TechSpot

Help removing virus -- Google redirect virus

Solved
By Jazzdeol
Jan 8, 2013
  1. Hello

    When using Google Chrome and IE and clicking on the search links, I am redirected to either ebay or back to the google homepage or an ad site. I have downloaded Microsoft Security Essentials and MBAM. I have copied and pasted the DDS logs. Thanks for any help you can give!

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 21/10/2011 21:21:56
    System Uptime: 08/01/2013 22:19:10 (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | N/A | 1667/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 179 GiB total, 34.599 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.0
    AirPort
    Alps Pointing-device for VAIO
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atlantis - Sky Patrol (remove only)
    AutoUpdate
    AVS Update Manager 1.0
    AVS Video Converter 8
    AVS4YOU Software Navigator 1.4
    Babylon toolbar on IE
    Big Fish Games Center
    Big Fish Games Sudoku (remove only)
    Bonjour
    Browser Address Error Redirector
    BT Desktop Help
    BTHomeHub
    Business Contact Manager for Outlook 2007 SP2
    Click to Disc
    Click to Disc Editor
    DivX Codec
    DivX Converter
    DivX Player
    FoxTab FLV Player
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GearDrvs
    Google Chrome
    Google Desktop
    Google Drive
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist Corporate
    HandBrake 0.9.5
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iCloud
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 7 Update 4
    JavaFX 2.1.0
    Jing
    Juniper Networks Network Connect 7.0.0
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    LeapFrog Connect
    LeapFrog My Pals Plugin
    Mahjong Towers Eternity (remove only)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 3.5 SP1
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Club VAIO
    Mystery Case Files - Prime Suspects (remove only)
    NEF Codec
    Nikon Message Center 2
    Nikon Movie Editor
    Nikon Transfer
    Norton 360
    OpenMG Limited Patch 4.7-07-15-19-01
    OpenMG Secure Module 4.7.00
    Optimizer Pro v3.0
    Picasa 3
    Picture Control Utility
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Activation Module
    Roxio Easy Media Creator Home
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Setting Utility Series
    Skype™ 5.10
    Sony Video Shared Library
    SpeedyPC Pro
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Launcher
    Vaio Marketing Tools
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.1
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Smart Network
    VAIO Update 3
    VAIO Wallpaper Contents
    ViewNX 2
    Virtual Villagers (remove only)
    VLC media player 1.1.11
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    WinDVD for VAIO
    Y-cam Setup
    Yahoo! Messenger
    Yontoo Layers Runtime 1.10.01
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.16982 BrowserJavaVersion: 10.4.1
    Run by pam at 22:30:04 on 2013-01-08
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.899 [GMT 0:00]
    .
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\AirPort\APAgent.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Optimizer Pro\OptProSmartScan.exe
    C:\Program Files\Optimizer Pro\OptProReminder.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    mDefault_Page_URL = hxxp://www.club-vaio.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.4.35.10\bh\BabylonToolbar.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.4.35.10\BabylonToolbarTlbr.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Optimizer Pro] c:\program files\optimizer pro\OptProLauncher.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
    mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
    mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
    mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: mswsock.dll
    DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://192.168.1.72/en/cab/ipcamera.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{25AB1095-CB38-4A3C-9491-093F24DD7A09} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{4E9F0D6E-5E79-48E8-BBAC-94509A04E378} : DHCPNameServer = 192.168.1.254
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-8 398184]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-8 682344]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2011-10-21 204800]
    R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-8-28 369152]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-8 21104]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-7 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-7 812544]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2011-10-21 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2011-10-21 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2011-10-21 1089536]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2011-10-21 292128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2011-10-21 79136]
    .
    =============== File Associations ===============
    .
    ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-01-08 22:02:03 -------- d-----w- c:\users\pam\appdata\roaming\Malwarebytes
    2013-01-08 22:01:40 -------- d-----w- c:\programdata\Malwarebytes
    2013-01-08 22:01:35 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-01-08 22:01:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-01-08 21:50:19 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{75f4a18d-a615-4f62-8fad-3bc26a7135bc}\mpengine.dll
    2013-01-08 21:46:18 -------- d-----w- c:\program files\Microsoft Security Client
    2013-01-08 21:39:58 -------- d-----w- c:\users\pam\appdata\roaming\Optimizer Pro
    2013-01-08 21:39:53 -------- d-----w- c:\program files\Optimizer Pro
    2013-01-07 17:27:08 -------- d-----w- c:\users\pam\appdata\local\Nikon
    2013-01-07 17:25:03 57344 ----a-r- c:\users\pam\appdata\roaming\microsoft\installer\{87441a59-5e64-4096-a170-14efe67200c3}\ARPPRODUCTICON.exe
    2013-01-07 17:22:08 -------- d-----w- c:\users\pam\appdata\local\Downloaded Installations
    2013-01-07 14:48:23 -------- d-----w- c:\program files\common files\muvee Technologies
    2013-01-04 19:45:06 -------- d-----w- c:\users\pam\appdata\local\CRE
    2013-01-04 14:00:45 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c3aea22d-fddb-4c47-b7d8-204812a9089f}\mpengine.dll
    2012-12-18 18:53:40 -------- d-----w- c:\program files\iPod
    2012-12-18 18:53:32 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-12-18 18:46:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2012-12-12 20:34:39 -------- d-----w- c:\program files\Y-cam Solutions
    .
    ==================== Find3M ====================
    .
    2013-01-08 21:57:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 21:57:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-07 17:22:37 106496 ----a-w- c:\windows\system32\ATL71.DLL
    2012-11-24 15:41:43 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-11-24 15:41:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-10-25 03:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 03:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 22:31:06.70 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==========================

    I still need MBAM log.
     
  3. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    MBAM log attached. Thanks

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.01.08.12
    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.16982
    pam :: PAM-PC [administrator]
    Protection: Enabled
    08/01/2013 22:03:02
    mbam-log-2013-01-08 (22-03-02).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 207282
    Time elapsed: 12 minute(s), 4 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 6
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: ;áÃzÊ;XA³0öm»Áµ -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.
    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=1&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40) Good: (http://www.google.com) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\pam\AppData\Local\Temp\I3Y5TQ7.exe (Spyware.Password) -> Quarantined and deleted successfully.
    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===========================

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  5. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows Vista (6.0.6000 ) 32 bits version
    Started in : Normal mode
    User : pam [Admin rights]
    Mode : Remove -- Date : 01/10/2013 14:34:52
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\U\000000cb.@ --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\U\80000000.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-471070702-2554387855-4026437902-1003\$007922626a98685f118f7388c924c13d\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\L\201d3dde --> REMOVED
    [Del.Parent][FILE] 76603ac3 : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\L\76603ac3 --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$007922626a98685f118f7388c924c13d\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-471070702-2554387855-4026437902-1003\$007922626a98685f118f7388c924c13d\L --> REMOVED
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: FUJITSU MHY2200BH +++++
    --- User ---
    [MBR] 9b7860429c4b243e5836caf2d5cf86cf
    [BSP] 2686ef3211d02b6c77543b01ed185795 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 7542 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 15448064 | Size: 183238 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2]_D_01102013_02d1434.txt >>
    RKreport[1]_S_01102013_02d1433.txt ; RKreport[2]_D_01102013_02d1434.txt
     
  6. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.10.12
    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.16982
    pam :: PAM-PC [administrator]
    10/01/2013 22:37:37
    mbar-log-2013-01-10 (22-37-37).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29802
    Time elapsed: 18 minute(s), 7 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 2
    C:\$Recycle.Bin\S-1-5-18\$007922626a98685f118f7388c924c13d (Trojan.Siredef.C) -> Delete on reboot.
    C:\$Recycle.Bin\S-1-5-21-471070702-2554387855-4026437902-1003\$007922626a98685f118f7388c924c13d (Trojan.Siredef.C) -> Delete on reboot.
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  7. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.10.12
    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.16982
    pam :: PAM-PC [administrator]
    10/01/2013 22:53:28
    mbar-log-2013-01-10 (22-53-28).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 29802
    Time elapsed: 14 minute(s), 27 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  8. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    These are the 2 files you requested. Thanks
     
  9. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    I still need system-log.txt
     
  10. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    Here you go
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6000 Windows Vista x86
    Account is Administrative
    Internet Explorer version: 7.0.6000.16982
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.662000 GHz
    Memory total: 2136801280, free: 786935808
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6000 Windows Vista x86
    Account is Administrative
    Internet Explorer version: 7.0.6000.16982
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.662000 GHz
    Memory total: 2136801280, free: 789037056
    Could not load protection driver
    ------------ Kernel report ------------
    01/10/2013 22:18:32
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\iastorv.sys
    \SystemRoot\system32\drivers\iastor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\yk60x86.sys
    \SystemRoot\system32\DRIVERS\NETw4v32.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\drivers\ti21sony.sys
    \SystemRoot\system32\DRIVERS\SFEP.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\DMICall.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\drivers\regi.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\xaudio.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\WUDFPf.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    \??\C:\Windows\system32\drivers\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff877f8ad8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xffffffff872582f0
    Lower Device Driver Name: \Driver\ti21sony\
    Driver name found: ti21sony
    DriverEntry returned 0x0
    Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff87255ad8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000059\
    Lower Device Object: 0xffffffff8724e4b8
    Lower Device Driver Name: \Driver\ti21sony\
    Driver name found: ti21sony
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff85a67978
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xffffffff84a06030
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.10.12
    Downloaded database version: v2013.01.04.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff85a67978, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff85a67620, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff85a67978, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84a05f18, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84a06030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffffb1549b38, 0xffffffff85a67978, 0xffffffff8538e6c8
    Lower DeviceData: 0xffffffffb21e24f8, 0xffffffff84a06030, 0xffffffff843e6040
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 63C0F6DF
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 15446016
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 15448064 Numsec = 375271856
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 200049647616 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff87255ad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff877f6438, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87255ad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff8724e4b8, DeviceName: \Device\00000059\, DriverName: \Driver\ti21sony\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff877f8ad8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff877f87e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff877f8ad8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff872582f0, DeviceName: \Device\0000005a\, DriverName: \Driver\ti21sony\
    ------------ End ----------
    Done!
    Performing system, memory and registry scan...
    Infected: C:\$Recycle.Bin\S-1-5-18\$007922626a98685f118f7388c924c13d --> [Trojan.Siredef.C]
    Infected: C:\$Recycle.Bin\S-1-5-21-471070702-2554387855-4026437902-1003\$007922626a98685f118f7388c924c13d --> [Trojan.Siredef.C]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal successful. No system shutdown is required.
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6000 Windows Vista x86
    Account is Administrative
    Internet Explorer version: 7.0.6000.16982
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.662000 GHz
    Memory total: 2136801280, free: 727207936
    Could not load protection driver
    ------------ Kernel report ------------
    01/10/2013 22:38:47
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\pcmcia.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\iastorv.sys
    \SystemRoot\system32\drivers\iastor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\yk60x86.sys
    \SystemRoot\system32\DRIVERS\NETw4v32.sys
    \SystemRoot\system32\DRIVERS\ohci1394.sys
    \SystemRoot\system32\DRIVERS\1394BUS.SYS
    \SystemRoot\system32\drivers\ti21sony.sys
    \SystemRoot\system32\DRIVERS\SFEP.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\DMICall.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\drivers\regi.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\system32\DRIVERS\xaudio.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\DRIVERS\WUDFPf.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    \??\C:\Windows\system32\drivers\TrueSight.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff877f8ad8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\0000005a\
    Lower Device Object: 0xffffffff872582f0
    Lower Device Driver Name: \Driver\ti21sony\
    Device already Exists: 0xffffffff85387980
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff87255ad8
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000059\
    Lower Device Object: 0xffffffff8724e4b8
    Lower Device Driver Name: \Driver\ti21sony\
    Device already Exists: 0xffffffff8483b598
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff85a67978
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-0\
    Lower Device Object: 0xffffffff84a06030
    Lower Device Driver Name: \Driver\iaStor\
    Device already Exists: 0xffffffff843e6040
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff85a67978, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff85a67620, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff85a67978, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff84a05f18, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff84a06030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffffb1e31a18, 0xffffffff85a67978, 0xffffffff8538e6c8
    Lower DeviceData: 0xffffffffb21e24f8, 0xffffffff84a06030, 0xffffffff843e6040
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 63C0F6DF
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 15446016
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 15448064 Numsec = 375271856
    Partition file system is NTFS
    Partition is bootable
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 200049647616 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-390701968-390721968)...
    Physical Sector Size: 0
    Drive: 1, DevicePointer: 0xffffffff87255ad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff877f6438, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87255ad8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff8724e4b8, DeviceName: \Device\00000059\, DriverName: \Driver\ti21sony\
    ------------ End ----------
    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff877f8ad8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff877f87e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff877f8ad8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
    DevicePointer: 0xffffffff872582f0, DeviceName: \Device\0000005a\, DriverName: \Driver\ti21sony\
    ------------ End ----------
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6000 Windows Vista x86
    Account is Administrative
    Internet Explorer version: 7.0.6000.16982
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 1.662000 GHz
    Memory total: 2136801280, free: 811991040
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Still with me?
     
  13. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    Yes sorry I'm still here and trying to do what you've instructed but keep getting stuck as the click 'here' link doesn't seem to work. Can you assist?
     
  14. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Did you try all three links?
    Did you try different browser?
     
  15. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    ComboFix 13-01-17.01 - pam 18/01/2013 10:38:21.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1131 [GMT 0:00]
    Running from: c:\users\pam\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\0.bak
    c:\programdata\Frameworks
    c:\programdata\LaserPrinter
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1299.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc12DB.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1C5F.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E6.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2161.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc216F.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2676.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4868.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5801.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc59B3.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B9.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77D.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8528.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9875.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA288.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9D8.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4BA.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC4F.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCB2D.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD635.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD847.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDB34.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE02C.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE54D.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF160.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF578.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-17 11:11 . 2013-01-08 04:576991832----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14E3B7C2-BEC4-4713-8828-1B67AB5DA9C1}\mpengine.dll
    2013-01-15 22:19 . 2013-01-08 04:576991832----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-08 22:02 . 2013-01-08 22:02--------d-----w-c:\users\pam\AppData\Roaming\Malwarebytes
    2013-01-08 22:01 . 2013-01-08 22:01--------d-----w-c:\programdata\Malwarebytes
    2013-01-08 22:01 . 2012-12-14 16:4921104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-08 22:01 . 2013-01-09 10:54--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-08 21:46 . 2013-01-08 21:46--------d-----w-c:\program files\Microsoft Security Client
    2013-01-08 21:39 . 2013-01-08 21:39--------d-----w-c:\users\pam\AppData\Roaming\Optimizer Pro
    2013-01-08 21:39 . 2013-01-08 21:39--------d-----w-c:\program files\Optimizer Pro
    2013-01-07 17:27 . 2013-01-07 17:27--------d-----w-c:\users\pam\AppData\Local\Nikon
    2013-01-07 17:25 . 2013-01-07 17:2557344----a-r-c:\users\pam\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2013-01-07 17:22 . 2013-01-07 17:25--------d-----w-c:\users\pam\AppData\Local\Downloaded Installations
    2013-01-07 14:51 . 2013-01-07 17:27--------d-----w-c:\users\pam\AppData\Roaming\Nikon
    2013-01-07 14:48 . 2013-01-07 14:48--------d-----w-c:\program files\Common Files\muvee Technologies
    2013-01-07 14:48 . 2013-01-08 21:19--------d-----w-c:\programdata\Nikon
    2013-01-07 14:46 . 2013-01-07 17:24--------d-----w-c:\programdata\Ultima_T15
    2013-01-07 14:46 . 2013-01-07 17:24--------d-----w-c:\programdata\EnterNHelp
    2013-01-05 15:21 . 2013-01-05 15:21--------d-----w-c:\windows\Sun
    2013-01-04 19:45 . 2013-01-04 19:45--------d-----w-c:\users\pam\AppData\Local\CRE
    2013-01-04 14:00 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3AEA22D-FDDB-4C47-B7D8-204812A9089F}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-08 21:57 . 2012-10-19 19:17697864----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 21:57 . 2011-10-24 22:0874248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-07 17:22 . 2003-03-19 02:05106496----a-w-c:\windows\system32\ATL71.DLL
    2012-11-24 15:41 . 2003-03-19 03:14499712----a-w-c:\windows\system32\msvcp71.dll
    2012-11-24 15:41 . 2003-02-21 11:42348160----a-w-c:\windows\system32\msvcr71.dll
    2012-10-25 03:12 . 2012-10-25 03:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 03:12 . 2012-10-25 03:1269632----a-w-c:\windows\system32\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 443968]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-22 39408]
    "Optimizer Pro"="c:\program files\Optimizer Pro\OptProLauncher.exe" [2012-10-30 81952]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824]
    "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2011-11-21 10:3816680----a-w-c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:0598304----a-w-c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-15 22:001606760----a-w-c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 21:57]
    .
    2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 10:48]
    .
    2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 10:48]
    .
    2013-01-18 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
    .
    2013-01-17 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-10-04 20:42]
    .
    2013-01-15 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    2013-01-18 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://192.168.1.72/en/cab/ipcamera.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
    AddRemove-Juniper_Setup_Client Activex Control - c:\windows\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
    AddRemove-FoxTab FLV Player - c:\program files\FoxTabFLVPlayer\Uninstall\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-18 10:47
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    Completion time: 2013-01-18 10:50:33
    ComboFix-quarantined-files.txt 2013-01-18 10:50
    .
    Pre-Run: 37,176,762,368 bytes free
    Post-Run: 37,439,270,912 bytes free
    .
    - - End Of File - - C7175E2F4E413A0C605F9B26D26DD5E4
     
  16. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    
    Folder::
    c:\users\pam\AppData\Roaming\Optimizer Pro
    c:\program files\Optimizer Pro
    
    Driver::
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Optimizer Pro"=-
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    ComboFix 13-01-22.01 - pam 22/01/2013 21:30:59.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.655 [GMT 0:00]
    Running from: c:\users\pam\Downloads\ComboFix.exe
    Command switches used :: c:\users\pam\Desktop\CFScript.txt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Optimizer Pro
    c:\program files\Optimizer Pro\English.ini
    c:\program files\Optimizer Pro\file_id.diz
    c:\program files\Optimizer Pro\HomePage.url
    c:\program files\Optimizer Pro\OptimizerPro.chm
    c:\program files\Optimizer Pro\OptimizerPro.exe
    c:\program files\Optimizer Pro\OptProGuard.exe
    c:\program files\Optimizer Pro\OptProLauncher.exe
    c:\program files\Optimizer Pro\OptProReminder.exe
    c:\program files\Optimizer Pro\OptProSchedule.exe
    c:\program files\Optimizer Pro\OptProSmartScan.exe
    c:\program files\Optimizer Pro\OptProStart.exe
    c:\program files\Optimizer Pro\OptProUninstaller.exe
    c:\program files\Optimizer Pro\scan.gif
    c:\program files\Optimizer Pro\sqlite3.dll
    c:\program files\Optimizer Pro\unins000.dat
    c:\program files\Optimizer Pro\unins000.exe
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCAD.tmp
    c:\users\pam\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEDAB.tmp
    c:\users\pam\AppData\Roaming\Optimizer Pro
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-22 21:39 . 2013-01-22 21:39--------d-----w-c:\users\Default\AppData\Local\temp
    2013-01-22 16:32 . 2013-01-08 04:576991832----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{689EA1BA-FC5C-4735-8C1D-6B6F7E881FEA}\mpengine.dll
    2013-01-18 17:06 . 2013-01-18 17:06664448----a-r-c:\users\pam\AppData\Roaming\Microsoft\Installer\{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}\Icon.exe
    2013-01-18 17:05 . 2013-01-18 17:05--------d-----w-c:\users\pam\AppData\Local\Amazon
    2013-01-18 14:52 . 2013-01-08 04:576991832----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-18 10:50 . 2013-01-22 21:39--------d-----w-c:\users\pam\AppData\Local\temp
    2013-01-08 22:02 . 2013-01-08 22:02--------d-----w-c:\users\pam\AppData\Roaming\Malwarebytes
    2013-01-08 22:01 . 2013-01-08 22:01--------d-----w-c:\programdata\Malwarebytes
    2013-01-08 22:01 . 2012-12-14 16:4921104----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-08 22:01 . 2013-01-09 10:54--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-01-08 21:46 . 2013-01-08 21:46--------d-----w-c:\program files\Microsoft Security Client
    2013-01-07 17:27 . 2013-01-07 17:27--------d-----w-c:\users\pam\AppData\Local\Nikon
    2013-01-07 17:25 . 2013-01-07 17:2557344----a-r-c:\users\pam\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
    2013-01-07 17:22 . 2013-01-07 17:25--------d-----w-c:\users\pam\AppData\Local\Downloaded Installations
    2013-01-07 14:51 . 2013-01-07 17:27--------d-----w-c:\users\pam\AppData\Roaming\Nikon
    2013-01-07 14:48 . 2013-01-07 14:48--------d-----w-c:\program files\Common Files\muvee Technologies
    2013-01-07 14:48 . 2013-01-08 21:19--------d-----w-c:\programdata\Nikon
    2013-01-07 14:46 . 2013-01-07 17:24--------d-----w-c:\programdata\Ultima_T15
    2013-01-07 14:46 . 2013-01-07 17:24--------d-----w-c:\programdata\EnterNHelp
    2013-01-05 15:21 . 2013-01-05 15:21--------d-----w-c:\windows\Sun
    2013-01-04 19:45 . 2013-01-04 19:45--------d-----w-c:\users\pam\AppData\Local\CRE
    2013-01-04 14:00 . 2012-11-08 18:006812136----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3AEA22D-FDDB-4C47-B7D8-204812A9089F}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-08 21:57 . 2012-10-19 19:17697864----a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-01-08 21:57 . 2011-10-24 22:0874248----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-07 17:22 . 2003-03-19 02:05106496----a-w-c:\windows\system32\ATL71.DLL
    2012-11-24 15:41 . 2003-03-19 03:14499712----a-w-c:\windows\system32\msvcp71.dll
    2012-11-24 15:41 . 2003-02-21 11:42348160----a-w-c:\windows\system32\msvcr71.dll
    2012-10-25 03:12 . 2012-10-25 03:1294208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 03:12 . 2012-10-25 03:1269632----a-w-c:\windows\system32\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-17 19:50556648----a-w-c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 443968]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-22 39408]
    "Amazon Cloud Drive"="c:\users\pam\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-11-12 646528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-08-25 4669440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824]
    "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-05-27 753664]
    "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2011-11-21 10:3816680----a-w-c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:0598304----a-w-c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-01-15 22:001606760----a-w-c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-19 21:57]
    .
    2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 10:48]
    .
    2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-22 10:48]
    .
    2013-01-18 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
    .
    2013-01-22 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-10-04 20:42]
    .
    2013-01-22 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    2013-01-18 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://192.168.1.72/en/cab/ipcamera.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-22 21:39
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    Completion time: 2013-01-22 21:42:38
    ComboFix-quarantined-files.txt 2013-01-22 21:42
    ComboFix2.txt 2013-01-18 10:50
    .
    Pre-Run: 35,659,952,128 bytes free
    Post-Run: 35,641,397,248 bytes free
    .
    - - End Of File - - 870FC51ECC683AA21CF532D04ABEA797
     
  18. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    How is computer doing?

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    ==============================

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    # AdwCleaner v2.107 - Logfile created 01/23/2013 at 13:54:01
    # Updated 21/01/2013 by Xplode
    # Operating system : Windows Vista (TM) Home Premium (32 bits)
    # User : pam - PAM-PC
    # Boot Mode : Normal
    # Running from : C:\Users\pam\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\user.js
    Folder Deleted : C:\Program Files\BabylonToolbar
    Folder Deleted : C:\Program Files\Perion
    Folder Deleted : C:\Program Files\Yontoo Layers Runtime
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\pam\AppData\Local\Babylon
    Folder Deleted : C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Folder Deleted : C:\Users\pam\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\pam\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\pam\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\pam\AppData\Roaming\BabylonToolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Deleted : HKLM\Software\IB Updater
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6000.16982

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.12] : homepage = "hxxp://startsear.ch/?aff=1&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40",
    Deleted [l.1772] : homepage = "hxxp://startsear.ch/?aff=1&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40",

    *************************

    AdwCleaner[S1].txt - [8337 octets] - [23/01/2013 13:54:01]

    ########## EOF - C:\AdwCleaner[S1].txt - [8397 octets] ##########
     
  20. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.4.8 (01.21.2013:2)
    OS: Windows Vista (TM) Home Premium x86
    Ran by pam on 23/01/2013 at 14:06:21.12
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\Users\pam\desktop\optimizer pro.lnk"
    Successfully deleted: [File] "C:\Users\pam\desktop\speedypc pro.lnk"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
    Successfully deleted: [Folder] "C:\Users\pam\AppData\Roaming\drivercure"
    Successfully deleted: [Folder] "C:\Users\pam\AppData\Roaming\speedypc software"
    Successfully deleted: [Folder] "C:\Program Files\speedypc software"
    Successfully deleted: [Folder] "C:\Program Files\Common Files\speedypc software"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
    Successfully deleted: [Folder] "C:\Users\pam\AppData\Roaming\microsoft\windows\start menu\programs\speedypc software"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 23/01/2013 at 14:09:03.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  21. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 23/01/2013 14:11:09 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pam\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16982)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.83% Memory free
    4.19 Gb Paging File | 2.90 Gb Available in Paging File | 69.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.94 Gb Total Space | 33.21 Gb Free Space | 18.56% Space Free | Partition Type: NTFS

    Computer Name: PAM-PC | User Name: pam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/23 14:10:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pam\Downloads\OTL.exe
    PRC - [2013/01/23 14:04:47 | 000,498,790 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\pam\Downloads\JRT.exe
    PRC - [2013/01/08 00:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2012/11/23 11:50:48 | 002,011,824 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    PRC - [2012/11/12 13:36:46 | 000,646,528 | ---- | M] () -- C:\Users\pam\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    PRC - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\pcCMService.exe
    PRC - [2012/10/23 09:25:28 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\pam\AppData\Local\Amazon\Cloud Drive\jre\bin\javaw.exe
    PRC - [2012/09/28 13:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
    PRC - [2012/09/28 13:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/10/30 15:44:36 | 000,571,392 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe
    PRC - [2011/10/24 18:45:34 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/16 19:35:04 | 000,660,848 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    PRC - [2009/05/27 12:00:24 | 000,753,664 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
    PRC - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2008/06/05 10:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    PRC - [2007/11/07 21:11:42 | 000,036,864 | ---- | M] (Sony NSCE) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    PRC - [2007/10/31 21:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2007/09/20 16:23:16 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2007/09/20 16:23:16 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2007/09/19 19:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2007/09/12 00:29:47 | 000,443,968 | ---- | M] (Google Inc.) -- C:\Program Files\Picasa2\PicasaMediaDetector.exe
    PRC - [2007/08/28 23:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    PRC - [2007/08/28 23:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2007/06/28 15:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2007/06/10 00:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2007/06/10 00:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2007/06/10 00:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2007/05/31 16:32:14 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/11/02 09:44:59 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/23 13:30:46 | 000,541,696 | ---- | M] () -- C:\Users\pam\AppData\Local\temp\sqlite-3.7.2-sqlitejdbc.dll
    MOD - [2013/01/08 00:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll
    MOD - [2013/01/08 00:06:21 | 012,459,624 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    MOD - [2013/01/08 00:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    MOD - [2013/01/08 00:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
    MOD - [2013/01/08 00:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll
    MOD - [2013/01/08 00:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
    MOD - [2012/11/12 13:36:46 | 000,646,528 | ---- | M] () -- C:\Users\pam\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
    MOD - [2011/10/28 10:12:17 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll
    MOD - [2011/10/28 10:11:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
    MOD - [2011/10/28 09:46:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
    MOD - [2011/10/28 09:46:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll
    MOD - [2011/10/28 09:45:49 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll
    MOD - [2011/10/28 09:44:08 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
    MOD - [2011/10/28 09:43:40 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/09/20 00:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - [2013/01/08 21:57:46 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/09/28 13:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2011/11/21 10:38:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
    SRV - [2010/12/16 19:35:04 | 000,660,848 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
    SRV - [2009/02/20 08:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/11/07 00:46:38 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/29 04:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2007/09/21 01:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2007/09/20 16:23:16 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
    SRV - [2007/08/28 23:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2007/08/28 23:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2007/06/28 15:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2007/06/28 15:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
    SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
    SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
    SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
    SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
    SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\pam\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/11/23 11:50:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2012/11/23 11:50:36 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/12/16 19:11:14 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
    DRV - [2007/10/25 00:04:01 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2007/09/20 00:17:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2007/09/19 03:29:09 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
    DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2007/06/10 00:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
    DRV - [2007/02/14 02:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/11/02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{BB3A76E1-41EE-45C6-9D4D-EF36FC1CA6A9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40&q={searchTerms}
    IE - HKLM\..\SearchScopes\{ECFC8FF8-7704-4C84-9D2E-47EA54103139}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..\SearchScopes,DefaultScope = {BB3A76E1-41EE-45C6-9D4D-EF36FC1CA6A9}
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..\SearchScopes\{BB3A76E1-41EE-45C6-9D4D-EF36FC1CA6A9}: "URL" = http://www.google.com/search?q={sea...Encoding}&sourceid=ie7&rlz=1I7SNYK_en-GBGB454
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..\SearchScopes\{ECFC8FF8-7704-4C84-9D2E-47EA54103139}: "URL" = http://www.google.com/search?q={sea...Encoding}&sourceid=ie7&rlz=1I7SNYK_en-GBGB454
    IE - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\Motive.com/npMotiveRequest,version=1.0: C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)


    [2012/11/24 15:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    ========== Chrome ==========

    CHR - homepage: http://startsear.ch/?aff=1&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://startsear.ch/?aff=1&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
    CHR - plugin: Perion plugin (Enabled) = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\10.13.20.29_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\10.13.20.29_0\plugins/np-cwmp.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: BT DesktopHelp plug-in (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
    CHR - plugin: BT Management plug-in (Enabled) = C:\Program Files\Common Files\Motive\npMotiveRequest.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: BT DesktopHelp extension = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
    CHR - Extension: Gmail = C:\Users\pam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013/01/22 21:39:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
    O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
    O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003..\Run: [Amazon Cloud Drive] C:\Users\pam\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe ()
    O4 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} http://192.168.1.72/en/cab/ipcamera.cab (IPCamera Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.4.1)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{25AB1095-CB38-4A3C-9491-093F24DD7A09}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E9F0D6E-5E79-48E8-BBAC-94509A04E378}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/23 14:06:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/23 14:05:59 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/22 21:42:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/22 21:42:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/18 17:06:23 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
    [2013/01/18 17:05:47 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Local\Amazon
    [2013/01/18 10:50:35 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Local\temp
    [2013/01/18 10:35:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/18 10:35:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/18 10:35:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2013/01/18 10:35:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/17 11:03:15 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/11 13:59:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/10 22:16:33 | 000,000,000 | ---D | C] -- C:\Users\pam\Documents\mbar-1.01.0.1011[1]
    [2013/01/10 14:32:09 | 000,000,000 | ---D | C] -- C:\Users\pam\Desktop\RK_Quarantine
    [2013/01/08 22:02:03 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Roaming\Malwarebytes
    [2013/01/08 22:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/08 22:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/08 22:01:35 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/08 22:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/01/08 21:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/01/08 21:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2013/01/07 17:27:08 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Local\Nikon
    [2013/01/07 17:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
    [2013/01/07 17:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
    [2013/01/07 17:22:08 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Local\Downloaded Installations
    [2013/01/07 16:52:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/01/07 14:51:51 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Roaming\Nikon
    [2013/01/07 14:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Transfer
    [2013/01/07 14:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
    [2013/01/07 14:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
    [2013/01/07 14:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
    [2013/01/07 14:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
    [2013/01/07 14:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
    [2013/01/05 15:21:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2013/01/04 19:45:06 | 000,000,000 | ---D | C] -- C:\Users\pam\AppData\Local\CRE
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/23 14:02:00 | 000,672,954 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/23 14:02:00 | 000,126,892 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/23 13:57:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/23 13:55:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/23 13:55:36 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2013/01/23 13:55:27 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/23 13:55:27 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/23 13:55:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/23 13:55:17 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/23 13:34:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/22 21:39:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2013/01/22 21:26:38 | 000,000,534 | ---- | M] () -- C:\Users\pam\Desktop\ComboFix - Shortcut.lnk
    [2013/01/22 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2013/01/22 17:09:16 | 000,110,080 | ---- | M] () -- C:\Users\pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/22 17:04:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
    [2013/01/19 01:39:14 | 005,387,653 | ---- | M] () -- C:\Users\pam\Documents\DSC_0276.JPG
    [2013/01/19 01:37:18 | 005,557,661 | ---- | M] () -- C:\Users\pam\Documents\DSC_0259.JPG
    [2013/01/18 10:38:54 | 000,001,995 | ---- | M] () -- C:\Users\pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/18 10:38:54 | 000,001,971 | ---- | M] () -- C:\Users\pam\Desktop\Google Chrome.lnk
    [2013/01/18 10:30:30 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
    [2013/01/18 10:30:13 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2013/01/17 15:03:21 | 000,059,401 | ---- | M] () -- C:\Users\pam\Documents\pru health.pdf
    [2013/01/09 10:54:36 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/08 21:46:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/01/07 17:27:10 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
    [2013/01/07 17:24:01 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Generic
    [2013/01/07 17:24:01 | 000,000,268 | RH-- | M] () -- C:\Users\pam\AppData\Roaming\Funk Animals
    [2013/01/07 17:24:01 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
    [2013/01/07 17:24:01 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Horn Section
    [2013/01/07 17:23:17 | 000,001,952 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Grand Piano
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Gems
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | M] () -- C:\Users\pam\AppData\Roaming\Galactic Static
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | M] () -- C:\Users\pam\AppData\Roaming\Fruit
    [2013/01/07 17:22:56 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
    [2013/01/07 17:22:56 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Hybrid Basic
    [2013/01/07 17:22:56 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Home
    [2013/01/07 17:21:48 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT
    [2013/01/07 17:21:46 | 000,000,268 | RH-- | M] () -- C:\Users\pam\AppData\Roaming\Halftone
    [2013/01/07 14:50:21 | 000,000,268 | RH-- | M] () -- C:\Users\pam\AppData\Roaming\Folder Actions Handlers
    [2013/01/07 14:50:21 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdw.DAT
    [2013/01/07 14:50:21 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Grapher
    [2013/01/07 14:48:46 | 000,001,979 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
    [2013/01/07 14:48:25 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
    [2013/01/07 14:46:54 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Fonts
    [2013/01/07 14:46:54 | 000,000,268 | RH-- | M] () -- C:\Users\pam\AppData\Roaming\Flowers
    [2013/01/07 14:46:54 | 000,000,012 | RH-- | M] () -- C:\ProgramData\Galaxy Swirl
    [2013/01/03 21:26:13 | 221,178,593 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/22 21:26:38 | 000,000,534 | ---- | C] () -- C:\Users\pam\Desktop\ComboFix - Shortcut.lnk
    [2013/01/18 16:58:22 | 005,387,653 | ---- | C] () -- C:\Users\pam\Documents\DSC_0276.JPG
    [2013/01/18 16:54:16 | 005,557,661 | ---- | C] () -- C:\Users\pam\Documents\DSC_0259.JPG
    [2013/01/18 10:35:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/18 10:35:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/18 10:35:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/18 10:35:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/18 10:35:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/17 15:03:21 | 000,059,401 | ---- | C] () -- C:\Users\pam\Documents\pru health.pdf
    [2013/01/08 22:01:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/08 21:46:43 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2013/01/08 21:46:29 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/01/08 20:48:16 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/07 17:24:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Generic
    [2013/01/07 17:24:01 | 000,000,268 | RH-- | C] () -- C:\Users\pam\AppData\Roaming\Funk Animals
    [2013/01/07 17:24:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
    [2013/01/07 17:24:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Horn Section
    [2013/01/07 17:23:17 | 000,001,952 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Grand Piano
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Gems
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | C] () -- C:\Users\pam\AppData\Roaming\Galactic Static
    [2013/01/07 17:22:56 | 000,000,268 | RH-- | C] () -- C:\Users\pam\AppData\Roaming\Fruit
    [2013/01/07 17:22:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
    [2013/01/07 17:22:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
    [2013/01/07 17:22:56 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Hybrid Basic
    [2013/01/07 17:21:46 | 000,000,268 | RH-- | C] () -- C:\Users\pam\AppData\Roaming\Halftone
    [2013/01/07 17:21:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
    [2013/01/07 17:21:46 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Home
    [2013/01/07 16:52:26 | 000,001,995 | ---- | C] () -- C:\Users\pam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/07 16:52:26 | 000,001,971 | ---- | C] () -- C:\Users\pam\Desktop\Google Chrome.lnk
    [2013/01/07 14:50:21 | 000,000,268 | RH-- | C] () -- C:\Users\pam\AppData\Roaming\Folder Actions Handlers
    [2013/01/07 14:50:21 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
    [2013/01/07 14:50:21 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Grapher
    [2013/01/07 14:48:46 | 000,001,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
    [2013/01/07 14:48:25 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\Nikon Transfer.lnk
    [2013/01/07 14:46:54 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fonts
    [2013/01/07 14:46:54 | 000,000,268 | RH-- | C] () -- C:\Users\pam\AppData\Roaming\Flowers
    [2013/01/07 14:46:54 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
    [2013/01/07 14:46:54 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Galaxy Swirl
    [2013/01/03 21:25:42 | 221,178,593 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/10/22 09:33:06 | 000,110,080 | ---- | C] () -- C:\Users\pam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/22 09:33:04 | 000,000,680 | ---- | C] () -- C:\Users\pam\AppData\Local\d3d9caps.dat
    [2011/10/21 20:46:52 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2011/10/21 20:28:24 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011/10/24 18:48:43 | 011,315,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2011/10/24 18:35:31 | 000,614,912 | ---- | M] (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 09:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/06/08 16:29:30 | 000,000,000 | ---D | M] -- C:\Users\pam\AppData\Roaming\Copyright © 2011-2012 RealNetworks
    [2011/11/02 13:28:51 | 000,000,000 | ---D | M] -- C:\Users\pam\AppData\Roaming\HandBrake
    [2012/06/06 14:48:59 | 000,000,000 | ---D | M] -- C:\Users\pam\AppData\Roaming\Juniper Networks
    [2013/01/07 17:27:09 | 000,000,000 | ---D | M] -- C:\Users\pam\AppData\Roaming\Nikon
    [2013/01/07 16:49:43 | 000,000,000 | ---D | M] -- C:\Users\pam\AppData\Roaming\RCP 6
    [2012/06/07 16:29:34 | 000,000,000 | ---D | M] -- C:\Users\pam\AppData\Roaming\rinsebyreal

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
    < End of report >
     
  22. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 23/01/2013 14:11:09 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pam\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.16982)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.83% Memory free
    4.19 Gb Paging File | 2.90 Gb Available in Paging File | 69.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 178.94 Gb Total Space | 33.21 Gb Free Space | 18.56% Space Free | Partition Type: NTFS

    Computer Name: PAM-PC | User Name: pam | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
    "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
    "{293FE8CE-376E-4F5E-B129-D3A2065F2EA7}" = Amazon Cloud Drive
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{365B0FA3-6638-43CF-B47E-1D4219B73D85}_is1" = Y-cam Setup
    "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
    "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
    "{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
    "{637AF5A9-CFD1-43D7-A622-8F93954E92E3}" = AirPort
    "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
    "{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
    "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
    "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
    "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
    "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
    "{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
    "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6B3114F-945B-4980-BF7A-AF12E9161A0F}" = iCloud
    "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
    "{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1A6A09F-5FF3-4648-B293-CDF044348A24}" = LeapFrog My Pals Plugin
    "{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect
    "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
    "AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
    "Big Fish Games Center" = Big Fish Games Center
    "Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
    "BT Desktop Help" = BT Desktop Help
    "BTHomeHub" = BTHomeHub
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "dt icon module" =
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "GoToAssist" = GoToAssist Corporate
    "gtfirstboot Setting Request" =
    "HandBrake" = HandBrake 0.9.5
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
    "Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MarketingTools" = Vaio Marketing Tools
    "MFU Module" =
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    "Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
    "Picasa 3" = Picasa 3
    "PROHYBRIDR" = 2007 Microsoft Office system
    "UPCShell" = LeapFrog Connect
    "VAIO Help and Support" =
    "VAIO_My Club VAIO" = My Club VAIO
    "Virtual Villagers" = Virtual Villagers (remove only)
    "VLC media player" = VLC media player 1.1.11
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Setup_Client" = Juniper Networks Setup Client

    < End of report >
     
  23. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    Computer seems to be ok now, no longer redirecting internet searches back to google home page. is it fixed?
     
  24. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Very good :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
      IE - HKLM\..\SearchScopes\{BB3A76E1-41EE-45C6-9D4D-EF36FC1CA6A9}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=2bc01d2c-33cb-11e1-add5-001a80b5dc40&q={searchTerms}
      O15 - HKU\S-1-5-21-471070702-2554387855-4026437902-1003\..Trusted Ranges: GD ([http] in Local intranet)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. Jazzdeol

    Jazzdeol TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Service CLTNetCnService stopped successfully!
    Service CLTNetCnService deleted successfully!
    File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB3A76E1-41EE-45C6-9D4D-EF36FC1CA6A9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB3A76E1-41EE-45C6-9D4D-EF36FC1CA6A9}\ not found.
    Registry value HKEY_USERS\S-1-5-21-471070702-2554387855-4026437902-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56664 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pam
    ->Temp folder emptied: 1650873 bytes
    ->Temporary Internet Files folder emptied: 67206309 bytes
    ->Java cache emptied: 1165897 bytes
    ->Google Chrome cache emptied: 94936479 bytes
    ->Flash cache emptied: 31983 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 163699 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 83274 bytes
    RecycleBin emptied: 23867652 bytes

    Total Files Cleaned = 180.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: pam
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: pam
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 01252013_205833

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.