Solved Serifef.ab and p

Same issue if you try to boot to safe mode?
What does exactly happen when you try to boot normally?
 
When booting normally, the computer reboots itself just after the [microsoft corporation with loading animation] screen .
During Safe mode it loaded the drivers, said please wait at the bottom and then rebooted as well.
 
Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Try "Startup repair".
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 16 days old)
Ran by SYSTEM at 27-12-2012 17:22:04
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe" [378128 2010-01-14] (PC Tools)
HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
HKU\Jose\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Jose\...\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 3.5.21022)" -"http://www.miniclip.com/games/alien-hive/en/" [460216 2009-03-19] (Adobe Systems, Inc.)
HKU\Jose\...\Winlogon: [Shell] Explorer.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: [NameServer]8.26.56.26,156.154.70.22
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)

==================== Services (Whitelisted) ===================

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1054568 2010-03-27] (Acronis)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-11-21] (Acronis)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)
2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1853584 2012-09-28] ()
2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
2 jjtAutoLaunch; "C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe" [114688 2002-01-22] (Sound Devices, LLC)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-24] ()
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()
2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe service [70928 2010-01-14] (PC Tools)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-09-24] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-09-24] ()
3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV [4999680 2011-07-27] (Moonware Studios)
2 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]

==================== Drivers (Whitelisted) =====================

1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [45872 2012-11-07] (COMODO)
3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)
3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)
3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)
3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [28672 2011-08-26] (http://libusb-win32.sourceforge.net)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-11-21] (Acronis)
0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
0 TfSysMon; C:\Windows\System32\Drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-25] (Cyberlink Corp.)
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-11 17:46 - 2012-12-11 17:46 - 00000000 ____D C:\FRST
2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
2012-12-09 20:36 - 2012-12-09 20:40 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
2012-12-09 20:34 - 2012-12-09 20:35 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com


==================== One Month Modified Files and Folders =======

2012-12-18 19:21 - 2012-12-18 19:21 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-12-11 17:46 - 2012-12-11 17:46 - 00000000 ____D C:\FRST
2012-12-09 23:02 - 2008-01-20 19:26 - 00193650 ____A C:\Windows\PFRO.log
2012-12-09 23:01 - 2009-02-12 14:44 - 01831480 ____A C:\Windows\WindowsUpdate.log
2012-12-09 23:01 - 2008-10-22 23:45 - 00000012 ____A C:\Windows\bthservsdp.dat
2012-12-09 23:01 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-09 23:01 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-09 23:00 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
2012-12-09 22:04 - 2012-04-01 00:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Windows Live
2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Windows Live
2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\AppData\Local\Windows Live
2012-12-09 20:48 - 2012-11-23 05:50 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
2012-12-09 20:48 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2012-12-09 20:48 - 2006-11-02 04:33 - 86245376 ____A C:\Windows\System32\config\software_previous
2012-12-09 20:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2012-12-09 20:47 - 2006-11-02 04:33 - 26214400 ____A C:\Windows\System32\config\system_previous
2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
2012-12-09 20:40 - 2012-12-09 20:36 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
2012-12-09 20:35 - 2012-12-09 20:34 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
2012-12-09 20:28 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam_previous
2012-12-09 20:28 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security_previous
2012-12-09 19:05 - 2006-11-02 04:46 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
2012-12-09 18:54 - 2006-11-02 07:27 - 00189181 ____A C:\Windows\setupact.log
2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
2012-12-09 18:48 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Comodo
2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Application Data\Comodo
2012-12-09 18:34 - 2009-03-01 17:29 - 00000000 ____D C:\users\Jose
2012-12-09 18:32 - 2006-11-02 07:21 - 00325464 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-09 18:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-12-09 18:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
2012-12-09 17:25 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
2012-12-09 17:25 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-08 22:26:41
Restore point made on: 2012-10-10 22:42:47
Restore point made on: 2012-11-12 00:44:20
Restore point made on: 2012-11-19 20:39:37
Restore point made on: 2012-11-21 16:06:14
Restore point made on: 2012-11-21 16:35:25
Restore point made on: 2012-11-22 01:58:39
Restore point made on: 2012-11-22 09:16:18
Restore point made on: 2012-11-22 13:57:29
Restore point made on: 2012-11-22 14:42:25
Restore point made on: 2012-11-22 16:23:52
Restore point made on: 2012-11-23 05:18:55
Restore point made on: 2012-11-23 05:51:24
Restore point made on: 2012-12-09 15:07:43

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 1789.02 MB
Available physical RAM: 1209.86 MB
Total Pagefile: 1535.46 MB
Available Pagefile: 1183.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:285.18 GB) (Free:115.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (My 1GB) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 954 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 285 GB 1024 KB
Partition 2 Primary 13 GB 285 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 285 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 4096 B

==================================================================================

Disk: 1
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F My 1GB FAT Removable 953 MB Healthy

=========================================================

Last Boot: 2012-12-09 18:38

==================== End Of Log =============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    70 bytes · Views: 3
Man you're good!! Finally a successful boot!
Whats next?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
Ran by SYSTEM at 2012-12-27 17:34:41 Run:4
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.

==== End of Fixlog ====
 
Re-run RogueKiller and post new log.

Next....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Wow, that was a long scan. But here she is.
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-27 17:58:04
-----------------------------
17:58:04.348 OS Version: Windows x64 6.0.6002 Service Pack 2
17:58:04.348 Number of processors: 2 586 0x301
17:58:04.364 ComputerName: RYAN-LAPTOP UserName: Jose
17:58:06.844 Initialize success
18:01:39.017 AVAST engine defs: 12122701
18:01:46.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:01:46.478 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
18:01:46.630 Disk 0 MBR read successfully
18:01:46.637 Disk 0 MBR scan
18:01:46.651 Disk 0 unknown MBR code
18:01:47.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292028 MB offset 2048
18:01:47.230 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13213 MB offset 598075392
18:01:47.311 Disk 0 scanning C:\Windows\system32\drivers
18:02:29.643 Service scanning
18:03:41.335 Modules scanning
18:03:41.355 Disk 0 trace - called modules:
18:03:41.391 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:03:41.402 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005dcd790]
18:03:41.414 3 CLASSPNP.SYS[fffffa6000a06c33] -> nt!IofCallDriver -> [0xfffffa8005cc31f0]
18:03:41.429 5 hpdskflt.sys[fffffa6001fec2bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004d824b0]
18:03:43.642 AVAST engine scan C:\Windows
18:03:50.776 AVAST engine scan C:\Windows\system32
18:15:19.264 AVAST engine scan C:\Windows\system32\drivers
18:15:48.643 AVAST engine scan C:\Users\Jose
20:01:01.622 AVAST engine scan C:\ProgramData
20:22:56.732 Scan finished successfully
20:39:22.262 Disk 0 MBR has been saved successfully to "C:\Users\Jose\Desktop\MBR.dat"
20:39:22.274 The log file has been saved successfully to "C:\Users\Jose\Desktop\aswMBR.txt"
 
RogueKiller V8.4.1 [Dec 27 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
--- User ---
[MBR] b424df27bf04a85c6a2b283f75a9bf42
[BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4]_D_12272012_02d2100.txt >>
RKreport[1]_S_12092012_02d2338.txt ; RKreport[2]_D_12092012_02d2341.txt ; RKreport[3]_S_12272012_02d2100.txt ; RKreport[4]_D_12272012_02d2100.txt
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==========================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Combofix doesnt seem to be running. Just says "output folder c:\3284093........
Do I wait or try to restart?
 
ComboFix 12-12-28.02 - Jose 12/28/2012 17:37:11.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.679 [GMT -5:00]
Running from: c:\users\Jose\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jose\AppData\Roaming\Desktopicon
c:\users\Jose\AppData\Roaming\Desktopicon\config.ini
c:\users\Jose\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\Install.inf
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\system
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))
.
.
2012-12-28 23:49 . 2012-12-28 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-28 21:14 . 2012-12-28 21:14 50952 ----a-w- c:\windows\system32\certsentry.dll
2012-12-28 21:14 . 2012-12-28 21:14 42760 ----a-w- c:\windows\SysWow64\certsentry.dll
2012-12-28 01:44 . 2011-03-31 03:54 1227840 ----a-w- c:\windows\system32\drivers\AE1200vista64.sys
2012-12-28 01:44 . 2011-03-31 03:54 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-12-28 01:44 . 2011-03-31 03:51 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-12-28 01:44 . 2011-03-31 03:51 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-12-28 01:44 . 2006-11-02 14:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-12-28 01:44 . 2007-11-05 12:23 40464 ----a-r- c:\windows\system32\drivers\npf.sys
2012-12-12 01:46 . 2012-12-12 01:46 -------- d-----w- C:\FRST
2012-12-10 02:57 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EE3D4D-F76E-4F0C-A0BB-4B1533737393}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-29 00:04 . 2012-04-01 08:05 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-29 00:04 . 2011-09-05 05:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-23 13:35 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
2012-11-22 22:51 . 2012-11-22 22:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-11-22 22:51 . 2012-11-22 22:51 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-22 22:51 . 2012-11-22 22:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-11-22 22:51 . 2012-11-22 22:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-22 22:51 . 2012-11-22 22:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-22 22:51 . 2012-11-22 22:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-11-22 22:51 . 2012-11-22 22:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-11-22 22:51 . 2012-11-22 22:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-11-22 22:51 . 2012-11-22 22:51 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-11-22 22:51 . 2012-11-22 22:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-11-22 22:51 . 2012-11-22 22:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-11-22 22:51 . 2012-11-22 22:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-11-22 22:51 . 2012-11-22 22:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-22 22:51 . 2012-11-22 22:51 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-22 22:51 . 2012-11-22 22:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-11-22 22:51 . 2012-11-22 22:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-22 22:51 . 2012-11-22 22:51 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-22 22:51 . 2012-11-22 22:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-22 22:51 . 2012-11-22 22:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-11-22 22:51 . 2012-11-22 22:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-11-22 22:51 . 2012-11-22 22:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-11-22 22:51 . 2012-11-22 22:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-11-22 22:51 . 2012-11-22 22:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-22 22:51 . 2012-11-22 22:51 818176 ----a-w- c:\windows\system32\jscript.dll
2012-11-22 22:51 . 2012-11-22 22:51 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-11-22 22:51 . 2012-11-22 22:51 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-11-22 22:51 . 2012-11-22 22:51 2303488 ----a-w- c:\windows\system32\jscript9.dll
2012-11-22 22:51 . 2012-11-22 22:51 222208 ----a-w- c:\windows\system32\msls31.dll
2012-11-22 22:51 . 2012-11-22 22:51 2136064 ----a-w- c:\windows\system32\iertutil.dll
2012-11-22 22:51 . 2012-11-22 22:51 197120 ----a-w- c:\windows\system32\msrating.dll
2012-11-22 22:51 . 2012-11-22 22:51 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-11-22 22:51 . 2012-11-22 22:51 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-11-22 22:51 . 2012-11-22 22:51 1389056 ----a-w- c:\windows\system32\wininet.dll
2012-11-22 22:51 . 2012-11-22 22:51 136192 ----a-w- c:\windows\system32\advpack.dll
2012-11-22 22:51 . 2012-11-22 22:51 1344000 ----a-w- c:\windows\system32\urlmon.dll
2012-11-22 22:51 . 2012-11-22 22:51 12288 ----a-w- c:\windows\system32\mshta.exe
2012-11-22 22:51 . 2012-11-22 22:51 114176 ----a-w- c:\windows\system32\admparse.dll
2012-11-22 22:51 . 2012-11-22 22:51 96256 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-22 22:51 . 2012-11-22 22:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-11-22 22:51 . 2012-11-22 22:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-11-22 22:51 . 2012-11-22 22:51 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-11-22 22:51 . 2012-11-22 22:51 82432 ----a-w- c:\windows\system32\icardie.dll
2012-11-22 22:51 . 2012-11-22 22:51 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-11-22 22:51 . 2012-11-22 22:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-11-22 22:51 . 2012-11-22 22:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-11-22 22:51 . 2012-11-22 22:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-11-22 22:51 . 2012-11-22 22:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-11-22 22:51 . 2012-11-22 22:51 448512 ----a-w- c:\windows\system32\html.iec
2012-11-22 22:51 . 2012-11-22 22:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-11-22 22:51 . 2012-11-22 22:51 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-11-22 22:51 . 2012-11-22 22:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-11-22 22:51 . 2012-11-22 22:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-22 22:51 . 2012-11-22 22:51 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-11-22 22:51 . 2012-11-22 22:51 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-11-22 22:51 . 2012-11-22 22:51 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-22 22:51 . 2012-11-22 22:51 236544 ----a-w- c:\windows\system32\url.dll
2012-11-22 22:51 . 2012-11-22 22:51 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-11-22 22:51 . 2012-11-22 22:51 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-22 22:51 . 2012-11-22 22:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-11-22 22:51 . 2012-11-22 22:51 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-22 22:51 . 2012-11-22 22:51 10884096 ----a-w- c:\windows\system32\ieframe.dll
2012-11-22 22:51 . 2012-11-22 22:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-11-22 22:51 . 2012-11-22 22:51 103936 ----a-w- c:\windows\system32\inseng.dll
2012-11-22 22:51 . 2012-11-22 22:51 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-22 22:51 . 2012-11-22 22:51 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-11-22 22:51 . 2012-11-22 22:51 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-11-22 22:51 . 2012-11-22 22:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-22 22:51 . 2012-11-22 22:51 17773056 ----a-w- c:\windows\system32\mshtml.dll
2012-11-22 22:51 . 2012-11-22 22:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-22 22:51 . 2012-11-22 22:51 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-11-22 22:51 . 2012-11-22 22:51 160256 ----a-w- c:\windows\system32\wextract.exe
2012-11-22 22:51 . 2012-11-22 22:51 149504 ----a-w- c:\windows\system32\occache.dll
2012-11-08 04:37 . 2012-11-08 04:37 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-08 04:37 . 2012-11-08 04:37 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-08 04:37 . 2012-11-08 04:37 45872 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-08 04:37 . 2012-11-08 04:37 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-08 04:37 . 2012-11-08 04:37 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-08 04:37 . 2012-11-08 04:37 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-08 04:37 . 2012-11-08 04:37 390392 ----a-w- c:\windows\system32\guard64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
[HKEY_CLASSES_ROOT\agihelper.AGUtils]
[HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
[HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-08 297808]
.
[HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-8-7 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi8"=DMENDRV.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [2009-03-02 89600]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-21 2480048]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-11-21 252512]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:04]
.
2011-03-04 c:\windows\Tasks\User_Feed_Synchronization-{6502C394-F919-4A3F-B8C5-AECEB5A77037}.job
- c:\windows\system32\msfeedssync.exe [2012-11-22 22:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
"midi8"=DMENDRV.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: NameServer = 8.26.56.26,156.154.70.22
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {4DFE522A-5D3D-4711-9437-67E066BE1E6E} - hxxp://192.168.254.254/gc2/weblib.cab
FF - ProfilePath - c:\users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://jvhpropheticgeneration.blogspot.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - ExtSQL: !HIDDEN! 2009-06-27 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Flash Player 10 ActiveX - c:\windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43} - c:\program files (x86)\AGI\core\4.2.0.10753\InstallerGUI.exe
AddRemove-Cognitive Tutor - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\w7Svc]
"ImagePath"="c:\program files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Comodo\Dragon\dragon_updater.exe
c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Synaptics\Scrybe\scrybe.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\program files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
c:\windows\SysWow64\perfhost.exe
.
**************************************************************************
.
Completion time: 2012-12-28 19:30:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-29 00:30
.
Pre-Run: 125,561,692,160 bytes free
Post-Run: 127,109,648,384 bytes free
.
- - End Of File - - E045256C0C5F21DA7C05050B90EDC913
 
Looks good.

How is computer doing?

=========================

I don't see any AV program running.
What happened to MSE?

=========================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Computer is doing better! Got my windows firewall back and rebooting no problem. My processor is running at 50% with no programs running and cannot open techspot with IE. Going to download and post back when done.
 
# AdwCleaner v2.103 - Logfile created 12/28/2012 at 21:26:33
# Updated 25/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Jose - RYAN-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Jose\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\AGI
Deleted on reboot : C:\Program Files (x86)\Kiwee Toolbar
Deleted on reboot : C:\Program Files (x86)\vghd
Deleted on reboot : C:\ProgramData\AGI
Deleted on reboot : C:\ProgramData\Kiwee Toolbar
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kiwee Toolbar
Deleted on reboot : C:\Users\Jose\AppData\LocalLow\AGI
Deleted on reboot : C:\Users\Jose\AppData\LocalLow\AVG Security Toolbar
Deleted on reboot : C:\Users\Jose\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\Jose\AppData\LocalLow\Kiwee Toolbar
Deleted on reboot : C:\Users\Jose\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\Jose\AppData\LocalLow\ShoppingReport
Deleted on reboot : C:\Users\Jose\AppData\Roaming\AGI
Deleted on reboot : C:\Users\Jose\AppData\Roaming\iWin
Deleted on reboot : C:\Users\Jose\AppData\Roaming\vghd
File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
File Deleted : C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\searchplugins\Ask.xml
File Deleted : C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\searchplugins\mywebsearch.xml
File Deleted : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg

***** [Registry] *****

Key Deleted : HKCU\Software\AGI
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKLM\Software\AGI
Key Deleted : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM
Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection
Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.KiweeToolbar
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.KiweeToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

File : C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\prefs.js

C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\user.js ... Deleted !

Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&[...]
Deleted : user_pref("extensions.snipit.history_query", "FBGFV=ASKURL=hxxp://www.ask.com/web?q=FBGFV&qsrc=2871&[...]

*************************

AdwCleaner[S1].txt - [7247 octets] - [28/12/2012 21:26:33]

########## EOF - C:\AdwCleaner[S1].txt - [7307 octets] ##########
 
OTL logfile created on: 12/28/2012 10:04:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jose\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.47% Memory free
7.71 Gb Paging File | 5.79 Gb Available in Paging File | 75.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.18 Gb Total Space | 114.91 Gb Free Space | 40.29% Space Free | Partition Type: NTFS
Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS

Computer Name: RYAN-LAPTOP | User Name: Jose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/28 22:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL(2).exe
PRC - [2012/12/19 09:03:44 | 001,868,432 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012/07/24 22:24:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/16 10:28:42 | 008,167,336 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2012/07/16 10:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/27 15:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2010/11/21 12:13:23 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/09/24 21:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/09/24 21:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2002/01/22 09:28:32 | 000,114,688 | ---- | M] (Sound Devices, LLC) -- C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/07 23:37:40 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/08/13 17:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/16 23:14:32 | 000,905,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2012/12/28 19:04:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/19 09:03:44 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/09/20 19:45:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/24 22:24:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/16 10:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/07/27 14:27:48 | 004,999,680 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcam 7\wService.exe -- (w7Svc)
SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/11/21 12:13:23 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2010/03/27 16:09:22 | 001,054,568 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/24 21:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2008/09/24 21:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2002/01/22 09:28:32 | 000,114,688 | ---- | M] (Sound Devices, LLC) [Auto | Running] -- C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe -- (jjtAutoLaunch)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/30 22:54:44 | 001,227,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AE1200vista64.sys -- (Linksys_adapter)
DRV:64bit: - [2010/11/21 12:13:25 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\afcdp.sys -- (afcdp)
DRV:64bit: - [2010/11/21 12:13:16 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm258.sys -- (tdrpman258)
DRV:64bit: - [2010/11/21 12:13:09 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2010/11/21 12:12:45 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/31 11:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rdpdispm.sys -- (RDPDISPM)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/07/12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2010/07/12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010/04/23 15:54:32 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcw72DTV.sys -- (hcw72DTV)
DRV:64bit: - [2010/04/23 15:50:40 | 001,631,488 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcw72ATV.sys -- (hcw72ATV)
DRV:64bit: - [2010/04/23 15:47:46 | 000,038,656 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/13 17:09:38 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2008/10/03 17:17:30 | 000,184,320 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/09/17 00:01:26 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 04:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/04/27 14:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2011/08/26 10:19:18 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{42B8DA5F-2579-4D7F-A302-DF5682506D03}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://jvhpropheticgeneration.blogspot.com/"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.16.0
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files (x86)\UnifiedToolbar\3.2\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/28 21:26:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/24 19:19:08 | 000,000,000 | ---D | M]

[2009/03/02 23:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\mozilla\Extensions
[2012/10/25 18:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions
[2010/07/02 15:23:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/07/12 21:13:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/08/06 18:03:20 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2009/05/29 14:06:19 | 000,002,354 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-live-search.xml
[2010/05/12 15:09:17 | 000,002,037 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-toolbar.xml
[2011/12/12 23:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/20 19:45:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
[2012/01/31 06:12:14 | 000,365,568 | ---- | M] (Navionics) -- C:\Program Files (x86)\mozilla firefox\plugins\npNavIn.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2012/09/20 19:45:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/20 19:45:06 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/28 18:58:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4DFE522A-5D3D-4711-9437-67E066BE1E6E} http://192.168.254.254/gc2/weblib.cab (IPLWebV4 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DE93D3D-068E-4229-9863-146242C6A5F5}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/28 22:01:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL(2).exe
[2012/12/28 19:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jose\Desktop\Souswitch
[2012/12/28 19:31:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/28 18:59:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/28 17:27:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/28 17:27:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/28 17:27:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/28 17:25:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/28 17:23:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/28 17:20:31 | 005,014,093 | R--- | C] (Swearware) -- C:\Users\Jose\Desktop\ComboFix.exe
[2012/12/28 16:14:27 | 000,054,024 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2012/12/28 16:14:27 | 000,045,832 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2012/12/27 20:44:22 | 000,040,464 | R--- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
[2012/12/11 20:46:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/12/09 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Jose\Desktop\RK_Quarantine
[2012/12/09 23:34:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jose\Desktop\aswMBR.exe
[2012/12/09 21:53:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jose\Desktop\dds.com
[1 C:\Users\Jose\Desktop\*.tmp files -> C:\Users\Jose\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/28 22:04:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/28 22:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL(2).exe
[2012/12/28 21:31:13 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/12/28 21:30:39 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/12/28 21:30:39 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 21:30:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/28 21:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/28 21:28:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/12/28 20:18:11 | 000,000,104 | ---- | M] () -- C:\Users\Jose\Computer - Shortcut.lnk
[2012/12/28 19:36:01 | 000,045,832 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2012/12/28 19:36:00 | 000,054,024 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2012/12/28 19:00:51 | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/28 19:00:51 | 000,640,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/28 19:00:51 | 000,119,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/28 18:58:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/12/28 17:20:50 | 005,014,093 | R--- | M] (Swearware) -- C:\Users\Jose\Desktop\ComboFix.exe
[2012/12/27 20:46:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AE1200vista64_01005.Wdf
[2012/12/27 20:39:22 | 000,000,512 | ---- | M] () -- C:\Users\Jose\Desktop\MBR.dat
[2012/12/27 17:57:35 | 000,002,451 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2012/12/09 23:35:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jose\Desktop\aswMBR.exe
[2012/12/09 23:34:18 | 000,753,664 | ---- | M] () -- C:\Users\Jose\Desktop\RogueKiller.exe
[2012/12/09 21:53:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jose\Desktop\dds.com
[2012/12/09 21:32:09 | 000,325,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Jose\Desktop\*.tmp files -> C:\Users\Jose\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/28 20:18:11 | 000,000,104 | ---- | C] () -- C:\Users\Jose\Computer - Shortcut.lnk
[2012/12/28 17:27:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/28 17:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/28 17:27:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/28 17:27:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/28 17:27:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/27 20:46:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AE1200vista64_01005.Wdf
[2012/12/27 20:39:22 | 000,000,512 | ---- | C] () -- C:\Users\Jose\Desktop\MBR.dat
[2012/12/09 23:34:17 | 000,753,664 | ---- | C] () -- C:\Users\Jose\Desktop\RogueKiller.exe
[2012/07/24 22:24:29 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/02/23 08:37:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ShSerialLink.dll
[2011/10/27 10:40:08 | 000,131,116 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\Smaartimpulse.wav
[2011/10/27 10:37:35 | 000,002,712 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cccaimgco.ini
[2011/09/29 18:12:02 | 004,648,960 | ---- | C] () -- C:\Windows\SysWow64\ls9-qt-mt336.dll
[2011/09/07 23:29:35 | 000,073,494 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011/06/26 13:17:36 | 000,751,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/19 21:28:54 | 000,002,691 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cckimgco.ini
[2011/03/29 22:17:32 | 000,000,732 | ---- | C] () -- C:\Users\Jose\AppData\Local\d3d9caps64.dat
[2011/02/24 07:52:06 | 000,002,798 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cceimgco.ini
[2011/02/06 12:35:29 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
[2011/02/06 12:35:03 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/02/06 12:35:03 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/06 12:34:06 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2011/02/06 12:33:01 | 000,003,568 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2011/01/22 17:41:10 | 000,281,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/22 17:39:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/03/23 20:45:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/03/13 21:07:12 | 000,042,306 | ---- | C] () -- C:\Users\Jose\AppData\Local\tmp321.JPG
[2009/03/13 20:57:18 | 000,069,252 | ---- | C] () -- C:\Users\Jose\AppData\Local\tmp321.0
[2009/03/07 08:10:09 | 000,088,064 | ---- | C] () -- C:\Users\Jose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/03 15:31:16 | 000,000,680 | ---- | C] () -- C:\Users\Jose\AppData\Local\d3d9caps.dat
[2009/03/03 12:57:39 | 000,004,398 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2009/10/24 21:11:23 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Ableton
[2010/11/21 12:20:21 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Acronis
[2012/09/22 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Backup Tickets
[2010/11/08 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\BitTorrent
[2012/09/22 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Configuration
[2012/11/13 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\DNA
[2012/01/14 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Downloaded Installations
[2012/11/13 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Dropbox
[2009/05/24 19:40:33 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\FloodLightGames
[2009/05/25 00:06:54 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\funkitron
[2009/05/24 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Gamelab
[2011/11/27 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Harman International
[2010/07/09 17:08:33 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\LimeWire
[2012/02/26 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\MA Lighting Technologies
[2009/03/01 23:12:37 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\muvee Technologies
[2010/04/24 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\ooVoo Details
[2009/05/24 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\PlayFirst
[2011/05/28 19:43:20 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Smaart
[2010/11/08 21:09:10 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\SumatraPDF
[2011/10/20 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\TeamViewer
[2011/02/21 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Temp
[2009/03/05 03:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Template

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE:64bit: - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\.DEFAULT\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5555
FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar"
FF - prefs.js..browser.search.order.1: "Ask"
[2009/05/29 14:06:19 | 000,002,354 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-live-search.xml
[2010/05/12 15:09:17 | 000,002,037 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-toolbar.xml
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
[2011/10/27 10:37:35 | 000,002,712 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cccaimgco.ini
[2011/05/19 21:28:54 | 000,002,691 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cckimgco.ini
[2011/02/24 07:52:06 | 000,002,798 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cceimgco.ini
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=====================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL fix stopped responding the first time but finished the second time. Continuing steps....
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Kiwee Toolbar" removed from browser.search.defaultenginename
Prefs.js: "Ask" removed from browser.search.order.1
File C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-live-search.xml not found.
File C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-toolbar.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
Registry value HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range2\\http not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control CabBuilder
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
File C:\Users\Jose\AppData\Local\cccaimgco.ini not found.
File C:\Users\Jose\AppData\Local\cckimgco.ini not found.
File C:\Users\Jose\AppData\Local\cceimgco.ini not found.
Mount Point not found!
Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\Temp:A8ADE5D8 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jose
->Temp folder emptied: 1262 bytes
->Temporary Internet Files folder emptied: 1703098633 bytes
->Java cache emptied: 122399207 bytes
->FireFox cache emptied: 68328732 bytes
->Flash cache emptied: 290555 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531774 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 6742474 bytes

Total Files Cleaned = 1,813.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jose
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jose
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12292012_002655

Files\Folders moved on Reboot...
File\Folder C:\Users\Jose\AppData\Local\Temp\ehmsas.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back