also @ TechSpot: Google challenges U.S. gag order, citing First Amendment

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Infected with apype browser hacker virus

Discussion in 'Virus and Malware Removal' started by vicky279, Sep 18, 2012.

Page 3 of 4

vicky279 Newcomer, in training Posts: 51

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 23:47:22
-----------------------------
23:47:22.527 OS Version: Windows 6.1.7601 Service Pack 1
23:47:22.527 Number of processors: 2 586 0xF0D
23:47:22.530 ComputerName: VICKY-PC UserName: Vicky
23:47:42.219 Initialize success
23:58:07.481 AVAST engine defs: 12092700
00:01:55.320 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:01:55.323 Disk 0 Vendor: WDC_WD2500AAJS-07M0A0 01.03E01 Size: 238475MB BusType: 3
00:01:55.346 Disk 0 MBR read successfully
00:01:55.349 Disk 0 MBR scan
00:01:55.355 Disk 0 Windows 7 default MBR code
00:01:55.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:01:55.400 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 54902 MB offset 206848
00:01:55.407 Disk 0 Partition - 00 0F Extended LBA 183468 MB offset 112647780
00:01:55.429 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 91786 MB offset 112648192
00:01:55.437 Disk 0 Partition - 00 05 Extended 91681 MB offset 300627905
00:01:55.458 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 60051 MB offset 300627968
00:01:55.467 Disk 0 Partition - 00 05 Extended 31629 MB offset 611594526
00:01:55.487 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 31629 MB offset 423614464
00:01:55.501 Disk 0 scanning sectors +488392065
00:01:55.558 Disk 0 scanning C:\Windows\system32\drivers
00:02:07.034 Service scanning
00:02:33.977 Modules scanning
00:02:42.053 Disk 0 trace - called modules:
00:02:42.069 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8631f1e8]<<
00:02:42.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864df030]
00:02:42.087 3 CLASSPNP.SYS[8c79a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x863b4030]
00:02:42.096 \Driver\atapi[0x863885c0] -> IRP_MJ_CREATE -> 0x8631f1e8
00:02:42.494 AVAST engine scan C:\Windows
00:02:45.589 AVAST engine scan C:\Windows\system32
00:05:56.140 AVAST engine scan C:\Windows\system32\drivers
00:06:11.064 AVAST engine scan C:\Users\Vicky
00:19:57.963 AVAST engine scan C:\ProgramData
00:22:46.133 Scan finished successfully
00:23:20.083 Disk 0 MBR has been saved successfully to "C:\Users\Vicky\Desktop\MBR.dat"
00:23:20.091 The log file has been saved successfully to "C:\Users\Vicky\Desktop\aswMBR.txt"

3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~ |…ƒÅâñÍˆV UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh fÿvh h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþNu€~ €„Š ²€ë„U2äŠV Í]ëž>þ}Uªunÿv è uú°Ñædèƒ °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh» fh fh fSfSfUfh fh | fah ÍZ2öê | Í ·ë ¶ë µ2ä ‹ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system c{š €k †0 †0ßÓÿ ( °³ ßÓÿßÓÿdÞ¶ge Uª

vicky279, Sep 27, 2012

#41
Jay Pfoutz Malware Helper Posts: 4,286 +49

Yes, make a backup of bookmarks. Make sure to write down favorite extensions, so you know what to get next time.

But, let me know if that helps.

Jay Pfoutz, Sep 28, 2012

#42
vicky279 Newcomer, in training Posts: 51

Uninstalled IceDragon, Mozilla maintenance service, Firefox and reinstalled after restart. Didn't work.

vicky279, Sep 29, 2012

#43
Jay Pfoutz Malware Helper Posts: 4,286 +49

Check Partitions

Please download Listparts
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.

Jay Pfoutz, Sep 29, 2012

#44
vicky279 Newcomer, in training Posts: 51

ListParts by Farbar Version: 25-09-2012
Ran by Vicky (administrator) on 29-09-2012 at 23:41:53
Windows 7 (X86)
Running From: C:\Users\Vicky\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 29%
Total physical RAM: 3071.3 MB
Available physical RAM: 2159.71 MB
Total Pagefile: 6138.84 MB
Available Pagefile: 4942.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:53.62 GB) (Free:10.84 GB) NTFS
2 Drive d: () (Fixed) (Total:89.63 GB) (Free:5.68 GB) NTFS
3 Drive e: () (Fixed) (Total:58.64 GB) (Free:0.09 GB) NTFS
4 Drive f: () (Fixed) (Total:30.89 GB) (Free:0.55 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 53 GB 101 MB
Partition 0 Extended 179 GB 53 GB
Partition 3 Logical 89 GB 53 GB
Partition 4 Logical 58 GB 143 GB
Partition 5 Logical 30 GB 201 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 53 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 D NTFS Partition 89 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E NTFS Partition 58 GB Healthy

======================================================================================================

Disk: 0
Partition 5
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F NTFS Partition 30 GB Healthy

======================================================================================================

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {8fb4e6c0-2757-11e1-8bcc-929dc6504459}
resumeobject {8fb4e6bf-2757-11e1-8bcc-929dc6504459}
displayorder {8fb4e6c0-2757-11e1-8bcc-929dc6504459}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30

Windows Boot Loader
-------------------
identifier {8fb4e6c0-2757-11e1-8bcc-929dc6504459}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {8fb4e6c1-2757-11e1-8bcc-929dc6504459}
recoveryenabled Yes
testsigning No
osdevice partition=C:
systemroot \Windows
resumeobject {8fb4e6bf-2757-11e1-8bcc-929dc6504459}
nx OptIn

Windows Boot Loader
-------------------
identifier {8fb4e6c1-2757-11e1-8bcc-929dc6504459}
device ramdisk=[C:]\Recovery\8fb4e6c1-2757-11e1-8bcc-929dc6504459\Winre.wim,{8fb4e6c2-2757-11e1-8bcc-929dc6504459}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[C:]\Recovery\8fb4e6c1-2757-11e1-8bcc-929dc6504459\Winre.wim,{8fb4e6c2-2757-11e1-8bcc-929dc6504459}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Resume from Hibernate
---------------------
identifier {8fb4e6bf-2757-11e1-8bcc-929dc6504459}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae No
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Hypervisor Settings
-------------------
identifier {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Device options
--------------
identifier {8fb4e6c2-2757-11e1-8bcc-929dc6504459}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\8fb4e6c1-2757-11e1-8bcc-929dc6504459\boot.sdi

****** End Of Log ******

vicky279, Sep 29, 2012

#45

Jay Pfoutz Malware Helper Posts: 4,286 +49

Next OTL log Quick Scan please.

Jay Pfoutz, Sep 30, 2012

#46

vicky279 Newcomer, in training Posts: 51

Okay I have deleted many unwanted softwares. Here are the OTL Quick scan logs
OTL logfile created on: 01-Oct-12 1:09:23 AM - Run 4
OTL by OldTimer - Version 3.2.66.0 Folder = C:\Users\Vicky\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.00 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 70.96% Memory free
5.99 Gb Paging File | 5.03 Gb Available in Paging File | 83.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53.62 Gb Total Space | 14.03 Gb Free Space | 26.16% Space Free | Partition Type: NTFS
Drive D: | 89.63 Gb Total Space | 5.86 Gb Free Space | 6.53% Space Free | Partition Type: NTFS
Drive E: | 58.64 Gb Total Space | 0.54 Gb Free Space | 0.92% Space Free | Partition Type: NTFS
Drive F: | 30.89 Gb Total Space | 0.38 Gb Free Space | 1.23% Space Free | Partition Type: NTFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2012-08-22 20:24:50 | 000,369,544 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessGovernor.exe
PRC - [2012-08-22 20:24:48 | 000,677,256 | ---- | M] (Bitsum Technologies) -- C:\Program Files\Process Lasso\ProcessLasso.exe
PRC - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-05-15 14:57:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\nlssrv32.exe
PRC - [2012-03-09 16:58:08 | 002,906,112 | ---- | M] (NeoSoft Tools) -- C:\Program Files\Chameleon Folder 2\chfolder.exe
PRC - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011-12-26 21:06:50 | 001,451,928 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
PRC - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
PRC - [2011-12-26 21:03:39 | 000,064,048 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
PRC - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
PRC - [2011-11-11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011-02-25 11:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010-11-20 17:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010-03-16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

========== Modules (No Company Name) ==========

MOD - [2012-03-09 13:15:40 | 000,894,464 | ---- | M] () -- C:\Program Files\Chameleon Folder 2\cf.dll
MOD - [2011-12-26 21:05:09 | 000,185,040 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\framework.dll
MOD - [2011-12-26 21:03:12 | 000,189,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\txmlutil.dll
MOD - [2011-12-26 21:02:38 | 000,109,344 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2011\connector.dll
MOD - [2011-11-11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011-11-11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011-11-11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011-11-11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011-11-11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011-11-11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011-11-11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011-08-12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll

========== Services (SafeList) ==========

SRV - [2012-08-13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012-07-28 02:21:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012-06-07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-05-15 15:56:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012-05-15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012-03-28 23:47:48 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\nlssrv32.exe -- (nlsX86cc)
SRV - [2012-02-16 13:49:28 | 002,310,544 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011-12-26 21:04:20 | 002,090,016 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe -- (VSSERV)
SRV - [2011-12-26 21:01:49 | 000,043,936 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe -- (Updatesrv)
SRV - [2010-11-30 07:19:06 | 000,307,544 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV - [2010-07-23 12:24:48 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2010-06-25 22:37:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010-03-25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-07-14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-11-10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nbdrv.sys -- (Nbdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Vicky\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acg89omk)
DRV - [2012-08-07 16:06:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012-05-24 16:34:59 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012-05-15 15:56:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012-04-29 13:48:14 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012-04-29 13:46:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012-04-18 22:38:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012-02-02 21:08:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012-01-18 12:14:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011-12-26 21:03:38 | 000,122,552 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys -- (bdselfpr)
DRV - [2011-12-26 21:02:05 | 000,306,320 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\trufos.sys -- (Trufos)
DRV - [2011-12-08 05:22:36 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011-12-08 05:22:36 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011-12-08 05:22:36 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011-11-07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011-08-31 14:38:08 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011-06-23 12:13:04 | 001,068,216 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\wcmvcam.sys -- (WCMVCAM)
DRV - [2011-05-06 23:29:32 | 000,024,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lmvac.sys -- (LTXMD_VAC)
DRV - [2011-03-24 15:36:18 | 000,353,096 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010-11-29 14:12:20 | 001,066,232 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2010-11-29 14:12:14 | 000,535,824 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2010-11-20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 15:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-08-20 18:41:54 | 000,088,144 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2010-08-20 15:41:58 | 000,072,784 | ---- | M] (BitDefender) [Kernel | System | Running] -- c:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys -- (Bdfndisf)
DRV - [2010-06-25 22:37:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010-05-13 16:52:04 | 000,152,528 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009-12-30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009-07-14 05:15:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=fp-spt_gen
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC ED 73 4E 17 BB CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95853F18-90B6-4472-A2AD-3BFAF5F5A51F}
IE - HKCU\..\SearchScopes\{48444E1A-FD18-45C6-92C1-3A8819B65AE0}: "URL" = http://in.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..extensions.enabledAddons: FFToolbar@bitdefender.com:8.0
FF - prefs.js..extensions.enabledAddons: {B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}:0.3.7.2
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Vicky\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Vicky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Vicky\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdaphffext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-29 16:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-10-01 00:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2011\bdtbext\ [2012-06-08 00:37:26 | 000,000,000 | ---D | M]

vicky279, Sep 30, 2012

#47
vicky279 Newcomer, in training Posts: 51

[2012-09-29 16:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Extensions
[2012-09-30 23:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions
[2012-09-27 21:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions
[2012-09-27 21:30:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\fhijf7ns.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012-09-30 23:57:06 | 000,021,014 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\bcd9wvq3.default\extensions\{B5F5E8D3-AE31-49A1-AC42-78B7B1CC5CDC}.xpi
[2012-09-29 16:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-09-08 12:38:54 | 000,000,000 | ---D | M] (TextAloud 3 Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{99a0337c-6303-4879-b72e-500fd9aaca8c}
[2012-06-08 00:37:26 | 000,000,000 | ---D | M] ("BitDefender Antiphishing Toolbar") -- C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2011\BDAPHFFEXT
[2012-09-06 06:57:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009-07-31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2012-09-06 06:56:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-09-06 06:56:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012-09-20 10:59:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Bitdefender Toolbar) - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Chameleon Folder] C:\Program Files\Chameleon Folder 2\chfolder.exe (NeoSoft Tools)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Link Commander collection - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05C55753-A390-4370-BD93-BBB2EAB7A44D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-10-01 00:17:40 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\RapidTyping
[2012-10-01 00:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidTyping
[2012-09-30 22:37:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-09-29 23:40:55 | 000,307,569 | ---- | C] (Farbar) -- C:\Users\Vicky\Desktop\ListParts.exe
[2012-09-29 16:41:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\logs
[2012-09-24 17:21:54 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Vicky\Desktop\aswMBR.exe
[2012-09-24 00:59:50 | 000,601,600 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-23 15:15:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-09-21 00:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012-09-20 11:04:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012-09-20 10:59:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012-09-20 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\temp
[2012-09-19 23:40:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012-09-19 23:40:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012-09-19 23:40:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012-09-19 23:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012-09-19 23:38:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012-09-18 22:21:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\PC Tools
[2012-09-18 20:03:02 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Threat Expert
[2012-09-18 13:21:02 | 002,267,096 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0947.old
[2012-09-18 13:21:02 | 000,149,464 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0947.old
[2012-09-18 13:20:00 | 000,017,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2012-09-18 13:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012-09-18 12:45:46 | 000,203,120 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012-09-18 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012-09-18 12:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012-09-18 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-09-18 11:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mindjet
[2012-09-17 23:28:50 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\Windows\System32\drivers\teamviewervpn.sys
[2012-09-17 23:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012-09-17 23:25:49 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Calibre Library
[2012-09-17 23:25:44 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-09-17 23:13:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Usmania_Code
[2012-09-17 23:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Usmania Code
[2012-09-17 23:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\Usmania Code
[2012-09-17 23:13:02 | 000,000,000 | R--D | C] -- C:\AHCache
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-09-17 22:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SurfAnonymousFree
[2012-09-17 22:53:00 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\SMP Data
[2012-09-17 22:52:50 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare
[2012-09-17 22:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird
[2012-09-17 22:52:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\DeskShare Data
[2012-09-17 22:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Deskshare
[2012-09-17 22:52:26 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Spoon
[2012-09-17 22:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Deskshare
[2012-09-17 22:47:53 | 000,019,392 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\rxbsknl.sys
[2012-09-17 22:40:59 | 000,000,000 | ---D | C] -- C:\mbc
[2012-09-17 22:37:05 | 000,005,632 | ---- | C] (Tracker Software) -- C:\Windows\System32\pxc25pm.dll
[2012-09-17 22:37:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange 3
[2012-09-17 22:36:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mindjet
[2012-09-17 22:35:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\{9D53112B-37A1-4DBB-8E9C-CDC5FFF46604}
[2012-09-17 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-09-17 22:31:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-09-17 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\GtkSharp
[2012-09-17 22:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChordWizard Music Theory 3.0
[2012-09-17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\ChordWizard
[2012-09-17 21:29:59 | 000,585,728 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AReadyLB.dll
[2012-09-17 21:29:59 | 000,229,376 | ---- | C] (Audible Inc.) -- C:\Windows\System32\AudDevicePlugin.dll
[2012-09-17 21:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\J River
[2012-09-17 21:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirolit
[2012-09-17 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mirolit
[2012-09-17 21:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThunderSoft
[2012-09-17 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2012-09-17 21:14:59 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Direct Folders
[2012-09-17 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\Direct Folders
[2012-09-17 21:11:28 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Anthemion Writer's Café 2.32
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent Ultra Accelerator
[2012-09-17 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent Ultra Accelerator
[2012-09-17 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Documents\Writer's Cafe Documents
[2012-09-17 20:49:04 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-09-17 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Acmework
[2012-09-15 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\dvdcss
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office 2010 Trial Extender
[2012-09-13 17:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Office 2010 Trial Extender
[2012-09-08 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012-09-05 04:29:25 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Apple Computer
[2012-09-03 13:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012-09-03 13:43:46 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock
[2012-09-02 11:51:39 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-09-02 11:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-10-01 01:06:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-01 01:06:53 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-01 00:24:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000UA.job
[2012-09-30 23:45:30 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-09-30 23:45:30 | 000,017,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-09-30 23:37:48 | 000,440,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-09-30 15:02:12 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012-09-30 10:32:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-499340394-4099650204-2415665824-1000Core.job
[2012-09-29 23:41:18 | 000,307,569 | ---- | M] (Farbar) -- C:\Users\Vicky\Desktop\ListParts.exe
[2012-09-29 16:57:49 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-09-29 16:43:08 | 000,138,645 | ---- | M] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-29.json
[2012-09-29 16:42:43 | 008,584,284 | ---- | M] () -- C:\Users\Vicky\Desktop\Firefox 15.0.1 (en-US) - 2012-09-29.pcv
[2012-09-26 20:26:11 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012-09-25 16:30:16 | 000,513,501 | ---- | M] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
[2012-09-24 17:23:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Vicky\Desktop\aswMBR.exe
[2012-09-24 00:59:52 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2012-09-20 10:59:51 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012-09-18 22:20:42 | 001,318,816 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 18:07:04 | 000,000,034 | ---- | M] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-18 01:56:14 | 000,000,048 | -HS- | M] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 22:28:11 | 000,001,536 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 21:07:15 | 000,001,229 | ---- | M] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-14 22:11:24 | 000,663,522 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-09-14 22:11:24 | 000,121,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-09-14 16:45:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\dvdtest10024.dat
[2012-09-05 16:40:12 | 000,046,690 | ---- | M] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Users\Vicky\Documents\*.tmp files -> C:\Users\Vicky\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012-09-29 16:57:49 | 000,001,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012-09-29 16:57:49 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012-09-29 16:43:08 | 000,138,645 | ---- | C] () -- C:\Users\Vicky\Desktop\bookmarks-2012-09-29.json
[2012-09-29 16:42:34 | 008,584,284 | ---- | C] () -- C:\Users\Vicky\Desktop\Firefox 15.0.1 (en-US) - 2012-09-29.pcv
[2012-09-25 16:30:01 | 000,513,501 | ---- | C] () -- C:\Users\Vicky\Desktop\adwcleaner.exe
[2012-09-19 23:40:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012-09-19 23:40:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012-09-19 23:40:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012-09-19 23:40:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012-09-19 23:40:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012-09-18 13:21:03 | 000,767,960 | ---- | C] () -- C:\Windows\BDTSupport.dll0947.old
[2012-09-18 12:45:54 | 001,318,816 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012-09-18 01:56:14 | 000,000,048 | -HS- | C] () -- C:\Windows\rmtf32-k289371-all.dat
[2012-09-17 22:44:11 | 000,000,034 | ---- | C] () -- C:\Program Files\Mozilla Firefoxoverride.ini
[2012-09-17 22:28:11 | 000,001,536 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Sketchpad 5 Preferences.dat
[2012-09-17 21:29:59 | 000,183,129 | ---- | C] () -- C:\Windows\System32\AM Install1.INF
[2012-09-17 21:07:15 | 000,001,229 | ---- | C] () -- C:\Users\Vicky\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent Ultra Accelerator.lnk
[2012-09-05 16:40:12 | 000,046,690 | ---- | C] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2012-07-20 12:07:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\LB603.dll
[2012-07-20 12:06:58 | 000,157,696 | ---- | C] () -- C:\Windows\System32\asxtract.dll
[2012-07-14 13:04:19 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-12 15:18:58 | 000,000,046 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_desktopcoral_InstallInfo.dat
[2012-07-04 14:56:36 | 000,000,218 | ---- | C] () -- C:\Users\Vicky\AppData\Local\recently-used.xbel
[2012-06-14 12:32:14 | 002,621,723 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012-06-09 06:52:40 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2012-06-08 10:50:34 | 000,000,103 | ---- | C] () -- C:\Windows\System32\_system.ini
[2012-06-08 09:57:00 | 000,107,008 | ---- | C] () -- C:\Windows\poetunin.exe
[2012-06-08 09:56:22 | 000,077,824 | ---- | C] () -- C:\Windows\zipexe_r.exe
[2012-05-15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012-05-13 19:55:04 | 000,002,075 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\SAS7_000.DAT
[2012-04-21 09:24:19 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\qhwm.sys
[2012-03-11 22:35:11 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012-03-11 22:35:11 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2012-03-11 20:58:34 | 000,155,136 | ---- | C] () -- C:\Windows\System32\AI_ContextMenu.dll
[2012-03-06 00:31:32 | 000,000,001 | ---- | C] () -- C:\ProgramData\RandWTTime.dat
[2012-03-05 23:45:17 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.6b14a35055fac291a0de744e5b9ee9ec.dat
[2012-03-05 23:34:25 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2012-03-05 23:34:25 | 000,000,160 | ---- | C] () -- C:\Windows\wpd99.drv
[2012-03-03 15:58:36 | 000,000,120 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012-03-02 20:44:59 | 000,005,002 | ---- | C] () -- C:\ProgramData\mxnhytee.feu
[2012-03-01 23:13:56 | 000,000,100 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012-03-01 02:33:09 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\ziprecovery.ini
[2012-03-01 02:32:20 | 000,000,041 | ---- | C] () -- C:\Users\Vicky\rarrecovery.ini
[2012-03-01 02:17:54 | 000,000,990 | ---- | C] () -- C:\Windows\System32\dcimam45.sys
[2012-01-25 23:30:15 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\ren2cap.sys
[2012-01-21 19:41:06 | 000,248,832 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-01-21 19:39:24 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012-01-21 19:14:27 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\V2WCDRV.sys
[2012-01-18 04:07:07 | 000,002,256 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012-01-01 23:16:36 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012-01-01 23:16:36 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012-01-01 23:16:36 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012-01-01 23:16:36 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012-01-01 23:16:36 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012-01-01 23:16:36 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012-01-01 23:16:36 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012-01-01 23:16:36 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012-01-01 23:16:36 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012-01-01 23:16:36 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012-01-01 23:16:36 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012-01-01 23:16:36 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012-01-01 23:16:36 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012-01-01 23:16:36 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012-01-01 23:16:36 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012-01-01 23:16:36 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012-01-01 23:16:36 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012-01-01 23:15:59 | 000,126,976 | ---- | C] () -- C:\Windows\System32\EEBAPI.dll
[2012-01-01 23:15:59 | 000,094,208 | ---- | C] () -- C:\Windows\System32\EEBDSCVR.dll
[2012-01-01 23:15:59 | 000,049,152 | ---- | C] () -- C:\Windows\System32\EBAPI.dll
[2012-01-01 21:39:18 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2012-01-01 20:32:54 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012-01-01 19:13:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dvdtest10024.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-29 01:44:43 | 000,000,058 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011-12-27 18:45:44 | 000,002,033 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011-12-26 21:25:06 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011-12-26 20:36:14 | 000,655,512 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011-12-26 20:04:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-12-26 19:19:13 | 000,029,462 | ---- | C] () -- C:\Windows\System32\netaf932.dll
[2011-11-17 07:10:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011-10-09 02:52:38 | 000,315,392 | ---- | C] ( ) -- C:\Windows\System32\sbcrreag.dll
[2011-08-12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010-07-08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

vicky279, Sep 30, 2012

#48
vicky279 Newcomer, in training Posts: 51

========== ZeroAccess Check ==========

[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011-08-30 09:51:25 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-02-03 23:34:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\5imyshow.Ltd
[2012-06-14 17:32:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Acapela Group
[2012-04-11 03:07:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AdultAdvantage
[2012-03-11 20:59:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Aimersoft Video Converter Ultimate
[2012-05-25 22:30:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AnvSoft
[2012-01-30 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Apowersoft
[2012-05-25 22:35:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BinarySense
[2011-12-26 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BitDefender
[2012-01-21 06:27:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\cald3
[2012-09-30 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\calibre
[2012-01-23 02:16:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canneverbe_Limited
[2012-07-14 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canon
[2012-06-27 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CLiPW
[2012-06-28 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CocotronLibrary
[2012-05-08 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ComfortSoftware
[2012-09-17 22:31:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\CommonDataMSI
[2012-05-08 17:56:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\concept design
[2012-04-29 15:49:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DAEMON Tools Pro
[2012-07-04 14:56:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\deluge
[2012-06-08 12:02:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Design Science
[2012-03-01 17:01:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DeskSoft
[2012-09-17 21:15:45 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Direct Folders
[2012-09-17 21:16:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DiskSpaceFan
[2011-12-29 01:44:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DonationCoder
[2011-12-29 01:52:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DuckLink
[2012-01-01 19:13:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVD-Cloner
[2012-04-24 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoft
[2012-01-01 19:38:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-08-30 11:54:03 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Easy Macro Recorder
[2012-05-08 18:04:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\EasyMP3Downloader
[2012-06-07 20:41:28 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FaceOffMax
[2012-01-01 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FreeArc
[2012-06-30 23:31:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\gtk-2.0
[2012-06-27 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Hard Disk Sentinel
[2012-05-08 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\HideIPPrivacy
[2012-09-17 22:31:14 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Iconico
[2012-03-03 03:30:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IGC
[2012-04-12 14:41:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ImgBurn
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\IN-MEDIAKG
[2012-06-27 17:07:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Informatik Scan
[2012-03-01 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Intermedia Software
[2012-09-30 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\J River
[2012-05-08 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Jutoh
[2012-07-13 20:04:55 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Leadertech
[2012-08-20 12:04:43 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mariner Software
[2012-05-08 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MechCAD
[2012-05-25 23:29:17 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\med2
[2012-09-16 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MediaMonkey
[2012-07-13 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mipony
[2012-05-25 22:54:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\MOBILedit
[2012-06-08 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Movienizer
[2012-03-02 15:01:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\mresreg
[2012-07-20 11:54:36 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Mythicsoft
[2012-05-16 01:13:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Need for Speed World
[2012-03-02 20:26:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Netscape
[2012-05-13 19:36:21 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Nuance
[2012-06-27 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\oald8
[2012-03-02 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ooVoo Details
[2012-03-01 02:35:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\OtakuSoftware
[2012-03-02 18:12:12 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain
[2012-03-02 18:01:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Resizer Pro
[2012-10-01 00:48:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PearlMountain Image Converter
[2012-03-02 18:16:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pelikan Software KFT
[2012-10-01 00:57:47 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PersonalBrain
[2012-03-02 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Photodex
[2012-03-03 16:41:49 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Pixelplan
[2012-08-30 13:17:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ProcessLasso
[2012-05-08 23:21:27 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\PunkBuster
[2012-02-10 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\QuickScan
[2012-06-08 11:45:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rainmeter
[2012-10-01 00:18:31 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\RapidTyping
[2012-03-03 15:58:33 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Reasonable Software House Ltd
[2012-06-27 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Resort Labs
[2012-09-02 11:51:39 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Rovio
[2012-09-17 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Scooter Software
[2012-06-07 20:22:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\ScreenSteps
[2012-06-08 11:15:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Softplicity
[2012-05-09 00:13:50 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SuperMP3Download
[2012-09-17 23:06:40 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SurfAnonymousFree
[2012-09-30 23:05:10 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SwordSearcher
[2012-01-01 20:26:52 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Systweak
[2012-09-30 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TeraCopy
[2012-09-18 12:44:23 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TestApp
[2012-10-01 00:26:26 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Builder
[2012-10-01 00:54:44 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\The Complete Genealogy Reporter
[2012-06-14 01:11:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Thunderbird
[2012-03-03 00:02:46 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\UDC Profiles
[2012-03-03 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\USBSafelyRemove
[2012-09-30 23:34:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent
[2012-06-08 00:56:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\uTorrent Turbo Booster
[2012-07-13 17:20:57 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Video2Webcam
[2012-01-01 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\VitySoft
[2012-02-22 20:08:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WeatherWatcherLive
[2012-06-29 04:24:54 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\WebcamMax
[2012-09-30 23:24:25 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Wondershare
[2012-09-30 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Writer's Cafe 2
[2012-06-14 17:34:37 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Xtranormal
[2012-03-01 01:02:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\YCanPDF

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A5A1816B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CBD3E4DE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A

< End of report >

vicky279, Sep 30, 2012

#49
Jay Pfoutz Malware Helper Posts: 4,286 +49

Please run OTL, copy the following content from the box below and paste it to the Custom Scans/Fixes box in OTL, then hit Run Fix:

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (acg89omk)
DRV - [2011-11-07 16:18:14 | 000,039,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
IE - HKCU\..\SearchScopes,DefaultScope = {95853F18-90B6-4472-A2AD-3BFAF5F5A51F}
IE - HKCU\..\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://apype.com"
FF - prefs.js..keyword.URL: "http://apype.com/results.php?q="
O8 - Extra context menu item: Add to Link Commander collection - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
[2012-09-05 16:40:12 | 000,046,690 | ---- | M] () -- C:\Windows\System32\YuoTubeDownloader.xpi
[2012-07-20 12:07:48 | 000,034,308 | ---- | C] () -- C:\Windows\System32\LB603.dll
[2012-07-20 12:06:58 | 000,157,696 | ---- | C] () -- C:\Windows\System32\asxtract.dll
[2012-07-14 13:04:19 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
@Alternate Data Stream - 159 bytes -> C:\ProgramData\Temp:A5A1816B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:CBD3E4DE
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:55B41E6A

:commands
[purity]
[emptytemp]
[reboot]

Once done, post log as usual.

Then, in Firefox, please put the following in the address bar:

about:support

and hit enter (no spaces). Then, go up and click File and then Save as, and save it to your Desktop. You can name it whatever you want. It will save it as an HTML page. You will need to zip it up, then attach it to your next post.

Also, do the same for the Troubleshooting Information_files folder.

If we don't figure out the root of the problem, I might have you create a new Admin account and transfer personal files over.

Jay Pfoutz, Oct 1, 2012

#50
vicky279 Newcomer, in training Posts: 51
OTL didn't work. Whenever I run an OTL fix, the next time I start firefox, it takes some time to load the homepage. I think maybe its the malware configuring firefox to be as it was before the fix; so I guess the malware isn't integrated with firefox but some sort of an independent process just saying. It had downloaded a lot of malwares in a short time. It was a failure of my firewall as well. But the infection was controlled after I used PC Tools and it seems atleast for now that it isn't downloading any more malwares or rootkits. Is my other data safe except browser?

Here are the OTL fix logs and I have attached about:support page but I didn't understand how to do the same for the Troubleshooting Information_files folder so I haven't attached it. Did you mean that I click the show folder button next to Profile Folder under Application Basics and zip the entire folder and upload it here?

All processes killed
========== OTL ==========
Error: No service named acg89omk was found to stop!
Service\Driver key acg89omk not found.
Service REN2CAP_DRIVER stopped successfully!
Service REN2CAP_DRIVER deleted successfully!
C:\Windows\System32\drivers\ren2cap.sys moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95853F18-90B6-4472-A2AD-3BFAF5F5A51F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Link Commander collection\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with Mipony\ deleted successfully.
C:\Program Files\MiPony\Browser\IEContext.htm moved successfully.
C:\Windows\System32\YuoTubeDownloader.xpi moved successfully.
C:\Windows\System32\LB603.dll moved successfully.
C:\Windows\System32\asxtract.dll moved successfully.
C:\Windows\System32\CNQ2414N.DAT moved successfully.
ADS C:\ProgramData\Temp:A5A1816B deleted successfully.
ADS C:\ProgramData\Temp:CBD3E4DE deleted successfully.
ADS C:\ProgramData\Temp:55B41E6A deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: House
->Temp folder emptied: 65024 bytes
->Temporary Internet Files folder emptied: 809710 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 268876565 bytes
->Flash cache emptied: 2889 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rwaals
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Vicky-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Vicky
->Temp folder emptied: 120281450 bytes
->Temporary Internet Files folder emptied: 72111526 bytes
->Java cache emptied: 21055000 bytes
->FireFox cache emptied: 648491347 bytes
->Flash cache emptied: 73393 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 107324 bytes
RecycleBin emptied: 1428402 bytes

Total Files Cleaned = 1,081.00 mb

OTL by OldTimer - Version 3.2.66.0 log created on 10022012_000921

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Attached Files:
- ff.zip
  
  File size:
  
  2.5 KB
  
  Views:
  
  1
vicky279, Oct 1, 2012

#51
Jay Pfoutz Malware Helper Posts: 4,286 +49

Please follow this tutorial to create a new Windows account after backing up personal files: http://windows.microsoft.com/is-IS/windows-vista/fix-a-corrupted-user-profile

It says it's for Vista but will work with 7, too.

Jay Pfoutz, Oct 2, 2012

#52
vicky279 Newcomer, in training Posts: 51

But I already have another account and its browser is corrupted as well. There is a lot of ongoing stuff on this user account and I don't want to lose it. If this is the only malware that has remained in the computer, I wouldn't mind doing a clean install of windows after I finish my ongoing things. But I need atleast some assurance that the virus won't creep into my external hdd when I connect it for transfering files before the format.

vicky279, Oct 2, 2012

#53
Jay Pfoutz Malware Helper Posts: 4,286 +49

The one suggestion I have is if I take another good look at the system...

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.

Set the slider to Maximum.

IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.

On the General tab, make sure all of the boxes are checked.

On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.

Click Create Report to run it.

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

Jay Pfoutz, Oct 2, 2012

#54
vicky279 Newcomer, in training Posts: 51

Thank you so much for trying to get rid of this virus. I have downloaded and used the tool. Here is the link to the report. I tried to set the intensity of the scan to maximum but after I changed the custom settings, it turned back to custom from maximum so I scanned it that way.
http://www.getsysteminfo.com/read.php?file=7261cd693d370a9dc80aa04334fc87bc

vicky279, Oct 2, 2012

#55
Jay Pfoutz Malware Helper Posts: 4,286 +49

Next fix for OTL, do just like normal...

:files
C:\Windows\System32\dcimam45.sys
C:\Windows\System32\netaf932.dll
C:\Windows\Downloaded Installations\{AB684908-3D30-49EB-8B86-B94C44680D99}

:commands
[emptytemp]
[reboot]

Jay Pfoutz, Oct 2, 2012

#56
vicky279 Newcomer, in training Posts: 51

The homepage still changes back. Here are the logs. Can I uninstall Bitdefender and install Kaspersky Pure instead?

All processes killed
========== FILES ==========
C:\Windows\System32\dcimam45.sys moved successfully.
C:\Windows\System32\netaf932.dll moved successfully.
C:\Windows\Downloaded Installations\{AB684908-3D30-49EB-8B86-B94C44680D99} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: House
->Temp folder emptied: 67074 bytes
->Temporary Internet Files folder emptied: 284248 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19732888 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

User: rwaals
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes

User: UpdatusUser.Vicky-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Vicky
->Temp folder emptied: 611875 bytes
->Temporary Internet Files folder emptied: 1369082 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 183776626 bytes
->Flash cache emptied: 2652 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 333555661 bytes

Total Files Cleaned = 514.00 mb

OTL by OldTimer - Version 3.2.66.0 log created on 10032012_022310

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

vicky279, Oct 2, 2012

#57
Jay Pfoutz Malware Helper Posts: 4,286 +49
Hang on for that until clean. Don't give up!

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

:filefind
*apype*
*.tmp
*youtube*
*yuotube*
*ilivid*

:regfind
apype
SearchScopes
ilivid
youtube
yuotube

:folderfind
*ilivid*
*apype*
*youtube*
*yuotube*

Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. You may need to upload it.

Note: The log can also be found on your Desktop entitled SystemLook.txt

(After we do this little spat, we may have to fully remove Firefox from the system, with no remnants.)
Jay Pfoutz, Oct 3, 2012

#58
vicky279 Newcomer, in training Posts: 51

The links were for 64-bit systems. I am running 32-bit so I searched on google for the site to those links and downloaded the 32-bit version and scanned with that. Here are the logs. By the way I have a legit youtube downloader(ytd) still installed in the computer. I have been using it for quite some time and it was there long before the system got infected with yuotube downloader. If you want, I can uninstall ytd if it could help. When I had uninstalled Mozilla Firefox, I had selected everything for deletion so that it would be a really fresh install. I could try again with Revo uninstaller if you say or from All Programs. I am asking to change the AV because my current one has somehow due to some update, to push me to upgrade it, has disabled its firewall and I don't have any other firewall software installed.

SystemLook 30.07.11 by jpshortstuff
Log created at 16:44 on 03/10/2012 by Vicky
Administrator - Elevation successful

========== filefind ==========

Searching for "*apype*"
No files found.

Searching for "*.tmp"
C:\Program Files\GUT1A06.tmp --a---- 4024320 bytes [07:30 14/07/2012] [07:30 14/07/2012] D9B40F617AF452482DBFE995D005C561
C:\Program Files\Canon\IJ Manual\CANON CANOSCAN LIDE 110\Uninstall.tmp --a---- 2167 bytes [07:34 14/07/2012] [07:34 14/07/2012] A8EB32E8251F968A641C859B239C2EB2
C:\Program Files\JDownloader\plugins\webinterface\all_info.tmpl --a---- 1439 bytes [18:06 01/01/2012] [08:27 07/09/2011] E732BE970D87F60AE1965D1030148A29
C:\Program Files\JDownloader\plugins\webinterface\bye.tmpl --a---- 533 bytes [18:06 01/01/2012] [08:27 07/09/2011] 6D2F0D2E9D543FAF2121DCE11D665C3A
C:\Program Files\JDownloader\plugins\webinterface\index.tmpl --a---- 8114 bytes [18:06 01/01/2012] [08:27 07/09/2011] ACF80E1E58DB40E7BB0862B13388A1BD
C:\Program Files\JDownloader\plugins\webinterface\link_adder.tmpl --a---- 5124 bytes [18:06 01/01/2012] [08:27 07/09/2011] 08E30E57042DAD9B92602F1543DA39AE
C:\Program Files\JDownloader\plugins\webinterface\nojs.tmpl --a---- 637 bytes [18:06 01/01/2012] [08:27 07/09/2011] 713E17D6D88560D2FFB3328F9879BF31
C:\Program Files\JDownloader\plugins\webinterface\passwd.tmpl --a---- 2181 bytes [18:06 01/01/2012] [08:27 07/09/2011] 95BA77429C7CBA08248D579038397519
C:\Program Files\JDownloader\plugins\webinterface\reconnect.tmpl --a---- 796 bytes [18:06 01/01/2012] [08:27 07/09/2011] 578963A5B67F0063F251F30D91AA420E
C:\Program Files\JDownloader\plugins\webinterface\restart.tmpl --a---- 793 bytes [18:06 01/01/2012] [08:27 07/09/2011] 19137BFEEA347043991E200265009E0D
C:\Program Files\JDownloader\plugins\webinterface\single_info.tmpl --a---- 1442 bytes [18:06 01/01/2012] [08:27 07/09/2011] 3645A2FC55480A0BCB1867A59B66CE41
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp --ahs-- 0 bytes [05:09 26/06/2012] [05:09 26/06/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\Microsoft\Windows\DRM\Cache\Indiv01.tmp --ahs-- 0 bytes [05:09 26/06/2012] [05:09 26/06/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA23.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA24.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA25.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA26.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA27.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA28.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA29.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA2A.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAA2B.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5A.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5B.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5C.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5D.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5E.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF5F.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF60.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF61.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\uttAF62.tmp --a---- 0 bytes [21:06 02/10/2012] [21:06 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Local\temp\~bdE04F.tmp --a---- 0 bytes [20:57 02/10/2012] [20:57 02/10/2012] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Vicky\AppData\Roaming\uTorrent\app.1345936460.tmp --a---- 16438 bytes [23:14 25/08/2012] [23:14 25/08/2012] 08384E8CB677E80D4A69709186677A46
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater\temp\~wtEF8C.tmp --a---- 212992 bytes [11:28 20/06/2012] [11:28 20/06/2012] 61235E29D462BD81DF751C2AEF50DC90

Searching for "*youtube*"
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube.dll --a---- 760344 bytes [08:42 11/11/2011] [08:42 11/11/2011] E7F3158FB8F036B0543CFE09843B86C9
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube_core.dll --a---- 362520 bytes [08:42 11/11/2011] [08:42 11/11/2011] A87D0C8E213D5A9102BF713AB5FE4171
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.png --a---- 611 bytes [08:35 11/11/2011] [08:35 11/11/2011] 791EB5B748F1B133FDE0506F10B68D93
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.xml --a---- 2186 bytes [08:35 11/11/2011] [08:35 11/11/2011] EFD561D737F690054E3BD58BAD075358
C:\Program Files\JDownloader\jd\captcha\methods\prtctt\images\youtube.png --a---- 5290 bytes [18:06 01/01/2012] [08:53 08/11/2009] C145F4D4543B1932BEA486BA2D5680EE
C:\Program Files\JDownloader\jd\img\hosterlogos\youtube.com.png --a---- 109 bytes [18:08 01/01/2012] [18:08 01/01/2012] 654568B1ACF8FA45D4D6EABDCBA23D5D
C:\Program Files\JDownloader\jd\plugins\hoster\Youtube.class --a---- 14304 bytes [18:06 01/01/2012] [16:13 23/09/2012] 66181F040D675D86B344447530D74B9C
C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac --a---- 5304 bytes [09:08 19/07/2012] [09:08 19/07/2012] 99EC45767C226789CA6BB273987EDC43
C:\Program Files\VideoLAN\VLC\lua\playlist\youtube_homepage.luac --a---- 1776 bytes [09:08 19/07/2012] [09:08 19/07/2012] 89585E5BC54B55DB25DE790F194DACF1
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\18131.gadget\images\youtube.gif --a---- 600 bytes [13:52 24/04/2012] [13:52 24/04/2012] AB7693DF88636553A3BA23152B60F681
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\18131.gadget\images\youtubedis.gif --a---- 394 bytes [13:52 24/04/2012] [13:52 24/04/2012] 2F57981796335FEFAFB3393C8895A561
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\181fm3gadget.gadget\images\youtube.gif --a---- 600 bytes [13:52 24/04/2012] [13:52 24/04/2012] AB7693DF88636553A3BA23152B60F681
C:\Users\Vicky\AppData\Local\Microsoft\Windows Sidebar\Gadgets\181fm3gadget.gadget\images\youtubedis.gif --a---- 394 bytes [13:52 24/04/2012] [13:52 24/04/2012] 2F57981796335FEFAFB3393C8895A561
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\logs\FreeYouTubeDownload_v1.log --a---- 732280 bytes [14:08 01/01/2012] [17:15 09/02/2012] 3160461A3F8B33BE320EEAA7FC0C00CB
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\setup\FreeYouTubeDownload_setup.txt --a---- 52915 bytes [09:16 02/01/2012] [09:16 02/01/2012] CE427DA991F3166686FECCFC82D26BAB
C:\Users\Vicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm --a---- 253 bytes [14:08 01/01/2012] [09:16 02/01/2012] 40595A838EE34CA0449ADD45FA9C750F
C:\Users\Vicky\AppData\Roaming\uTorrent\Youtube Video Downloader 2.5.4.torrent --a---- 1555 bytes [16:35 21/01/2012] [16:35 21/01/2012] 86ACBA5EB023F4AEC311FFBF8B879698
C:\Users\Vicky\Desktop\Shortcuts\YTD YouTube Downloader & Converter.lnk --a---- 1004 bytes [13:32 04/06/2012] [13:32 04/06/2012] CB828D6900DA419D2F5789F151341725

Searching for "*yuotube*"
C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-YuoTubeDownloader_Helper.reg.dat --a---- 982 bytes [05:33 20/09/2012] [05:33 20/09/2012] 32722AF951B64A091B7444AD0A252633
C:\_OTL\MovedFiles\09232012_151559\C_Windows\System32\YuoTubeDownloader.dll --a---- 446464 bytes [11:10 05/09/2012] [11:10 05/09/2012] A62A7A97EA06BEF52DF1B2180531A6BB
C:\_OTL\MovedFiles\10022012_000921\C_Windows\System32\YuoTubeDownloader.xpi --a---- 46690 bytes [11:10 05/09/2012] [11:10 05/09/2012] 928D9CCA2EACFF2BD7A41BB9376FF566

Searching for "*ilivid*"
No files found.

========== regfind ==========

Searching for "apype"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="apype.com gigabase.ru conduit.com mystart.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://apype.com"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="apype.com gigabase.ru conduit.com mystart.com"

Searching for "SearchScopes"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C0366-0000-0000-C000-000000000046}]
@="SearchScopes"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1005\Software\Microsoft\Internet Explorer\SearchScopes]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]

Searching for "ilivid"
No data found.

Searching for "youtube"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\Manager\Links]
"youtube download"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\Manager\Links]
"youtube to mp3 converter"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm"
[HKEY_CURRENT_USER\Software\DVDVideoSoft\Manager\Links]
"youtube video downloader"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_CURRENT_USER\Software\GreenTree Applications\YTD Video Downloader]
@="C:\Program Files\YouTube Downloader"
[HKEY_CURRENT_USER\Software\LogiShrd\LWS\Preferences\Apps]
"YouTube"="false"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2424c3cc_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Users\Vicky\Desktop\New folder\z\Softwares\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\keygen\keygen.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5c84aa00_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\YouTube Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\716a0296_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\Bigasoft\YouTube Downloader\youtubedownloader.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\93ebc4ee_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\RocketDock\Icons]
"3-FileName"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_CURRENT_USER\Software\RocketDock\Icons]
"3-Command"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_CURRENT_USER\Software\RocketDock\Icons]
"3-WorkingDirectory"="C:\Program Files\YouTube Downloader"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath]
"13"="D:\Z\Softwares\New folder\Bigasoft YouTube Downloader\n12_Bigasoft.YouTube.Downloader.v1.0.1.4535_LAXiTY_softarchive.net\Bigasoft.YouTube.Downloader.v1.0.1.4535-LAXiTY\lxb14535"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVS4YOU\Navigator]
"AVS YouTube Uploader"="http://www.avs4you.com/Downloads/AV...urce=Navigator&utm_content=AVSYouTubeUploader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\4920FD12D9B61474BAF62BBABF2D83E7]
"YouTube"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7]
"ProductName"="LWS YouTube Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4920FD12D9B61474BAF62BBABF2D83E7\SourceList]
"PackageName"="YouTube_Release_x86.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Logitech\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\U7]
"DisplayName"="YouTube Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Logitech\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\U7]
"Description"=" Share your webcam videos on YouTube"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FreeYouTubeDownload_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FreeYouTubeDownload_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\g_youtube_downloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\g_youtube_downloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeConverter_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeConverter_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloaderSetup254_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloaderSetup254_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\youtubedownloaderToolbar-stub-1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\youtubedownloaderToolbar-stub-1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloader_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeDownloader_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeGet_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YouTubeGet_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28067907F68824A4CB7A1178A4E5F840]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CB414A10116904F803DD0A86AABBF6]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A123496508EDC22449590FBEC0A83193]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube\YouTube_core.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2001E1CEA933B74487658C45DBDC123]
"4920FD12D9B61474BAF62BBABF2D83E7"="C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Metadata\Youtube.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4920FD12D9B61474BAF62BBABF2D83E7\Features]
"YouTube"="I{r3LWEdr?{NxJSesXO$`F8oCK~o=9*4]ota?=E6PHWBga7j&?7.PZ@!)%,4gPSg]g~Ki8gB^d[g%LvK"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4920FD12D9B61474BAF62BBABF2D83E7\InstallProperties]
"DisplayName"="LWS YouTube Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"DisplayIcon"="C:\Program Files\YouTube Downloader\ytd.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"UninstallString"=""C:\Program Files\YouTube Downloader\uninstall.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"URLInfoAbout"="http://www.youtubedownloadersite.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"InstallDir"="C:\Program Files\YouTube Downloader\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}]
"MainApp"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}]
"DisplayName"="LWS YouTube Plugin"
[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\YouTube Downloader]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\DVDVideoSoft\Manager\Links]
"youtube download"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\DVDVideoSoft\Manager\Links]
"youtube to mp3 converter"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-to-MP3-Converter.htm"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\DVDVideoSoft\Manager\Links]
"youtube video downloader"="http://www.dvdvideosoft.com/products/dvd/Free-YouTube-Download.htm"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\GreenTree Applications\YTD Video Downloader]
@="C:\Program Files\YouTube Downloader"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\LogiShrd\LWS\Preferences\Apps]
"YouTube"="false"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2424c3cc_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Users\Vicky\Desktop\New folder\z\Softwares\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\Aneesoft.YouTube.Converter.2.9.1.0\keygen\keygen.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5c84aa00_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\YouTube Downloader\ytd.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\716a0296_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\Bigasoft\YouTube Downloader\youtubedownloader.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\93ebc4ee_0]
@="{0.0.0.00000000}.{daba345c-6db8-414e-bd23-d2762909b64f}|\Device\HarddiskVolume2\Program Files\DVDVideoSoft\Free YouTube Download\FreeYouTubeDownload.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\RocketDock\Icons]
"3-FileName"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\RocketDock\Icons]
"3-Command"="C:\Program Files\YouTube Downloader\ytd.exe"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\RocketDock\Icons]
"3-WorkingDirectory"="C:\Program Files\YouTube Downloader"
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\Bigasoft\YouTube Downloader]
[HKEY_USERS\S-1-5-21-499340394-4099650204-2415665824-1000\Software\WinRAR\DialogEditHistory\ExtrPath]
"13"="D:\Z\Softwares\New folder\Bigasoft YouTube Downloader\n12_Bigasoft.YouTube.Downloader.v1.0.1.4535_LAXiTY_softarchive.net\Bigasoft.YouTube.Downloader.v1.0.1.4535-LAXiTY\lxb14535"
[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\YouTube Downloader]

Searching for "yuotube"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBarMFC.DeskBandImplD]
@="YuoTubeDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBarMFC.DeskBandImplD.1]
@="YuoTubeDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{942926A2-CC3B-4970-9AD6-D9056D197CE6}\1.0\0\win32]
@="C:\Windows\system32\YuoTubeDownloader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YuoTubeDownloader_Helper_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YuoTubeDownloader_Helper_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\YuoTubeDownloader]

========== folderfind ==========

Searching for "*ilivid*"
No folders found.

Searching for "*apype*"
No folders found.

Searching for "*youtube*"
C:\Program Files\YouTube Downloader d------ [16:38 21/01/2012]
C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\Gallery\SocialNetworking\Applets\YouTube d------ [14:35 13/07/2012]
C:\ProgramData\YTD YouTube Downloader & Converter d------ [06:13 11/04/2012]
C:\Users\All Users\YTD YouTube Downloader & Converter d------ [06:13 11/04/2012]
C:\Users\House\AppData\LocalLow\YouTube Downloader d------ [08:25 13/06/2012]
C:\Users\Vicky\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_youtubedownloade_935ac225f5fa9973ea299bcd98f7436a36d9316_057b6542 d----c- [18:21 29/06/2012]
C:\Users\Vicky\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\Bigasoft YouTube Downloader 1.0.1.4535-30082012-114705 d------ [06:17 30/08/2012]
C:\Users\Vicky\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\GET Youtube Downloader Ultimate 6.7.7.0-26012012-154045 d------ [10:10 26/01/2012]
C:\Users\Vicky\AppData\Roaming\DVDVideoSoft\FreeYouTubeDownload d------ [09:16 02/01/2012]
C:\Windows\System32\config\systemprofile\AppData\LocalLow\YouTube Downloader d------ [05:04 12/04/2012]

Searching for "*yuotube*"
C:\Users\Vicky\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\YuoTubeDownloader 3.0.0.0-18092012-121246 d------ [06:42 18/09/2012]

-= EOF =-

vicky279, Oct 3, 2012

#59
Jay Pfoutz Malware Helper Posts: 4,286 +49
Hmm, I saw 64-bit system in the GSI report above, but that's fine. I understand about the internet security software, however, I don't want you to have to waste time installing it, because it could give some errors because of the malware. Did you already purchase it?

Delete any old copies of ComboFix. Download a new one and save to the Desktop. Don't run it yet!

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Download the attached CFScript.txt and save it in the same location as ComboFix (Desktop).

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

Please post the contents of the log in your next reply.
Attached Files:
- cfscript.txt
  
  File size:
  
  2.8 KB
  
  Views:
  
  3
Jay Pfoutz, Oct 3, 2012

#60

Page 3 of 4

Topic Status:: Not open for further replies.

Add New Comment

	TechSpot Members Login or sign up for free, it takes about 30 seconds.			You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.