Adobe AIR

Adobe Community Help

Adobe Media Player

Adobe Reader 9.3.3

Advanced Audio FX Engine

Akamai NetSession Interface

Akamai NetSession Interface Service

Apple Application Support

Apple Software Update

ATI Catalyst Control Center

Audacity 1.2.6

Audacity 1.3.14 (Unicode)

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

D3DX10

Dell DataSafe Online

Dell Getting Started Guide

Dell Video Chat

Dell Webcam Central

Deus Ex: Game of the Year Edition

DiskAid 5.09

DivX Setup

Facebook Plug-In

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

intelliScore Polyphonic MP3 to MIDI Converter Demo

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.61.0.1400

MediaWidget 6.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MorphVOX Junior

Mozilla Firefox 11.0 (x86 en-GB)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Norton Security Scan

Notepad++

PowerDVD DX

Quick PDF Converter v4.1

QuickTime

Ralink RT2870 Wireless LAN Card

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Segoe UI

Skins

Skype Click to Call

Skype™ 5.5

Spelling Dictionaries Support For Adobe Reader 9

Steam

SwiftKit

Switch Sound File Converter

Synthesia (remove only)

Team Fortress 2

Uniblue RegistryBooster 2010

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

Visual C++ 8.0 Runtime Setup Package (x64)

VLC media player 1.1.4

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR archiver

Xilisoft iPod Video Converter 6

Yahoo! Toolbar

YouTube Downloader 3.5

YouTube Video Downloader 2.7.1

.

==== Event Viewer Messages From Past Week ========

.

22/04/2012 01:14:42, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

22/04/2012 01:12:04, Error: Service Control Manager [7024] - The KtmRm for Distributed Transaction Coordinator service terminated with service-specific error 2147942438 (0x80070026).

22/04/2012 01:11:20, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

22/04/2012 01:11:16, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

22/04/2012 00:25:52, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

21/04/2012 23:49:26, Error: Service Control Manager [7031] - The Akamai NetSession Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

21/04/2012 18:39:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdftdif

21/04/2012 18:18:19, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

21/04/2012 17:47:48, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): 'SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

21/04/2012 17:46:51, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

21/04/2012 13:52:09, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\RegBack\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.

21/04/2012 13:39:12, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 0C6076050406 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

20/04/2012 17:09:31, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

20/04/2012 17:09:31, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

20/04/2012 17:07:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

18/04/2012 14:53:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

18/04/2012 14:53:56, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/04/2012 15:48:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

16/04/2012 15:48:58, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

16/04/2012 15:48:27, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

15/04/2012 16:22:23, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

15/04/2012 16:22:23, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

15/04/2012 16:22:23, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

.

==== End Of File ===========================

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by XLR8 at 1:38:29 on 2012-04-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4091.1526 [GMT 1:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k yksvcs

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\ehome\ehmsas.exe

C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Bitdefender\Bitdefender 2012\antispam32\bdimguiaux.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\SwiftKit-RS.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\notepad.exe

C:\Windows\System32\notepad.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\osk.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = hxxp://www.yahoo.com/search/ie.html

mStart Page = about:blank

uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVGLS\avgssie.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\XLR8\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [KeyMapperStarup] C:\Users\XLR8\Downloads\kr_free\KeyRemapper.exe /background

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Akamai NetSession Interface] "C:\Users\XLR8\AppData\Local\Akamai\netsession_win.exe"

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [bSDAppUpdater] "C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRunOnce: [<NO NAME>] OSK.exe

StartupFolder: C:\Users\XLR8\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Download Video on This Page - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211

IE: Download Video This Links To - C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{12BE45FF-D7C4-47ED-BA6C-EF3E7037FA4F} : DhcpNameServer = 172.168.1.161

TCP: Interfaces\{A2CBE3C9-DCCC-4EA3-B6B9-C40CDB4AA8A6} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVGLS\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [bSDAppUpdater] "C:\Program Files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {11F19C45-9675-488A-A8E0-8E8234DC245D} - res://C:\Program Files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b650dc5-1bb6-434d-b15a-03d8a2e77959%7D&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6&ds=AVG&v=9.0.0.18.3〈=us&pr=&d=2012-02-23%2010%3A36%3A05&sap=ku&q=

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

FF - component: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll

FF - component: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll

FF - component: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\XLR8\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\XLR8\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]

R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-21 21504]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-16 654408]

R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\BitDefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]

R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-21 21504]

R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]

R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 OA013Ufd;Creative Camera OA013 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA013Ufd.sys --> C:\Windows\system32\DRIVERS\OA013Ufd.sys [?]

R3 OA013Vid;Creative Camera OA013 Function Driver;C:\Windows\system32\DRIVERS\OA013Vid.sys --> C:\Windows\system32\DRIVERS\OA013Vid.sys [?]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]

S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-21 253088]

S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\rt2870.sys --> C:\Windows\system32\DRIVERS\rt2870.sys [?]

S3 SafeBox;SafeBox;C:\Program Files\BitDefender\Bitdefender Safebox\safeboxservice.exe [2012-2-21 75384]

S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-04-22 00:04:15 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-04-21 22:50:19 98816 ----a-w- C:\Windows\sed.exe

2012-04-21 22:50:19 518144 ----a-w- C:\Windows\SWREG.exe

2012-04-21 22:50:19 256000 ----a-w- C:\Windows\PEV.exe

2012-04-21 22:50:19 208896 ----a-w- C:\Windows\MBR.exe

2012-04-21 22:50:06 -------- d-s---w- C:\ComboFix

2012-04-21 17:53:04 245113 ----a-w- C:\ProgramData\1335030144.bdinstall.bin

2012-04-21 17:49:51 -------- d-----w- C:\Windows\LastGood.Tmp

2012-04-21 17:46:47 -------- d-----w- C:\Users\XLR8\AppData\Roaming\Bitdefender

2012-04-21 17:46:31 -------- d-----w- C:\ProgramData\Bitdefender

2012-04-21 17:42:41 442088 ----a-w- C:\Windows\System32\drivers\bdfsfltr.sys

2012-04-21 17:42:40 329800 ----a-w- C:\Windows\System32\drivers\trufos.sys

2012-04-21 17:36:29 22638 ----a-w- C:\ProgramData\1335029787.bdinstall.bin

2012-04-21 17:35:54 104594 ----a-w- C:\ProgramData\1335029638.bdinstall.bin

2012-04-21 17:17:50 178583 ----a-w- C:\ProgramData\1335027244.bdinstall.bin

2012-04-21 17:04:57 -------- d-----w- C:\ProgramData\BDLogging

2012-04-21 17:00:21 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2012-04-21 17:00:20 42064 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2012-04-21 17:00:19 654928 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2012-04-21 16:44:11 22632 ----a-w- C:\ProgramData\1335026645.bdinstall.bin

2012-04-21 16:43:39 217745 ----a-w- C:\ProgramData\1335025918.bdinstall.bin

2012-04-21 16:36:51 -------- d-----w- C:\Users\XLR8\AppData\Roaming\QuickScan

2012-04-21 13:44:33 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-21 12:55:30 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-21 12:47:48 -------- d-----w- C:\Users\XLR8\AppData\Local\{A9098E9F-B018-46FE-B911-4DEE784E64C6}

2012-04-21 12:47:36 -------- d-----w- C:\Users\XLR8\AppData\Local\{876608F2-18A5-4309-B83F-F148C4588308}

2012-04-20 22:41:43 -------- d-----w- C:\Users\XLR8\AppData\Local\{E4ACDA7A-CB67-4E14-AFC9-6B828898A9A5}

2012-04-20 22:41:32 -------- d-----w- C:\Users\XLR8\AppData\Local\{E6A037D7-3D68-4C23-A503-87844A0D2B52}

2012-04-20 10:49:53 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B519FED-0F75-41C3-A1A6-75D639C51419}\mpengine.dll

2012-04-20 10:41:00 -------- d-----w- C:\Users\XLR8\AppData\Local\{07B16678-BDE3-4F00-BBD0-F22D02DAA4CA}

2012-04-20 10:40:38 -------- d-----w- C:\Users\XLR8\AppData\Local\{7F80CD39-2244-465E-8774-C246410E0889}

2012-04-19 13:44:03 -------- d-----w- C:\Users\XLR8\AppData\Local\{122A47FD-5DB3-4AC4-9521-346D695F07B2}

2012-04-19 13:43:49 -------- d-----w- C:\Users\XLR8\AppData\Local\{A5BDCF36-AD9B-4DDC-9506-0F131ED8471B}

2012-04-19 01:43:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{71307137-CF16-4A81-9E95-61395A53BE8E}

2012-04-19 01:42:58 -------- d-----w- C:\Users\XLR8\AppData\Local\{F0966A4D-A583-4EB3-985C-3DDE39BCD16B}

2012-04-18 14:17:37 -------- d-----w- C:\Users\XLR8\vocab n questions

2012-04-18 13:42:23 -------- d-----w- C:\Users\XLR8\AppData\Local\{063E9E7C-C099-47DA-A779-70F0105ABA79}

2012-04-18 13:42:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{F0070B79-FA3A-4454-8504-A17A2C0CC713}

2012-04-18 11:29:17 -------- d-----w- C:\Users\XLR8\jagexcache1

2012-04-17 23:43:02 -------- d-----w- C:\Users\XLR8\AppData\Local\{E4B30CC0-D11A-4252-85E7-E67EF3802197}

2012-04-17 11:42:22 -------- d-----w- C:\Users\XLR8\AppData\Local\{8CC01C42-F8CA-4E65-9EA0-26A0E2527673}

2012-04-17 11:41:30 -------- d-----w- C:\Users\XLR8\AppData\Local\{BFE854A0-1F82-4846-A819-E0AC1404A3C0}

2012-04-16 23:34:57 -------- d-----w- C:\Users\XLR8\AppData\Local\{91DB3918-A206-4E12-A01C-A2B6363FD15F}

2012-04-16 23:34:45 -------- d-----w- C:\Users\XLR8\AppData\Local\{ACA2F2C7-D0DC-4DA5-8278-39670763693D}

2012-04-16 23:32:03 -------- d-----w- C:\Users\XLR8\AppData\Local\{9B22DC68-6506-4F1E-B742-A2326836245D}

2012-04-16 23:30:17 -------- d-----w- C:\Users\XLR8\AppData\Local\{79A0D392-7BE1-444C-B2F0-FA05F8478CE5}

2012-04-16 12:20:41 -------- d-----w- C:\Users\XLR8\AppData\Roaming\Malwarebytes

2012-04-16 12:20:35 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-16 12:20:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-16 12:20:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-16 11:29:33 -------- d-----w- C:\Users\XLR8\AppData\Local\{E0C0A9B5-2EB6-4570-9CB7-18AF3B34C650}

2012-04-16 11:29:18 -------- d-----w- C:\Users\XLR8\AppData\Local\{7B54AA2C-D645-4FEF-8F93-F96840C8D8BD}

2012-04-15 15:33:47 -------- d-----w- C:\Users\XLR8\AppData\Local\{9C6C72AD-9715-4344-BC0D-6AF3F0F54A3A}

2012-04-15 15:33:35 -------- d-----w- C:\Users\XLR8\AppData\Local\{C1BCF9BA-5B91-40E6-89A2-96672F58A148}

2012-04-15 15:32:45 -------- d-----w- C:\Windows\en

2012-04-15 15:20:12 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DSETUP.dll

2012-04-15 15:20:12 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DXSETUP.exe

2012-04-15 15:20:12 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\dsetup32.dll

2012-04-15 11:45:15 -------- d-----w- C:\Users\XLR8\AppData\Local\{6DF2B946-7FAF-427D-A226-629E1CFB6562}

2012-04-15 11:44:54 -------- d-----w- C:\Users\XLR8\AppData\Local\{8E0CF3F8-49C3-4DCD-86B6-0F23C68C2F15}

2012-04-14 12:57:41 -------- d-----w- C:\Users\XLR8\AppData\Local\{5CDC5E71-4FB1-463D-BD60-F29306D64C83}

2012-04-14 12:57:12 -------- d-----w- C:\Users\XLR8\AppData\Local\{3B0278AF-16C2-4D77-8382-0EDD92171973}

2012-04-13 23:03:45 -------- d-----w- C:\Users\XLR8\AppData\Local\{6C3F4F2E-F458-4F10-9904-1335693C1BC9}

2012-04-13 23:02:35 -------- d-----w- C:\Users\XLR8\AppData\Local\{64C124C1-7D6C-4670-A582-9A633CB09EF5}

2012-04-13 12:58:09 -------- d-----w- C:\Users\XLR8\AppData\Local\{0DF598DA-EA66-4ACE-B255-97C2BE4617D6}

2012-04-13 12:57:49 -------- d-----w- C:\Users\XLR8\AppData\Local\{4D20BF6D-B6E7-4826-A4D2-85658BE2D1E0}

2012-04-13 11:49:59 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-04-13 11:49:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-04-13 11:49:57 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-04-13 11:43:10 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-13 11:41:38 78848 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-13 11:41:38 5632 ----a-w- C:\Windows\System32\wmi.dll

2012-04-13 11:41:38 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-13 11:41:38 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-13 11:41:37 219136 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-13 11:41:36 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-13 11:41:32 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-13 11:31:05 -------- d-----w- C:\Users\XLR8\AppData\Local\{72814770-D4DC-4E22-9EDE-09337A36A8FA}

2012-04-12 23:30:29 -------- d-----w- C:\Users\XLR8\AppData\Local\{A968B1CD-8998-4DED-B704-ADCCDA895D08}

2012-04-12 11:41:25 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2012-04-12 11:41:25 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2012-04-12 11:30:04 -------- d-----w- C:\Users\XLR8\AppData\Local\{1CF5C446-9AAB-434E-8532-5F3232ED5E9C}

2012-04-11 12:08:54 -------- d-----w- C:\Users\XLR8\AppData\Local\{350B7571-7CA2-4D9F-A258-906082DB2B07}

2012-04-11 00:06:25 -------- d-----w- C:\Users\XLR8\AppData\Local\{AFB84F7B-D515-4FE4-AB2B-E105914B9133}

2012-04-10 12:05:56 -------- d-----w- C:\Users\XLR8\AppData\Local\{70555140-E934-428E-B381-5A2628896CC7}

2012-04-10 00:05:31 -------- d-----w- C:\Users\XLR8\AppData\Local\{953DF9F5-0B7D-4859-A43F-B69CD461C21D}

2012-04-09 12:05:20 -------- d-----w- C:\Users\XLR8\AppData\Local\{7EB9368C-34D1-4A1F-AA78-C7C1553E6AE4}

2012-04-09 00:02:57 -------- d-----w- C:\Users\XLR8\AppData\Local\{E281B1E8-3437-4E08-9FC8-3284D21199CA}

2012-04-08 12:02:33 -------- d-----w- C:\Users\XLR8\AppData\Local\{3084543A-C53B-42B1-9E99-F71D9058ED96}

2012-04-08 00:01:34 -------- d-----w- C:\Users\XLR8\AppData\Local\{1108E181-43A9-4FBE-B394-28AC88DA2EBD}

2012-04-07 12:01:07 -------- d-----w- C:\Users\XLR8\AppData\Local\{F1FC0606-B3F8-4487-BF40-697E1D504325}

2012-04-06 10:13:09 -------- d-----w- C:\Users\XLR8\AppData\Local\{CBF30B67-49F8-4053-A1FA-8625ACB565B9}

2012-04-05 10:12:35 -------- d-----w- C:\Users\XLR8\AppData\Local\{0EEA8435-E304-4B55-8033-3C2F8E2CE7F8}

2012-04-04 22:12:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{E10A0064-A31F-42E8-8DD4-7EDE2789B5C5}

2012-04-04 10:11:59 -------- d-----w- C:\Users\XLR8\AppData\Local\{779CBA27-6ED6-4BD2-9110-CF8196358537}

2012-04-03 09:00:14 -------- d-----w- C:\Users\XLR8\AppData\Local\{C9E2F281-401C-4915-9128-FE3BA3D0F713}

2012-04-02 22:33:15 -------- d-----w- C:\Users\XLR8\AppData\Local\{116F18CB-3EE9-4570-9598-4A2AECC16903}

2012-04-02 14:21:13 -------- d-----w- C:\Users\XLR8\Biology Exams

2012-04-02 10:32:51 -------- d-----w- C:\Users\XLR8\AppData\Local\{5509FA4D-DEAE-4A6A-AD3F-6419703856CE}

2012-04-01 10:08:17 -------- d-----w- C:\Users\XLR8\AppData\Local\{4BBB8838-EA5F-4945-8639-1070D6AB322D}

2012-03-31 21:49:54 -------- d-----w- C:\Users\XLR8\AppData\Local\{3646BAFF-7C20-41D7-80A7-D849E1C5735A}

2012-03-31 09:49:29 -------- d-----w- C:\Users\XLR8\AppData\Local\{43CF4385-EF04-4AC3-AD1C-6768EC40C6D2}

2012-03-30 15:58:06 -------- d-----w- C:\Users\XLR8\AppData\Local\{FEBA05B3-2204-4C14-971A-9C8FBE1AA7D1}

2012-03-29 16:31:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{CE760D95-3FEA-46B3-912D-32CE9FE25C96}

2012-03-28 15:14:27 -------- d-----w- C:\Users\XLR8\AppData\Local\{CF5566D7-3686-4DFC-8EAC-42AB5133712E}

2012-03-28 15:14:11 -------- d-----w- C:\Users\XLR8\AppData\Local\{F5F6C9F3-6BE5-40AE-8B0B-70FB61CE0396}

2012-03-27 17:35:08 -------- d-----w- C:\Users\XLR8\AppData\Local\{31F65262-7EB8-434A-80C6-E6DF3C25A963}

2012-03-27 17:33:01 -------- d-----w- C:\Users\XLR8\AppData\Local\{245324A9-1B70-4039-B64E-0D830591BE31}

2012-03-26 17:19:13 -------- d-----w- C:\Users\XLR8\AppData\Local\{1C04E2D0-B004-4AD3-AE01-8341966974EF}

2012-03-26 17:18:55 -------- d-----w- C:\Users\XLR8\AppData\Local\{B195D31C-DC11-4696-B2BA-5723CB559AB4}

2012-03-25 19:36:59 139264 ----a-w- C:\Windows\SysWow64\gswin32c.exe

2012-03-25 19:36:58 438976 ----a-w- C:\Windows\SysWow64\Mshflxgd.ocx

2012-03-25 19:36:58 244024 ----a-w- C:\Windows\SysWow64\Msflxgrd.ocx

2012-03-25 19:36:57 196608 ----a-w- C:\Windows\SysWow64\Utility.dll

2012-03-25 19:36:57 -------- d--h--w- C:\ProgramData\QPOCRTemp

2012-03-25 19:36:57 -------- d-----w- C:\Windows\SysWow64\gs

2012-03-25 19:36:53 368912 ----a-w- C:\Windows\SysWow64\vbar332.dll

2012-03-25 19:36:53 -------- d--h--w- C:\ProgramData\QuickPDF

2012-03-25 19:34:53 -------- d-----w- C:\QuickPDFConverter

2012-03-25 12:06:49 -------- d-----w- C:\Users\XLR8\AppData\Local\{606ABA3E-5740-422D-AC99-A0244F6128AA}

2012-03-25 12:05:39 -------- d-----w- C:\Users\XLR8\AppData\Local\{7C06F2BD-B922-4CC3-914B-090F86ABD9BE}

2012-03-25 00:05:14 -------- d-----w- C:\Users\XLR8\AppData\Local\{1AD274E4-5F10-464F-AD32-6CF2B55CD125}

2012-03-24 12:04:31 -------- d-----w- C:\Users\XLR8\AppData\Local\{3B9B6448-AA2E-4511-96A4-A95C686AA742}

2012-03-24 12:03:27 -------- d-----w- C:\Users\XLR8\AppData\Local\{848491AD-11E9-4217-8765-7DCD56FA9CFB}

2012-03-23 18:33:44 -------- d-----w- C:\Users\XLR8\AppData\Local\{5744E42F-B43C-4CFF-A704-4895E7CB739A}

2012-03-23 18:33:20 -------- d-----w- C:\Users\XLR8\AppData\Local\{CB58E7AD-A657-479F-9EEE-232767596DF1}

.

==================== Find3M ====================

.

2012-04-21 13:44:42 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-13 12:41:05 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-23 18:39:53 3715072 ----a-w- C:\Program Files\SwiftKit-RS.exe

2012-03-20 19:22:46 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys

2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-17 15:45:56 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys

2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 10:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 21:22:14 401408 ----a-w- C:\Program Files\SwiftKit.exe

2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys

2012-01-08 14:09:07 1228892 ----a-w- C:\Program Files\swiftirc.ocx

2011-07-21 14:09:34 83863 ----a-w- C:\Program Files\Uninstall.exe

2011-02-17 09:14:55 585728 ----a-w- C:\Program Files\LaVolpeAlphaImg.ocx

2009-10-09 13:05:15 74240 ----a-w- C:\Program Files\zlib.dll

2009-10-09 13:05:15 24576 ----a-w- C:\Program Files\ExePatcher.exe

2009-10-09 13:05:15 15416 ----a-w- C:\Program Files\basswma.dll

2009-10-09 13:05:13 89144 ----a-w- C:\Program Files\bass.dll

.

============= FINISH: 1:39:23.77 ===============

I appreciate any assistance. Thanks a lot!

- XLR8

Share this post


Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

------->Logs will be closed if you haven't replied within 3 days!<--------

Share this post


Link to post
Share on other sites

Thank you for your reply, MrCharlie.

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: XLR8 [Admin rights]

Mode: Scan -- Date: 04/23/2012 19:59:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++

--- User ---

[MBR] fcb4481e19d53dcf372f4acfc4f29676

[bSP] c6b9090b1b39f3797358b1cb44c2188c : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Looks Good so far.

-----------------------

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

Thanks again for your reply! Unfortunately, the log is rather large and the forum won't let me subit the C+P version because it's too long, so they only way you could view it would be to send it as an attachment. Is that alright?

Oh, and for some reason 'reboot' didn't come up when I scanned, and my the results of my scan appear a tad different to the layout of yours.

I appreciate the assistance.

TDSSKiller.2.7.32.0_23.04.2012_22.35.55_log.txt

Share this post


Link to post
Share on other sites

It's OK to attach it.

The scan was clean.

--------------------------------

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Ok I followed the instructions and here is the log!

ComboFix 12-04-24.02 - XLR8 24/04/2012 19:05:05.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.4091.2197 [GMT 1:00]

Running from: c:\users\XLR8\Desktop\ComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Uninstall.exe

c:\users\XLR8\AppData\Roaming\Microsoft\Windows\Recent\DeSmuME.com.URL

c:\users\XLR8\AppData\Roaming\mIRC\logs\status.log

c:\users\XLR8\Desktop\Documents\~WRL0001.tmp

c:\users\XLR8\Desktop\Documents\~WRL0003.tmp

c:\users\XLR8\Desktop\Documents\~WRL0004.tmp

c:\users\XLR8\Desktop\Documents\~WRL0742.tmp

c:\users\XLR8\Desktop\Documents\~WRL0901.tmp

c:\users\XLR8\Desktop\Documents\~WRL1235.tmp

c:\users\XLR8\Desktop\Documents\~WRL2337.tmp

c:\users\XLR8\Desktop\Documents\~WRL2888.tmp

c:\users\XLR8\Desktop\Documents\~WRL3280.tmp

c:\users\XLR8\Desktop\Documents\~WRL3372.tmp

c:\users\XLR8\Desktop\Documents\~WRL3985.tmp

c:\windows\security\Database\tmp.edb

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\SysWow64\urttemp

c:\windows\SysWow64\urttemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-03-24 to 2012-04-24 )))))))))))))))))))))))))))))))

.

.

2012-04-24 18:22 . 2012-04-24 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-24 17:34 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B129FC8-6E5A-4B2F-B942-7B101E336E36}\mpengine.dll

2012-04-21 17:53 . 2012-04-21 17:53 245113 ----a-w- c:\programdata\1335030144.bdinstall.bin

2012-04-21 17:46 . 2012-04-21 17:46 -------- d-----w- c:\users\XLR8\AppData\Roaming\Bitdefender

2012-04-21 17:46 . 2012-04-21 17:51 -------- d-----w- c:\programdata\Bitdefender

2012-04-21 17:42 . 2011-08-16 13:59 442088 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2012-04-21 17:42 . 2011-10-27 14:07 329800 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-04-21 17:36 . 2012-04-21 17:36 22638 ----a-w- c:\programdata\1335029787.bdinstall.bin

2012-04-21 17:35 . 2012-04-21 17:35 104594 ----a-w- c:\programdata\1335029638.bdinstall.bin

2012-04-21 17:17 . 2012-04-21 17:17 178583 ----a-w- c:\programdata\1335027244.bdinstall.bin

2012-04-21 17:04 . 2012-04-21 17:04 -------- d-----w- c:\programdata\BDLogging

2012-04-21 17:00 . 2009-07-14 18:31 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-04-21 17:00 . 2009-07-14 18:18 42064 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-04-21 17:00 . 2009-07-14 18:18 654928 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-04-21 16:44 . 2012-04-21 16:44 22632 ----a-w- c:\programdata\1335026645.bdinstall.bin

2012-04-21 16:43 . 2012-04-21 16:43 217745 ----a-w- c:\programdata\1335025918.bdinstall.bin

2012-04-21 16:36 . 2012-04-21 16:36 -------- d-----w- c:\users\XLR8\AppData\Roaming\QuickScan

2012-04-21 13:44 . 2012-04-21 13:44 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-21 12:55 . 2012-04-21 13:44 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-18 14:17 . 2012-04-21 15:59 -------- d-----w- c:\users\XLR8\vocab n questions

2012-04-18 11:29 . 2012-04-18 11:29 -------- d-----w- c:\users\XLR8\jagexcache1

2012-04-16 12:20 . 2012-04-16 12:20 -------- d-----w- c:\users\XLR8\AppData\Roaming\Malwarebytes

2012-04-16 12:20 . 2012-04-16 12:20 -------- d-----w- c:\programdata\Malwarebytes

2012-04-16 12:20 . 2012-04-22 00:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-16 12:20 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-15 15:32 . 2012-04-15 15:32 -------- d-----w- c:\windows\en

2012-04-15 15:24 . 2012-04-15 15:24 -------- d-----w- c:\program files\Windows Live

2012-04-15 15:20 . 2012-04-15 15:20 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DSETUP.dll

2012-04-15 15:20 . 2012-04-15 15:20 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\DXSETUP.exe

2012-04-15 15:20 . 2012-04-15 15:20 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\406b8dd61cd1b1b01\dsetup32.dll

2012-04-13 12:41 . 2012-04-13 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-04-13 11:49 . 2012-02-28 06:49 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-04-13 11:49 . 2012-02-28 01:13 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll

2012-04-13 11:49 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-04-13 11:43 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-13 11:41 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll

2012-04-13 11:41 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-13 11:41 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-13 11:41 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-13 11:41 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll

2012-04-13 11:41 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-13 11:41 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 11:41 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2012-04-12 11:41 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2012-04-02 14:21 . 2012-04-02 14:21 -------- d-----w- c:\users\XLR8\Biology Exams

2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-03-25 19:36 . 2011-09-05 13:37 438976 ----a-w- c:\windows\SysWow64\Mshflxgd.ocx

2012-03-25 19:36 . 2011-09-05 13:37 244024 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx

2012-03-25 19:36 . 2012-03-25 19:37 -------- d-----w- c:\windows\SysWow64\gs

2012-03-25 19:36 . 2012-03-25 19:36 -------- d--h--w- c:\programdata\QPOCRTemp

2012-03-25 19:36 . 2011-09-05 13:37 196608 ----a-w- c:\windows\SysWow64\Utility.dll

2012-03-25 19:36 . 2012-03-25 19:56 -------- d--h--w- c:\programdata\QuickPDF

2012-03-25 19:36 . 1998-04-23 23:00 368912 ----a-w- c:\windows\SysWow64\vbar332.dll

2012-03-25 19:34 . 2012-03-25 19:38 -------- d-----w- C:\QuickPDFConverter

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-21 13:44 . 2011-06-08 09:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-13 12:41 . 2010-06-13 10:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-23 18:39 . 2011-07-21 14:10 3715072 ----a-w- c:\program files\SwiftKit-RS.exe

2012-03-20 19:22 . 2012-03-20 19:22 691896 ----a-w- c:\windows\system32\drivers\avc3.sys

2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR

2012-02-23 09:18 . 2009-10-31 11:10 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-17 15:45 . 2012-02-17 15:45 545064 ----a-w- c:\windows\system32\drivers\avckf.sys

2012-02-14 16:49 . 2012-03-13 22:51 327680 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-02-14 16:49 . 2012-03-13 22:51 196096 ----a-w- c:\windows\system32\d3d10_1.dll

2012-02-14 15:45 . 2012-03-13 22:51 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-13 22:51 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-02-13 14:38 . 2012-03-13 22:51 2002944 ----a-w- c:\windows\system32\d3d10warp.dll

2012-02-13 14:12 . 2012-03-13 22:51 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-02-13 14:06 . 2012-03-13 22:51 834048 ----a-w- c:\windows\system32\d2d1.dll

2012-02-13 14:03 . 2012-03-13 22:51 1555968 ----a-w- c:\windows\system32\DWrite.dll

2012-02-13 13:47 . 2012-03-13 22:51 683008 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-02-13 13:44 . 2012-03-13 22:51 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 10:02 . 2012-02-07 10:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 21:22 . 2009-10-09 13:05 401408 ----a-w- c:\program files\SwiftKit.exe

2012-02-02 15:34 . 2012-03-13 22:51 2765824 ----a-w- c:\windows\system32\win32k.sys

2012-01-08 14:09 . 2009-10-09 13:05 1228892 ----a-w- c:\program files\swiftirc.ocx

2011-02-17 09:14 . 2010-11-21 07:20 585728 ----a-w- c:\program files\LaVolpeAlphaImg.ocx

2009-10-09 13:05 . 2009-10-09 13:05 74240 ----a-w- c:\program files\zlib.dll

2009-10-09 13:05 . 2009-10-09 13:05 24576 ----a-w- c:\program files\ExePatcher.exe

2009-10-09 13:05 . 2009-10-09 13:05 15416 ----a-w- c:\program files\basswma.dll

2009-10-09 13:05 . 2009-10-09 13:05 89144 ----a-w- c:\program files\bass.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-06 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-04 1242448]

"Akamai NetSession Interface"="c:\users\XLR8\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-13 61440]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"BSDAppUpdater"="c:\program files (x86)\Common Files\BSD\AppUpdater\BSDChecker.exe" [2012-01-15 1660232]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

c:\users\XLR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 ActionReplayDS;ActionReplayDS;c:\windows\system32\Drivers\ActionReplayDS_x64.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 253088]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 13:44]

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 23:18]

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 23:18]

.

2012-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493765699-2932754121-1517478223-1000Core.job

- c:\users\XLR8\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 11:33]

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2493765699-2932754121-1517478223-1000UA.job

- c:\users\XLR8\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-19 11:33]

.

2012-04-19 c:\windows\Tasks\Norton Security Scan for XLR8.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-18 09:06]

.

2012-04-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-04-24 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2012-04-24 17:51 266952 ----a-w- c:\program files\BitDefender\Bitdefender Safebox\safeboxshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1780520]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-04-23 3236432]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-07 172032]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-04-24 1067768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;

IE: Download Video on This Page - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211

IE: Download Video This Links To - c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/212

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{11F19C45-9675-488A-A8E0-8E8234DC245D} - res://c:\program files (x86)\Tomato\YouTube Video Downloader\MDIEEx.dll/211

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\XLR8\AppData\Roaming\Mozilla\Firefox\Profiles\hfw5513s.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b650dc5-1bb6-434d-b15a-03d8a2e77959%7D&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6&ds=AVG&v=9.0.0.18.3〈=us&pr=&d=2012-02-23%2010%3A36%3A05&sap=ku&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKCU-Run-KeyMapperStarup - c:\users\XLR8\Downloads\kr_free\KeyRemapper.exe

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

AddRemove-SwiftKit - c:\program files\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-04-24 19:40:32 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-24 18:40

.

Pre-Run: 334,756,241,408 bytes free

Post-Run: 336,496,758,784 bytes free

.

- - End Of File - - 509D378026141C8BBEB6B3B304C8D01A

Share this post


Link to post
Share on other sites

Ah, unfortunately the malwarebytes message STILL pops up. I was convinced ComboFix would get rid of it.

Share this post


Link to post
Share on other sites

Did you set up this proxy??

uInternet Settings,ProxyOverride = <local>;*.local;127.0.0.1:9421;

-----------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

Can you take a screen shot of the message that comes up?

If not tell me exactly what it says.

MrC

Share this post


Link to post
Share on other sites

Nope — I have never set up a proxy on this computer. I'm guessing that's a problem?

Share this post


Link to post
Share on other sites

It doesn't appear to be enabled but lets get rid of it anyway, they link below contains info on how to delete it (about 1/3 the way down)

http://www.bleepingc...ormance-advisor

--------------------------------

See if you can take a screen shot of the pop-up warning or just tell me exactly what it says.

MrC

Share this post


Link to post
Share on other sites

Thanks - I went to firefox and removed a system proxy that was apparently in place.

Strangely, even after scanning ComboFix, it was appearing a lot, but as soon as you asked me to post a screenie, it's stopped. However, from what I remember...

It'd give the message 'malwarebytes successfully..." and it'd give a port which changes every time. The IP changes often, but a common one that pops up is '173.192.183.194'. It connects through either firefox.exe or svchost.exe. If it comes up again I'll be sure to take a screenshot of it.

Share this post


Link to post
Share on other sites

That proxy was in Internet Explorer, are you using any P2P programs?

MrC

Share this post


Link to post
Share on other sites

I went into internet explorer but there was no proxy being used, so I checked firefox. P2P programs? You means things like BitTorrent? None that I know of... unless you count MSN & Skype.

Share this post


Link to post
Share on other sites

That's a tad puzzling. I've had skype installed on this laptop for the past 2½ years, BitDefender for the past 2½ years, and MBAW for the past few months, yet this message started popping up about 1-2 months ago. Furthermore, wouldn't the program that it connects through be Skype, as opposed to svschost.exe/firefox.exe/avgnsa.exe?

In order to combat this problem, would my only solution be to uninstall Skype? Because it's not really in my interest to do so... I haven't seen any of my data/personal details become hijacked since the message popped up, so perhaps it isn't too harmful — but I just need to make sure.

Thanks.

Share this post


Link to post
Share on other sites

I would like to run a couple of more scans:

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Share this post


Link to post
Share on other sites

I scanned it once and oddly, I got the BSOD... That's a tad worrying. Scanned it again and here's the log -

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-25 20:08:00

-----------------------------

20:08:00.928 OS Version: Windows x64 6.0.6002 Service Pack 2

20:08:00.929 Number of processors: 2 586 0x170A

20:08:00.930 ComputerName: XYZ-XTREMESPEED UserName: XLR8

20:08:03.359 Initialize success

20:08:18.386 AVAST engine defs: 12042500

20:08:21.133 The log file has been saved successfully to "C:\Users\XLR8\Desktop\Documents\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-25 20:08:00

-----------------------------

20:08:00.928 OS Version: Windows x64 6.0.6002 Service Pack 2

20:08:00.929 Number of processors: 2 586 0x170A

20:08:00.930 ComputerName: XYZ-XTREMESPEED UserName: XLR8

20:08:03.359 Initialize success

20:08:18.386 AVAST engine defs: 12042500

20:08:21.133 The log file has been saved successfully to "C:\Users\XLR8\Desktop\Documents\aswMBR.txt"

20:09:04.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:09:04.276 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3

20:09:04.291 Disk 0 MBR read successfully

20:09:04.298 Disk 0 MBR scan

20:09:04.354 Disk 0 Windows VISTA default MBR code

20:09:04.362 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63

20:09:04.411 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920

20:09:04.437 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920

20:09:04.476 Disk 0 scanning C:\Windows\system32\drivers

20:09:19.465 Service scanning

20:09:55.682 Modules scanning

20:09:55.688 Disk 0 trace - called modules:

20:09:55.712 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll

20:09:55.716 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800659b1c0]

20:09:55.721 3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045de050]

20:09:58.256 AVAST engine scan C:\Windows

20:10:10.087 AVAST engine scan C:\Windows\system32

20:17:25.325 AVAST engine scan C:\Windows\system32\drivers

20:18:08.836 AVAST engine scan C:\Users\XLR8

20:45:09.482 AVAST engine scan C:\ProgramData

20:55:07.425 Scan finished successfully

21:04:33.107 Disk 0 MBR has been saved successfully to "C:\Users\XLR8\Desktop\Documents\MBR.dat"

21:04:33.119 The log file has been saved successfully to "C:\Users\XLR8\Desktop\Documents\aswMBR.txt"

Thanks.

Share this post


Link to post
Share on other sites

That scan looks OK.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Share this post


Link to post
Share on other sites

Unfortunately that won't be of much use... I don't think -

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

I would've posted a screenshot, but conveniently, my computer froze — for the 5th time in just a few days. I'm not sure if ComboFix has messed it up or something, but all processes crash and I have to manually reboot the computer... which isn't really ideal.

I did manage to save a log of the viruses though... sort-of...

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: XLR8 [Admin rights]

Mode: Scan -- Date: 04/23/2012 19:59:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM500JI +++++

--- User ---

[MBR] fcb4481e19d53dcf372f4acfc4f29676

[bSP] c6b9090b1b39f3797358b1cb44c2188c : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

It reported 6 viruses - one of which I'm fairly confident is a false positive.

Share this post


Link to post
Share on other sites

ComboFix creates a restore just before it runs, so we can always go back.

Those reg entries are OK...not malware related.

----------------------------------------

We just found out about some entries in Firefox that could cause this problem.

We have to scan the system with OTL though.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Share this post


Link to post
Share on other sites

OK, I didn't find what I was looking for but I found some other entries that shouldn't be on the system.

The proxy entry is back and OK, it's set by Bitdefender:

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;127.0.0.1:9421;

---------------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes,DefaultScope = {73945261-8DAA-437C-A4F4-802EF9099121}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{1BF6143E-9DAF-419D-8F1D-17E4EBA4643D}: "URL" = http://www.game.co.uk/search.aspx?s={searchTerms}&platform=*&sort=itemOrderasc
    IE - HKCU\..\SearchScopes\{2F92C50C-1C17-4331-B71D-8E7B3A4DB606}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{73945261-8DAA-437C-A4F4-802EF9099121}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7ADRA_enGB356
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F5E26185-54BF-447F-81B1-CA3B7039575A}&mid=85c0193d7cd9b3d8d52964610ed4c1d8-93cd5f6c99ff30966b8fcfa185b37fd07afaf0b6〈=us&ds=AVG&pr=&d=2012-02-23 10:36:05&v=10.0.0.7&sap=dsp&q={searchTerms}
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVGLS\avgssie.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - Startup: C:\Users\XLR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot and let me know, MrC</local>

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BF6143E-9DAF-419D-8F1D-17E4EBA4643D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BF6143E-9DAF-419D-8F1D-17E4EBA4643D}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F92C50C-1C17-4331-B71D-8E7B3A4DB606}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F92C50C-1C17-4331-B71D-8E7B3A4DB606}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{73945261-8DAA-437C-A4F4-802EF9099121}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73945261-8DAA-437C-A4F4-802EF9099121}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

File move failed. C:\Users\XLR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk scheduled to be moved on reboot.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: XLR8

->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: XLR8

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 4589329 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 22824 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 458305493 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 326 bytes

RecycleBin emptied: 595968 bytes

Total Files Cleaned = 442.00 mb

OTL by OldTimer - Version 3.2.42.1 log created on 04272012_183619

Files\Folders moved on Reboot...

File\Folder C:\Users\XLR8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.