online videos won't play on my pc!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
:confused:hi,i'm a novice,& my problem started after reveton-fbi-ransomware infected my pc,(vista,basic-32bit).malwarebytes,(thank them!)unlocked it & deleted the virus.i can surf the web fine,but no online videos will play now!i uninstalled & reinstalled chrome,firefox & flashplayers.also downloading now takes forever.(firefox nearly 2 days)i tried spc scannow,ck.disc,disable accelerator on youtube video!on chrome videos play 2-3 secs.then freeze,play, over & over!on ie & firefox youtube videos don't play at all (black screen).Tech Guy guide-video freeze,play espn,fox news,any site w/videos black screen on all browsers!(chrome,ie,firefox) opera would not load.i tried to attach TSG SysInfo log but i don't know how to zip-file it.( i guess is the term) an aside,as i type i can hear guide video play,freeze-way more freeze of no use.i've surfed the web for a solution (over 2 mo's.) w/no luck.wouldn't wish this on anyone,but i hope someone's figured this out!Big Mahalo!in advance.
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Thanx,i did again w/malwarebytes it deleted 4 objects,but still no videos!
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Thanx in advance for any HELP!sorry for clumsy attempts at this.find these logs/reports:GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-14 23:24:37
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.DE06 149.05GB
Running: jt96e0rx.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwldipow.sys

---- System - GMER 2.0 ----
SSDT 8A0B8076 ZwCreateSection
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8C9D014A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8C9D021A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8C9CFD7C]
SSDT 8A0B8080 ZwRequestWaitReplyPort
SSDT 8A0B807B ZwSetContextThread
SSDT 8A0B8085 ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8C9CFF6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8C9D0000]
SSDT 8A0B808A ZwSystemDebugControl
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8C9CFE32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8C9CFECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8C9D009C]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81AAD8D8 4 Bytes [76, 80, 0B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 3BD 81AADA80 8 Bytes [4A, 01, 9D, 8C, 1A, 02, 9D, ...]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81AADAB4 4 Bytes [7C, FD, 9C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 81AADBFC 4 Bytes [80, 80, 0B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81AADC30 4 Bytes [7B, 80, 0B, 8A]
.text ...
? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 2.0 ----
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-14 23:24:37
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.DE06 149.05GB
Running: jt96e0rx.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwldipow.sys

---- System - GMER 2.0 ----
SSDT 8A0B8076 ZwCreateSection
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8C9D014A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8C9D021A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8C9CFD7C]
SSDT 8A0B8080 ZwRequestWaitReplyPort
SSDT 8A0B807B ZwSetContextThread
SSDT 8A0B8085 ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8C9CFF6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8C9D0000]
SSDT 8A0B808A ZwSystemDebugControl
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8C9CFE32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8C9CFECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8C9D009C]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81AAD8D8 4 Bytes [76, 80, 0B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 3BD 81AADA80 8 Bytes [4A, 01, 9D, 8C, 1A, 02, 9D, ...]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81AADAB4 4 Bytes [7C, FD, 9C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 81AADBFC 4 Bytes [80, 80, 0B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81AADC30 4 Bytes [7B, 80, 0B, 8A]
.text ...
? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 2.0 ----
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-14 23:24:37
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.DE06 149.05GB
Running: jt96e0rx.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwldipow.sys

---- System - GMER 2.0 ----
SSDT 8A0B8076 ZwCreateSection
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8C9D014A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8C9D021A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8C9CFD7C]
SSDT 8A0B8080 ZwRequestWaitReplyPort
SSDT 8A0B807B ZwSetContextThread
SSDT 8A0B8085 ZwSetSecurityObject
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8C9CFF6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8C9D0000]
SSDT 8A0B808A ZwSystemDebugControl
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8C9CFE32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8C9CFECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8C9D009C]
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!KeSetEvent + 215 81AAD8D8 4 Bytes [76, 80, 0B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 3BD 81AADA80 8 Bytes [4A, 01, 9D, 8C, 1A, 02, 9D, ...]
.text ntkrnlpa.exe!KeSetEvent + 3F1 81AADAB4 4 Bytes [7C, FD, 9C, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 81AADBFC 4 Bytes [80, 80, 0B, 8A]
.text ntkrnlpa.exe!KeSetEvent + 56D 81AADC30 4 Bytes [7B, 80, 0B, 8A]
.text ...
? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 2.0 ----
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Hi Richard,I've joined several different help forums,& 1 of them wanted it.Guess I posted to all.Does it help for analysis?It means little to me.Thank you,Chewbaca
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Hi again,I have hijackthis & otl logs in my downloads,but can't figure out how to paste it to this post!Thanks,Chewbaca
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Hi,Maybe I have.Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:25:25 PM, on 1/14/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\System32\WLTRAY.EXE
C:\Program Files\Immunet\3.0.8\iptray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Tom\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=5447d1bf00000000000000225f9e05bd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
O4 - HKLM\..\Run: [Immunet Protect] "C:\Program Files\Immunet\3.0.8\iptray.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
O4 - HKLM\..\RunOnce: [Del19130433] cmd.exe /Q /D /c del "C:\Users\Tom\AppData\Local\Temp\0.del"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Best Codec Pack803588.exe] "C:\Users\Tom\AppData\Local\Temp\Best Codec Pack803588.exe" /XML="C:\Users\Tom\AppData\Local\Temp\EE40.tmp" /STP=0:2
O4 - HKCU\..\RunOnce: [Del19130433] cmd.exe /Q /D /c del "C:\Users\Tom\AppData\Local\Temp\0.del"
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{91499509-0A46-4386-A7FF-C92B41C972C9}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: c:\PROGRA~1\WXDOWN~1\sprotector.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Immunet 3.0 (ImmunetProtect) - Sourcefire, Inc. - C:\Program Files\Immunet\3.0.8\agent.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\WINDOWS\SMINST\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 8948 bytes
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Hi,Maybe I did figure out how to post logs.Big Thanks!OTL logfile created on: 1/13/2013 4:47:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.58% Memory free
4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 85.91 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.21 Gb Free Space | 35.54% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
PRC - C:\WINDOWS\SMINST\Components\PSTImageExt\STImageExtPlg.exe (SOftThinks)
PRC - C:\WINDOWS\SMINST\Components\FileBackup\BackupPlg.exe (SoftThinks)
PRC - C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
PRC - C:\WINDOWS\SMINST\DataSafe.exe (SoftThinks - Dell)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
MOD - C:\WINDOWS\SMINST\Components\RMCCpn\AutoRunC.dll ()
MOD - C:\WINDOWS\SMINST\Components\FileBackup\STBackupEngine.dll ()
MOD - C:\WINDOWS\SMINST\Components\FileBackup\BackupApi.dll ()
MOD - C:\WINDOWS\SMINST\STPowerManagement.dll ()
MOD - C:\WINDOWS\SMINST\STEventLog.Net.dll ()
MOD - C:\WINDOWS\SMINST\STBRCCServCLR.dll ()
MOD - C:\WINDOWS\SMINST\SoftThinksControlLibrary.dll ()
MOD - C:\WINDOWS\SMINST\SftBRCCPiped.dll ()
MOD - C:\WINDOWS\SMINST\SftBRCC.dll ()
MOD - C:\WINDOWS\SMINST\DataSafeResources.dll ()
MOD - C:\WINDOWS\SMINST\DataSafeHelp.dll ()
MOD - C:\WINDOWS\SMINST\AxInterop.WMPLib.dll ()
MOD - C:\WINDOWS\System32\STFiles.dll ()
MOD - C:\WINDOWS\System32\PSTImage.dll ()
MOD - C:\WINDOWS\System32\bcmwlrmt.dll ()
MOD - C:\WINDOWS\System32\PSTVdsDisk.dll ()
MOD - C:\WINDOWS\System32\STWmiM.dll ()
MOD - C:\WINDOWS\System32\STLog.dll ()
MOD - C:\WINDOWS\System32\libxml2.dll ()
MOD - C:\WINDOWS\System32\STCrypto.dll ()
MOD - C:\WINDOWS\System32\STNLS.dll ()
MOD - C:\WINDOWS\System32\STPE.dll ()
MOD - C:\WINDOWS\System32\zlib1.dll ()
MOD - C:\WINDOWS\System32\STRegistry.dll ()
MOD - C:\WINDOWS\System32\STCoreXml.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\WINDOWS\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM42RLY) -- C:\WINDOWS\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (e1express) -- C:\WINDOWS\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
&tb_mrud=18-12-2012

IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKLM\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=5447d1bf00000000000000225f9e05bd
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=118658&tt=0113_3&babsrc=SP_ss&mntrId=5447d1bf00000000000000225f9e05bd
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
&tb_mrud=18-12-2012

IE - HKCU\..\SearchScopes\{6702A597-3B0B-4B51-A5BF-B76770E125B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121147,6900,0,5,0
IE - HKCU\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{9C44BFC8-C734-46F5-83C5-E6889E705134}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80915&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3bajb7lu.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/04 20:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 01:51:30 | 000,000,000 | ---D | M]

[2013/01/04 20:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2013/01/09 18:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions
[2013/01/09 18:18:48 | 000,174,496 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions\[email protected]
[2013/01/04 20:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/25 04:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://yahoo.genieo.com/?v=w3i8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://yahoo.genieo.com/?v=w3i8
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Crackle = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: wxDownload = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnppcfjibdnhenmjgidieaoacjocjek\4_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/30 12:46:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [Best Codec Pack803588.exe] "C:\Users\Tom\AppData\Local\Temp\Best Codec Pack803588.exe" /XML="C:\Users\Tom\AppData\Local\Temp\EE40.tmp" /STP=0:2 File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: adobe.com ([helpx] https in Trusted sites)
O15 - HKCU\..Trusted Domains: googlechrome.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: hdmovieonline.me ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mozillafirefox.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: tubepleasure.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: www.adobe flashplayer ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91499509-0A46-4386-A7FF-C92B41C972C9}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (c:\PROGRA~1\WXDOWN~1\sprotector.dll) - c:\Program Files\WxDownload\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/12 22:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/12 22:05:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/10 16:57:55 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/10 14:56:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/01/10 14:50:59 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/10 14:50:59 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/10 14:50:59 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/09 10:32:28 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 10:18:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/04 20:45:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Mozilla
[2013/01/04 20:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/31 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\player
[2012/12/31 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2012/12/31 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Babylon
[2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Babylon
[2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/12/31 13:14:35 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/31 13:14:35 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/31 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/29 22:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/12/26 08:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/12/26 08:08:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/12/20 14:34:15 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/20 14:34:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/20 00:06:29 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/12/19 20:32:06 | 000,000,000 | ---D | C] -- C:\Temp
[2012/12/18 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\OpenCandy
[2012/12/18 03:02:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/12/17 12:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\vlc
[2012/12/16 22:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/12/16 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/12/16 01:08:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2013/01/13 16:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 23:31:34 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/12 23:31:33 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/01/12 23:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/12 23:30:49 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 22:05:08 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/12 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/01/11 20:04:41 | 000,001,957 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 20:04:41 | 000,001,933 | ---- | M] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
[2013/01/09 16:14:39 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/08 21:05:31 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/08 11:25:24 | 001,809,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/08 11:25:24 | 000,530,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/07 11:56:19 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/01/04 20:44:52 | 000,000,832 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/04 20:44:52 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/31 13:14:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/30 16:58:18 | 000,000,905 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/26 09:21:43 | 000,001,745 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
[2012/12/26 08:08:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/12/16 22:00:21 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

========== Files Created - No Company Name ==========

[2013/01/12 22:05:08 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 20:44:52 | 000,000,832 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/04 20:44:52 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/04 20:44:52 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/31 00:55:16 | 000,001,957 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/31 00:55:16 | 000,001,933 | ---- | C] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
[2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/27 11:10:53 | 2108,018,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/26 09:21:43 | 000,001,745 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
[2012/12/16 22:00:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/30 07:43:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/30 07:43:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/30 07:43:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/30 07:43:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/30 07:43:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/27 22:01:10 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/11/27 21:33:39 | 000,000,024 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\mbam.context.scan
[2012/11/26 02:33:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/11/26 02:33:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/11/18 16:56:24 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2012/11/17 16:05:16 | 000,261,910 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/29 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Anvisoft
[2012/12/08 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013
[2012/12/31 23:20:08 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon
[2012/11/18 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DriverCure
[2012/12/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy
[2012/12/31 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\player
[2012/11/18 13:57:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SpeedyPC Software

========== Purity Check ==========



========== Custom Scans ==========

< Malwarebytes Anti-Malware (Trial) 1.65.1.1000 >
[2006/11/02 07:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 07:58:10 | 000,032,528 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/18 13:56:59 | 000,000,436 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/11/18 13:56:59 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/11/18 13:57:25 | 000,000,464 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< www.malwarebytes.org >

< >

< Database version: v2012.11.19.10 >

< >

< Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) >
Invalid Switch: Networking)

< Internet Explorer 7.0.6001.18000 >

< Tom :: TOM-PC [administrator] >

< >

< Protection: Disabled >

< >

< 11/19/2012 6:48:29 PM >
Invalid Switch: 2012 6:48:29 PM

< mbam-log-2012-11-19 (18-48-29).txt >

< >

< Scan type: Quick scan >

< Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM >
Invalid Switch: Shuriken | PUP | PUM

< Scan options disabled: P2P >

< Objects scanned: 184688 >

< Time elapsed: 4 minute(s), 14 second(s) >

< >

< Memory Processes Detected: 0 >

< (No malicious items detected) >

< >

< Memory Modules Detected: 1 >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

< >

< Registry Keys Detected: 15 >

< HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SYSTEM\CurrentControlSet\Services\BringMeSports_1cService (PUP.MyWebSearch) -> No action taken. >

< HKCR\CLSID\{82c7004a-078e-468c-9c0f-2243618ff7cb} (PUP.MyWebSearch) -> No action taken. >

< HKCR\TypeLib\{256b342b-85a7-4e4e-aa2e-101cddef5efd} (PUP.MyWebSearch) -> No action taken. >

< HKCR\Interface\{06FB54B9-0ABC-4271-9BB9-9015A19E7A5C} (PUP.MyWebSearch) -> No action taken. >

< HKCR\BringMeSports_1c.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. >

< HKCR\BringMeSports_1c.SettingsPlugin (PUP.MyWebSearch) -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall (PUP.MyWebSearch) -> No action taken. >

< HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

< >

< Registry Values Detected: 3 >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports_1c Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Updater (Trojan.Zbot) -> Data: "C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe" -> Quarantined and deleted successfully. >

< >

< Registry Data Items Detected: 0 >

< (No malicious items detected) >

< >

< Folders Detected: 0 >

< (No malicious items detected) >

< >

< Files Detected: 8 >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cbarsvc.exe (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (PUP.MyWebSearch) -> No action taken. >

< C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\N00YECCV\BringMeSports[1].exe (PUP.FunWebProducts) -> No action taken. >

< C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\URX2F1C9\freevideoplayer_d750391[1].exe (PUP.BundleOffers.IIQ) -> No action taken. >

< C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe (Trojan.Zbot) -> Quarantined and deleted successfully. >

< >

< (end) >

< End of report >
 

Chewbaca

Thread Starter
Joined
Jan 10, 2013
Messages
15
Hi,Maybe I did figure out how to post logs.Big Thanks!OTL logfile created on: 1/13/2013 4:47:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.58% Memory free
4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 85.91 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 5.21 Gb Free Space | 35.54% Space Free | Partition Type: NTFS

Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
PRC - C:\WINDOWS\SMINST\Components\PSTImageExt\STImageExtPlg.exe (SOftThinks)
PRC - C:\WINDOWS\SMINST\Components\FileBackup\BackupPlg.exe (SoftThinks)
PRC - C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
PRC - C:\WINDOWS\SMINST\DataSafe.exe (SoftThinks - Dell)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
MOD - C:\WINDOWS\SMINST\Components\RMCCpn\AutoRunC.dll ()
MOD - C:\WINDOWS\SMINST\Components\FileBackup\STBackupEngine.dll ()
MOD - C:\WINDOWS\SMINST\Components\FileBackup\BackupApi.dll ()
MOD - C:\WINDOWS\SMINST\STPowerManagement.dll ()
MOD - C:\WINDOWS\SMINST\STEventLog.Net.dll ()
MOD - C:\WINDOWS\SMINST\STBRCCServCLR.dll ()
MOD - C:\WINDOWS\SMINST\SoftThinksControlLibrary.dll ()
MOD - C:\WINDOWS\SMINST\SftBRCCPiped.dll ()
MOD - C:\WINDOWS\SMINST\SftBRCC.dll ()
MOD - C:\WINDOWS\SMINST\DataSafeResources.dll ()
MOD - C:\WINDOWS\SMINST\DataSafeHelp.dll ()
MOD - C:\WINDOWS\SMINST\AxInterop.WMPLib.dll ()
MOD - C:\WINDOWS\System32\STFiles.dll ()
MOD - C:\WINDOWS\System32\PSTImage.dll ()
MOD - C:\WINDOWS\System32\bcmwlrmt.dll ()
MOD - C:\WINDOWS\System32\PSTVdsDisk.dll ()
MOD - C:\WINDOWS\System32\STWmiM.dll ()
MOD - C:\WINDOWS\System32\STLog.dll ()
MOD - C:\WINDOWS\System32\libxml2.dll ()
MOD - C:\WINDOWS\System32\STCrypto.dll ()
MOD - C:\WINDOWS\System32\STNLS.dll ()
MOD - C:\WINDOWS\System32\STPE.dll ()
MOD - C:\WINDOWS\System32\zlib1.dll ()
MOD - C:\WINDOWS\System32\STRegistry.dll ()
MOD - C:\WINDOWS\System32\STCoreXml.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SftService) -- C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz134) -- C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\WINDOWS\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\WINDOWS\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (BCM42RLY) -- C:\WINDOWS\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (e1express) -- C:\WINDOWS\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
&tb_mrud=18-12-2012

IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKLM\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=5447d1bf00000000000000225f9e05bd
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=118658&tt=0113_3&babsrc=SP_ss&mntrId=5447d1bf00000000000000225f9e05bd
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
&tb_mrud=18-12-2012

IE - HKCU\..\SearchScopes\{6702A597-3B0B-4B51-A5BF-B76770E125B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121147,6900,0,5,0
IE - HKCU\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{9C44BFC8-C734-46F5-83C5-E6889E705134}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
IE - HKCU\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80915&lng=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3bajb7lu.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/04 20:44:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 01:51:30 | 000,000,000 | ---D | M]

[2013/01/04 20:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2013/01/09 18:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions
[2013/01/09 18:18:48 | 000,174,496 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions\[email protected]
[2013/01/04 20:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/25 04:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://yahoo.genieo.com/?v=w3i8
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://yahoo.genieo.com/?v=w3i8
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Crackle = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: wxDownload = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnppcfjibdnhenmjgidieaoacjocjek\4_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/30 12:46:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [Best Codec Pack803588.exe] "C:\Users\Tom\AppData\Local\Temp\Best Codec Pack803588.exe" /XML="C:\Users\Tom\AppData\Local\Temp\EE40.tmp" /STP=0:2 File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Components\scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: adobe.com ([helpx] https in Trusted sites)
O15 - HKCU\..Trusted Domains: googlechrome.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: hdmovieonline.me ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: mozillafirefox.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: tubepleasure.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: www.adobe flashplayer ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91499509-0A46-4386-A7FF-C92B41C972C9}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (c:\PROGRA~1\WXDOWN~1\sprotector.dll) - c:\Program Files\WxDownload\sprotector.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/12 22:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/12 22:05:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/10 16:57:55 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/10 14:56:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/01/10 14:50:59 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/10 14:50:59 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/10 14:50:59 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/09 10:32:28 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 10:18:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/04 20:45:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Mozilla
[2013/01/04 20:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/12/31 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\player
[2012/12/31 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
[2012/12/31 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Babylon
[2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Babylon
[2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/12/31 13:14:35 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/31 13:14:35 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/31 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/29 22:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/12/26 08:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/12/26 08:08:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/12/20 14:34:15 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/20 14:34:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/20 00:06:29 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2012/12/19 20:32:06 | 000,000,000 | ---D | C] -- C:\Temp
[2012/12/18 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\OpenCandy
[2012/12/18 03:02:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/12/17 12:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/12/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\vlc
[2012/12/16 22:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/12/16 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/12/16 01:08:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2013/01/13 16:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/12 23:31:34 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/12 23:31:33 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/01/12 23:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/12 23:30:49 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/12 22:05:08 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/12 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/01/11 20:04:41 | 000,001,957 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 20:04:41 | 000,001,933 | ---- | M] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
[2013/01/09 16:14:39 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/08 21:05:31 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/08 11:25:24 | 001,809,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/08 11:25:24 | 000,530,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/07 11:56:19 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2013/01/04 20:44:52 | 000,000,832 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/04 20:44:52 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/31 13:14:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/30 16:58:18 | 000,000,905 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/12/26 09:21:43 | 000,001,745 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
[2012/12/26 08:08:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/12/16 22:00:21 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

========== Files Created - No Company Name ==========

[2013/01/12 22:05:08 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/04 20:44:52 | 000,000,832 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/04 20:44:52 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/04 20:44:52 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/31 00:55:16 | 000,001,957 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/31 00:55:16 | 000,001,933 | ---- | C] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
[2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/27 11:10:53 | 2108,018,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/26 09:21:43 | 000,001,745 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
[2012/12/16 22:00:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/30 07:43:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/30 07:43:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/30 07:43:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/30 07:43:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/30 07:43:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/27 22:01:10 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
[2012/11/27 21:33:39 | 000,000,024 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\mbam.context.scan
[2012/11/26 02:33:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/11/26 02:33:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/11/18 16:56:24 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
[2012/11/17 16:05:16 | 000,261,910 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/29 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Anvisoft
[2012/12/08 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013
[2012/12/31 23:20:08 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon
[2012/11/18 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DriverCure
[2012/12/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy
[2012/12/31 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\player
[2012/11/18 13:57:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SpeedyPC Software

========== Purity Check ==========



========== Custom Scans ==========

< Malwarebytes Anti-Malware (Trial) 1.65.1.1000 >
[2006/11/02 07:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 07:58:10 | 000,032,528 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/11/18 13:56:59 | 000,000,436 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
[2012/11/18 13:56:59 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/11/18 13:57:25 | 000,000,464 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< www.malwarebytes.org >

< >

< Database version: v2012.11.19.10 >

< >

< Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) >
Invalid Switch: Networking)

< Internet Explorer 7.0.6001.18000 >

< Tom :: TOM-PC [administrator] >

< >

< Protection: Disabled >

< >

< 11/19/2012 6:48:29 PM >
Invalid Switch: 2012 6:48:29 PM

< mbam-log-2012-11-19 (18-48-29).txt >

< >

< Scan type: Quick scan >

< Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM >
Invalid Switch: Shuriken | PUP | PUM

< Scan options disabled: P2P >

< Objects scanned: 184688 >

< Time elapsed: 4 minute(s), 14 second(s) >

< >

< Memory Processes Detected: 0 >

< (No malicious items detected) >

< >

< Memory Modules Detected: 1 >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

< >

< Registry Keys Detected: 15 >

< HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SYSTEM\CurrentControlSet\Services\BringMeSports_1cService (PUP.MyWebSearch) -> No action taken. >

< HKCR\CLSID\{82c7004a-078e-468c-9c0f-2243618ff7cb} (PUP.MyWebSearch) -> No action taken. >

< HKCR\TypeLib\{256b342b-85a7-4e4e-aa2e-101cddef5efd} (PUP.MyWebSearch) -> No action taken. >

< HKCR\Interface\{06FB54B9-0ABC-4271-9BB9-9015A19E7A5C} (PUP.MyWebSearch) -> No action taken. >

< HKCR\BringMeSports_1c.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. >

< HKCR\BringMeSports_1c.SettingsPlugin (PUP.MyWebSearch) -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall (PUP.MyWebSearch) -> No action taken. >

< HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} (PUP.MyWebSearch) -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

< >

< Registry Values Detected: 3 >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h -> No action taken. >

< HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports_1c Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe -> No action taken. >

< HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Updater (Trojan.Zbot) -> Data: "C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe" -> Quarantined and deleted successfully. >

< >

< Registry Data Items Detected: 0 >

< (No malicious items detected) >

< >

< Folders Detected: 0 >

< (No malicious items detected) >

< >

< Files Detected: 8 >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cbarsvc.exe (PUP.MyWebSearch) -> No action taken. >

< C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (PUP.MyWebSearch) -> No action taken. >

< C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\N00YECCV\BringMeSports[1].exe (PUP.FunWebProducts) -> No action taken. >

< C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\URX2F1C9\freevideoplayer_d750391[1].exe (PUP.BundleOffers.IIQ) -> No action taken. >

< C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe (Trojan.Zbot) -> Quarantined and deleted successfully. >

< >

< (end) >

< End of report >
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top