1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

online videos won't play on my pc!

Discussion in 'Virus & Other Malware Removal' started by Chewbaca, Jan 11, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    :confused:hi,i'm a novice,& my problem started after reveton-fbi-ransomware infected my pc,(vista,basic-32bit).malwarebytes,(thank them!)unlocked it & deleted the virus.i can surf the web fine,but no online videos will play now!i uninstalled & reinstalled chrome,firefox & flashplayers.also downloading now takes forever.(firefox nearly 2 days)i tried spc scannow,ck.disc,disable accelerator on youtube video!on chrome videos play 2-3 secs.then freeze,play, over & over!on ie & firefox youtube videos don't play at all (black screen).Tech Guy guide-video freeze,play espn,fox news,any site w/videos black screen on all browsers!(chrome,ie,firefox) opera would not load.i tried to attach TSG SysInfo log but i don't know how to zip-file it.( i guess is the term) an aside,as i type i can hear guide video play,freeze-way more freeze of no use.i've surfed the web for a solution (over 2 mo's.) w/no luck.wouldn't wish this on anyone,but i hope someone's figured this out!Big Mahalo!in advance.
     
  2. DaisukeNiwa197

    DaisukeNiwa197

    Joined:
    Jan 14, 2013
    Messages:
    7
    you should start by scanning your computer for any other viruses if you have not already done so.
     
  3. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Thanx,i did again w/malwarebytes it deleted 4 objects,but still no videos!
     
  4. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Thanx in advance for any HELP!sorry for clumsy attempts at this.find these logs/reports:GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-14 23:24:37
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.DE06 149.05GB
    Running: jt96e0rx.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwldipow.sys

    ---- System - GMER 2.0 ----
    SSDT 8A0B8076 ZwCreateSection
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8C9D014A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8C9D021A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8C9CFD7C]
    SSDT 8A0B8080 ZwRequestWaitReplyPort
    SSDT 8A0B807B ZwSetContextThread
    SSDT 8A0B8085 ZwSetSecurityObject
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8C9CFF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8C9D0000]
    SSDT 8A0B808A ZwSystemDebugControl
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8C9CFE32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8C9CFECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8C9D009C]
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!KeSetEvent + 215 81AAD8D8 4 Bytes [76, 80, 0B, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 3BD 81AADA80 8 Bytes [4A, 01, 9D, 8C, 1A, 02, 9D, ...]
    .text ntkrnlpa.exe!KeSetEvent + 3F1 81AADAB4 4 Bytes [7C, FD, 9C, 8C]
    .text ntkrnlpa.exe!KeSetEvent + 539 81AADBFC 4 Bytes [80, 80, 0B, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 56D 81AADC30 4 Bytes [7B, 80, 0B, 8A]
    .text ...
    ? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- EOF - GMER 2.0 ----
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-14 23:24:37
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.DE06 149.05GB
    Running: jt96e0rx.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwldipow.sys

    ---- System - GMER 2.0 ----
    SSDT 8A0B8076 ZwCreateSection
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8C9D014A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8C9D021A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8C9CFD7C]
    SSDT 8A0B8080 ZwRequestWaitReplyPort
    SSDT 8A0B807B ZwSetContextThread
    SSDT 8A0B8085 ZwSetSecurityObject
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8C9CFF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8C9D0000]
    SSDT 8A0B808A ZwSystemDebugControl
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8C9CFE32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8C9CFECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8C9D009C]
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!KeSetEvent + 215 81AAD8D8 4 Bytes [76, 80, 0B, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 3BD 81AADA80 8 Bytes [4A, 01, 9D, 8C, 1A, 02, 9D, ...]
    .text ntkrnlpa.exe!KeSetEvent + 3F1 81AADAB4 4 Bytes [7C, FD, 9C, 8C]
    .text ntkrnlpa.exe!KeSetEvent + 539 81AADBFC 4 Bytes [80, 80, 0B, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 56D 81AADC30 4 Bytes [7B, 80, 0B, 8A]
    .text ...
    ? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- EOF - GMER 2.0 ----
     
  5. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-14 23:24:37
    Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.DE06 149.05GB
    Running: jt96e0rx.exe; Driver: C:\Users\Tom\AppData\Local\Temp\pwldipow.sys

    ---- System - GMER 2.0 ----
    SSDT 8A0B8076 ZwCreateSection
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x8C9D014A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x8C9D021A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x8C9CFD7C]
    SSDT 8A0B8080 ZwRequestWaitReplyPort
    SSDT 8A0B807B ZwSetContextThread
    SSDT 8A0B8085 ZwSetSecurityObject
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x8C9CFF6A]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x8C9D0000]
    SSDT 8A0B808A ZwSystemDebugControl
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x8C9CFE32]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x8C9CFECE]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x8C9D009C]
    ---- Kernel code sections - GMER 2.0 ----
    .text ntkrnlpa.exe!KeSetEvent + 215 81AAD8D8 4 Bytes [76, 80, 0B, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 3BD 81AADA80 8 Bytes [4A, 01, 9D, 8C, 1A, 02, 9D, ...]
    .text ntkrnlpa.exe!KeSetEvent + 3F1 81AADAB4 4 Bytes [7C, FD, 9C, 8C]
    .text ntkrnlpa.exe!KeSetEvent + 539 81AADBFC 4 Bytes [80, 80, 0B, 8A]
    .text ntkrnlpa.exe!KeSetEvent + 56D 81AADC30 4 Bytes [7B, 80, 0B, 8A]
    .text ...
    ? C:\Users\Tom\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 2.0 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3512] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] kernel32.dll!CreateThread 76FECB0E 5 Bytes JMP 6B7075DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!SetWindowsHookExW 76F087AD 5 Bytes JMP 6B7425AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CallNextHookEx 76F08E3B 5 Bytes JMP 6B767FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!UnhookWindowsHookEx 76F098DB 5 Bytes JMP 6B78ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcA 76F0DB88 7 Bytes JMP 6B709805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExA 76F0DC2A 5 Bytes JMP 6B71363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!CreateWindowExW 76F11305 5 Bytes JMP 6B7703CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DefWindowProcW 76F203B4 7 Bytes JMP 6B768042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] ole32.dll!OleLoadFromStream 77241E80 5 Bytes JMP 6B899784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestA 77135761 5 Bytes JMP 66A10C17 C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WININET.dll!HttpOpenRequestW 77135FEF 5 Bytes JMP 66A10D7B C:\Program Files\Microsoft\BingBar\BingExt.dll (Bing Client Extensions/Microsoft Corporation.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!closesocket 77C6330C 5 Bytes JMP 6EE763B7 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!recv 77C6343A 5 Bytes JMP 6EE766BB C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 1 Byte [E9]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!socket 77C636D1 5 Bytes JMP 6EE756D5 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!connect 77C640D9 5 Bytes JMP 6EE75765 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!getaddrinfo 77C6418A 5 Bytes JMP 6EE7588D C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5628] WS2_32.dll!send 77C6659B 5 Bytes JMP 6EE75D02 C:\Program Files\Microsoft\BingBar\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!EnableWindow 76F0CD8B 5 Bytes JMP 6B749EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 76F310B0 5 Bytes JMP 6B6A1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 76F32EF5 5 Bytes JMP 6B898FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 76F48152 5 Bytes JMP 6B898F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 76F4847D 5 Bytes JMP 6B89901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 76F5D4D9 5 Bytes JMP 6B898ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 76F5D5D3 5 Bytes JMP 6B898E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 76F5D639 5 Bytes JMP 6B898DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 76F5D65D 5 Bytes JMP 6B898D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- EOF - GMER 2.0 ----
     
  6. 1002richards

    1002richards Retired Trusted Advisor

    Joined:
    Jan 29, 2006
    Messages:
    5,333
    Hi Chewbaca,
    What prompted you to post GMER logs?

    Thanks.
    Richard.
     
  7. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Hi Richard,I've joined several different help forums,& 1 of them wanted it.Guess I posted to all.Does it help for analysis?It means little to me.Thank you,Chewbaca
     
  8. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Hi again,I have hijackthis & otl logs in my downloads,but can't figure out how to paste it to this post!Thanks,Chewbaca
     
  9. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Hi,Maybe I have.Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:25:25 PM, on 1/14/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\System32\WLTRAY.EXE
    C:\Program Files\Immunet\3.0.8\iptray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Tom\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=5447d1bf00000000000000225f9e05bd
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\1.5.23.22\escorTlbr.dll
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe"
    O4 - HKLM\..\Run: [Immunet Protect] "C:\Program Files\Immunet\3.0.8\iptray.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\Components\scheduler\Launcher.exe
    O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat"
    O4 - HKLM\..\RunOnce: [Del19130433] cmd.exe /Q /D /c del "C:\Users\Tom\AppData\Local\Temp\0.del"
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Best Codec Pack803588.exe] "C:\Users\Tom\AppData\Local\Temp\Best Codec Pack803588.exe" /XML="C:\Users\Tom\AppData\Local\Temp\EE40.tmp" /STP=0:2
    O4 - HKCU\..\RunOnce: [Del19130433] cmd.exe /Q /D /c del "C:\Users\Tom\AppData\Local\Temp\0.del"
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91499509-0A46-4386-A7FF-C92B41C972C9}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
    O20 - AppInit_DLLs: c:\PROGRA~1\WXDOWN~1\sprotector.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: Immunet 3.0 (ImmunetProtect) - Sourcefire, Inc. - C:\Program Files\Immunet\3.0.8\agent.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\WINDOWS\SMINST\sftservice.EXE
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

    --
    End of file - 8948 bytes
     
  10. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Hi,Maybe I did figure out how to post logs.Big Thanks!OTL logfile created on: 1/13/2013 4:47:35 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.96 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.58% Memory free
    4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.36 Gb Total Space | 85.91 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.21 Gb Free Space | 35.54% Space Free | Partition Type: NTFS

    Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
    PRC - C:\WINDOWS\SMINST\Components\PSTImageExt\STImageExtPlg.exe (SOftThinks)
    PRC - C:\WINDOWS\SMINST\Components\FileBackup\BackupPlg.exe (SoftThinks)
    PRC - C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
    PRC - C:\WINDOWS\SMINST\DataSafe.exe (SoftThinks - Dell)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
    PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
    MOD - C:\WINDOWS\SMINST\Components\RMCCpn\AutoRunC.dll ()
    MOD - C:\WINDOWS\SMINST\Components\FileBackup\STBackupEngine.dll ()
    MOD - C:\WINDOWS\SMINST\Components\FileBackup\BackupApi.dll ()
    MOD - C:\WINDOWS\SMINST\STPowerManagement.dll ()
    MOD - C:\WINDOWS\SMINST\STEventLog.Net.dll ()
    MOD - C:\WINDOWS\SMINST\STBRCCServCLR.dll ()
    MOD - C:\WINDOWS\SMINST\SoftThinksControlLibrary.dll ()
    MOD - C:\WINDOWS\SMINST\SftBRCCPiped.dll ()
    MOD - C:\WINDOWS\SMINST\SftBRCC.dll ()
    MOD - C:\WINDOWS\SMINST\DataSafeResources.dll ()
    MOD - C:\WINDOWS\SMINST\DataSafeHelp.dll ()
    MOD - C:\WINDOWS\SMINST\AxInterop.WMPLib.dll ()
    MOD - C:\WINDOWS\System32\STFiles.dll ()
    MOD - C:\WINDOWS\System32\PSTImage.dll ()
    MOD - C:\WINDOWS\System32\bcmwlrmt.dll ()
    MOD - C:\WINDOWS\System32\PSTVdsDisk.dll ()
    MOD - C:\WINDOWS\System32\STWmiM.dll ()
    MOD - C:\WINDOWS\System32\STLog.dll ()
    MOD - C:\WINDOWS\System32\libxml2.dll ()
    MOD - C:\WINDOWS\System32\STCrypto.dll ()
    MOD - C:\WINDOWS\System32\STNLS.dll ()
    MOD - C:\WINDOWS\System32\STPE.dll ()
    MOD - C:\WINDOWS\System32\zlib1.dll ()
    MOD - C:\WINDOWS\System32\STRegistry.dll ()
    MOD - C:\WINDOWS\System32\STCoreXml.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (SftService) -- C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
    SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
    DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (cpuz134) -- C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
    DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
    DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSHX) -- C:\WINDOWS\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\WINDOWS\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\WINDOWS\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (BCM42RLY) -- C:\WINDOWS\System32\drivers\bcm42rly.sys (Broadcom Corporation)
    DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
    DRV - (ApfiltrService) -- C:\WINDOWS\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (e1express) -- C:\WINDOWS\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
    &tb_mrud=18-12-2012

    IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
    IE - HKLM\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=5447d1bf00000000000000225f9e05bd
    IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=118658&tt=0113_3&babsrc=SP_ss&mntrId=5447d1bf00000000000000225f9e05bd
    IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
    &tb_mrud=18-12-2012

    IE - HKCU\..\SearchScopes\{6702A597-3B0B-4B51-A5BF-B76770E125B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121147,6900,0,5,0
    IE - HKCU\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{9C44BFC8-C734-46F5-83C5-E6889E705134}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
    IE - HKCU\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80915&lng=en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3bajb7lu.default\extensions\[email protected]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/04 20:44:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 01:51:30 | 000,000,000 | ---D | M]

    [2013/01/04 20:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
    [2013/01/09 18:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions
    [2013/01/09 18:18:48 | 000,174,496 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions\[email protected]
    [2013/01/04 20:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/11/25 04:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://yahoo.genieo.com/?v=w3i8
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://yahoo.genieo.com/?v=w3i8
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Crackle = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
    CHR - Extension: wxDownload = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnppcfjibdnhenmjgidieaoacjocjek\4_0\
    CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/30 12:46:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
    O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
    O4 - HKCU..\Run: [Best Codec Pack803588.exe] "C:\Users\Tom\AppData\Local\Temp\Best Codec Pack803588.exe" /XML="C:\Users\Tom\AppData\Local\Temp\EE40.tmp" /STP=0:2 File not found
    O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Components\scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKCU\..Trusted Domains: adobe.com ([helpx] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: googlechrome.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: hdmovieonline.me ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mozillafirefox.org ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: tubepleasure.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: www.adobe flashplayer ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91499509-0A46-4386-A7FF-C92B41C972C9}: NameServer = 8.26.56.26,156.154.70.22
    O20 - AppInit_DLLs: (c:\PROGRA~1\WXDOWN~1\sprotector.dll) - c:\Program Files\WxDownload\sprotector.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/12 22:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/12 22:05:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/10 16:57:55 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013/01/10 14:56:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2013/01/10 14:50:59 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/01/10 14:50:59 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/01/10 14:50:59 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/01/09 10:32:28 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/01/09 10:18:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/01/04 20:45:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Mozilla
    [2013/01/04 20:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/12/31 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\player
    [2012/12/31 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
    [2012/12/31 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Babylon
    [2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Babylon
    [2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/12/31 13:14:35 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/12/31 13:14:35 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/12/31 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/12/29 22:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2012/12/26 08:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2012/12/26 08:08:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
    [2012/12/20 14:34:15 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/20 14:34:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/20 00:06:29 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
    [2012/12/19 20:32:06 | 000,000,000 | ---D | C] -- C:\Temp
    [2012/12/18 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\OpenCandy
    [2012/12/18 03:02:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/12/17 12:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/12/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\vlc
    [2012/12/16 22:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/12/16 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2012/12/16 01:08:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Macromedia

    ========== Files - Modified Within 30 Days ==========

    [2013/01/13 16:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/13 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/12 23:31:34 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/12 23:31:33 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2013/01/12 23:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/12 23:30:49 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/12 22:05:08 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/12 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2013/01/11 20:04:41 | 000,001,957 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/11 20:04:41 | 000,001,933 | ---- | M] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
    [2013/01/09 16:14:39 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/01/08 21:05:31 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/01/08 11:25:24 | 001,809,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/08 11:25:24 | 000,530,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/07 11:56:19 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2013/01/04 20:44:52 | 000,000,832 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/04 20:44:52 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/31 13:14:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/12/30 16:58:18 | 000,000,905 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/12/26 09:21:43 | 000,001,745 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
    [2012/12/26 08:08:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
    [2012/12/16 22:00:21 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

    ========== Files Created - No Company Name ==========

    [2013/01/12 22:05:08 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/04 20:44:52 | 000,000,832 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/04 20:44:52 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/01/04 20:44:52 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/31 00:55:16 | 000,001,957 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/31 00:55:16 | 000,001,933 | ---- | C] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
    [2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/27 11:10:53 | 2108,018,688 | -HS- | C] () -- C:\hiberfil.sys
    [2012/12/26 09:21:43 | 000,001,745 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
    [2012/12/16 22:00:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/11/30 07:43:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/30 07:43:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/30 07:43:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/30 07:43:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/30 07:43:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/27 22:01:10 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
    [2012/11/27 21:33:39 | 000,000,024 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\mbam.context.scan
    [2012/11/26 02:33:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2012/11/26 02:33:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/11/18 16:56:24 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
    [2012/11/17 16:05:16 | 000,261,910 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

    ========== ZeroAccess Check ==========

    [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/11/29 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Anvisoft
    [2012/12/08 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013
    [2012/12/31 23:20:08 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon
    [2012/11/18 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DriverCure
    [2012/12/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy
    [2012/12/31 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\player
    [2012/11/18 13:57:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SpeedyPC Software

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < Malwarebytes Anti-Malware (Trial) 1.65.1.1000 >
    [2006/11/02 07:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2006/11/02 07:58:10 | 000,032,528 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/11/18 13:56:59 | 000,000,436 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
    [2012/11/18 13:56:59 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/11/18 13:57:25 | 000,000,464 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
    [2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

    < www.malwarebytes.org >

    < >

    < Database version: v2012.11.19.10 >

    < >

    < Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) >
    Invalid Switch: Networking)

    < Internet Explorer 7.0.6001.18000 >

    < Tom :: TOM-PC [administrator] >

    < >

    < Protection: Disabled >

    < >

    < 11/19/2012 6:48:29 PM >
    Invalid Switch: 2012 6:48:29 PM

    < mbam-log-2012-11-19 (18-48-29).txt >

    < >

    < Scan type: Quick scan >

    < Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM >
    Invalid Switch: Shuriken | PUP | PUM

    < Scan options disabled: P2P >

    < Objects scanned: 184688 >

    < Time elapsed: 4 minute(s), 14 second(s) >

    < >

    < Memory Processes Detected: 0 >

    < (No malicious items detected) >

    < >

    < Memory Modules Detected: 1 >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

    < >

    < Registry Keys Detected: 15 >

    < HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SYSTEM\CurrentControlSet\Services\BringMeSports_1cService (PUP.MyWebSearch) -> No action taken. >

    < HKCR\CLSID\{82c7004a-078e-468c-9c0f-2243618ff7cb} (PUP.MyWebSearch) -> No action taken. >

    < HKCR\TypeLib\{256b342b-85a7-4e4e-aa2e-101cddef5efd} (PUP.MyWebSearch) -> No action taken. >

    < HKCR\Interface\{06FB54B9-0ABC-4271-9BB9-9015A19E7A5C} (PUP.MyWebSearch) -> No action taken. >

    < HKCR\BringMeSports_1c.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. >

    < HKCR\BringMeSports_1c.SettingsPlugin (PUP.MyWebSearch) -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall (PUP.MyWebSearch) -> No action taken. >

    < HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

    < >

    < Registry Values Detected: 3 >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports_1c Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Updater (Trojan.Zbot) -> Data: "C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe" -> Quarantined and deleted successfully. >

    < >

    < Registry Data Items Detected: 0 >

    < (No malicious items detected) >

    < >

    < Folders Detected: 0 >

    < (No malicious items detected) >

    < >

    < Files Detected: 8 >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cbarsvc.exe (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (PUP.MyWebSearch) -> No action taken. >

    < C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\N00YECCV\BringMeSports[1].exe (PUP.FunWebProducts) -> No action taken. >

    < C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\URX2F1C9\freevideoplayer_d750391[1].exe (PUP.BundleOffers.IIQ) -> No action taken. >

    < C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe (Trojan.Zbot) -> Quarantined and deleted successfully. >

    < >

    < (end) >

    < End of report >
     
  11. Chewbaca

    Chewbaca Thread Starter

    Joined:
    Jan 10, 2013
    Messages:
    15
    Hi,Maybe I did figure out how to post logs.Big Thanks!OTL logfile created on: 1/13/2013 4:47:35 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Downloads
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.96 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.58% Memory free
    4.16 Gb Paging File | 2.31 Gb Available in Paging File | 55.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 134.36 Gb Total Space | 85.91 Gb Free Space | 63.94% Space Free | Partition Type: NTFS
    Drive D: | 14.65 Gb Total Space | 5.21 Gb Free Space | 35.54% Space Free | Partition Type: NTFS

    Computer Name: TOM-PC | User Name: Tom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
    PRC - C:\Program Files\Google\Update\1.3.21.124\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
    PRC - C:\WINDOWS\SMINST\Components\PSTImageExt\STImageExtPlg.exe (SOftThinks)
    PRC - C:\WINDOWS\SMINST\Components\FileBackup\BackupPlg.exe (SoftThinks)
    PRC - C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
    PRC - C:\WINDOWS\SMINST\DataSafe.exe (SoftThinks - Dell)
    PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
    PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e40fa3c6d2f2a4200ee4e11fce57e7\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\259f7342c8ebb1150db3df1bc4d3394c\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppgooglenaclpluginchrome.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libglesv2.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\libegl.dll ()
    MOD - C:\Program Files\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll ()
    MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\WINDOWS\SMINST\Components\scheduler\STService.exe ()
    MOD - C:\WINDOWS\SMINST\Components\RMCCpn\AutoRunC.dll ()
    MOD - C:\WINDOWS\SMINST\Components\FileBackup\STBackupEngine.dll ()
    MOD - C:\WINDOWS\SMINST\Components\FileBackup\BackupApi.dll ()
    MOD - C:\WINDOWS\SMINST\STPowerManagement.dll ()
    MOD - C:\WINDOWS\SMINST\STEventLog.Net.dll ()
    MOD - C:\WINDOWS\SMINST\STBRCCServCLR.dll ()
    MOD - C:\WINDOWS\SMINST\SoftThinksControlLibrary.dll ()
    MOD - C:\WINDOWS\SMINST\SftBRCCPiped.dll ()
    MOD - C:\WINDOWS\SMINST\SftBRCC.dll ()
    MOD - C:\WINDOWS\SMINST\DataSafeResources.dll ()
    MOD - C:\WINDOWS\SMINST\DataSafeHelp.dll ()
    MOD - C:\WINDOWS\SMINST\AxInterop.WMPLib.dll ()
    MOD - C:\WINDOWS\System32\STFiles.dll ()
    MOD - C:\WINDOWS\System32\PSTImage.dll ()
    MOD - C:\WINDOWS\System32\bcmwlrmt.dll ()
    MOD - C:\WINDOWS\System32\PSTVdsDisk.dll ()
    MOD - C:\WINDOWS\System32\STWmiM.dll ()
    MOD - C:\WINDOWS\System32\STLog.dll ()
    MOD - C:\WINDOWS\System32\libxml2.dll ()
    MOD - C:\WINDOWS\System32\STCrypto.dll ()
    MOD - C:\WINDOWS\System32\STNLS.dll ()
    MOD - C:\WINDOWS\System32\STPE.dll ()
    MOD - C:\WINDOWS\System32\zlib1.dll ()
    MOD - C:\WINDOWS\System32\STRegistry.dll ()
    MOD - C:\WINDOWS\System32\STCoreXml.dll ()


    ========== Services (SafeList) ==========

    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
    SRV - (SftService) -- C:\WINDOWS\SMINST\SftService.exe (SoftThinks)
    SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
    SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe (IDT, Inc.)
    SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe (Andrea Electronics Corporation)
    SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (USBSTOR) -- C:\Windows\system32\drivers\usbstor.sys File not found
    DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (cpuz134) -- C:\Users\Tom\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (avipbb) -- C:\WINDOWS\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
    DRV - (avgntflt) -- C:\WINDOWS\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
    DRV - (avkmgr) -- C:\WINDOWS\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
    DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSHX) -- C:\WINDOWS\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\WINDOWS\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\WINDOWS\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (ssmdrv) -- C:\WINDOWS\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (BCM42RLY) -- C:\WINDOWS\System32\drivers\bcm42rly.sys (Broadcom Corporation)
    DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
    DRV - (PCD5SRVC{3F6A8B78-EC003E00-05040104}) -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms (PC-Doctor, Inc.)
    DRV - (ApfiltrService) -- C:\WINDOWS\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV - (e1express) -- C:\WINDOWS\System32\drivers\e1e6032.sys (Intel Corporation)
    DRV - (R300) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
    &tb_mrud=18-12-2012

    IE - HKLM\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
    IE - HKLM\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=11...HP_ss&mntrId=5447d1bf00000000000000225f9e05bd
    IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=118658&tt=0113_3&babsrc=SP_ss&mntrId=5447d1bf00000000000000225f9e05bd
    IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=sgmao-ie&s_qt=sb&tb_uuid=2012121815131355&tb_oid=18-12-2012
    &tb_mrud=18-12-2012

    IE - HKCU\..\SearchScopes\{6702A597-3B0B-4B51-A5BF-B76770E125B6}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20121147,6900,0,5,0
    IE - HKCU\..\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YLxdm117YYus&ptnrS=YLxdm117YYus&si=466203&ptb=09B9E928-7C4B-448A-8FFE-67923571826B&psa=&ind=2012111810&st=sb&n=77ee63c2&searchfor={searchTerms}
    IE - HKCU\..\SearchScopes\{9C44BFC8-C734-46F5-83C5-E6889E705134}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3201318
    IE - HKCU\..\SearchScopes\{BF592A53-278A-48E0-AA58-D91A9DD3F293}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80915&lng=en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\3bajb7lu.default\extensions\[email protected]b43c852858f.com
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/04 20:44:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/18 01:51:30 | 000,000,000 | ---D | M]

    [2013/01/04 20:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
    [2013/01/09 18:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions
    [2013/01/09 18:18:48 | 000,174,496 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\yhkw72d6.default\extensions\[email protected]
    [2013/01/04 20:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/11/25 04:05:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/11/29 03:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://yahoo.genieo.com/?v=w3i8
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://yahoo.genieo.com/?v=w3i8
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Crackle = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
    CHR - Extension: wxDownload = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnppcfjibdnhenmjgidieaoacjocjek\4_0\
    CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/11/30 12:46:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
    O4 - HKCU..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h File not found
    O4 - HKCU..\Run: [Best Codec Pack803588.exe] "C:\Users\Tom\AppData\Local\Temp\Best Codec Pack803588.exe" /XML="C:\Users\Tom\AppData\Local\Temp\EE40.tmp" /STP=0:2 File not found
    O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
    O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Components\scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKCU\..Trusted Domains: adobe.com ([helpx] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: googlechrome.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: hdmovieonline.me ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: mozillafirefox.org ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: tubepleasure.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: www.adobe flashplayer ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: youtube.com ([]https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 1.7.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_10-windows-i586.cab (Java Plug-in 10.10.2)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4124381C-B242-47A0-AFA5-E58A7974602E}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91499509-0A46-4386-A7FF-C92B41C972C9}: NameServer = 8.26.56.26,156.154.70.22
    O20 - AppInit_DLLs: (c:\PROGRA~1\WXDOWN~1\sprotector.dll) - c:\Program Files\WxDownload\sprotector.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img11.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/12 22:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/12 22:05:06 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2013/01/10 16:57:55 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2013/01/10 14:56:13 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2013/01/10 14:50:59 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2013/01/10 14:50:59 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2013/01/10 14:50:59 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2013/01/09 10:32:28 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/01/09 10:18:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
    [2013/01/04 20:45:01 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Mozilla
    [2013/01/04 20:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
    [2012/12/31 23:46:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\player
    [2012/12/31 23:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
    [2012/12/31 23:20:15 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Babylon
    [2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Babylon
    [2012/12/31 23:20:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/12/31 13:14:35 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/12/31 13:14:35 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/12/31 00:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2012/12/29 22:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2012/12/26 08:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2012/12/26 08:08:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
    [2012/12/20 14:34:15 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2012/12/20 14:34:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/20 00:06:29 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
    [2012/12/19 20:32:06 | 000,000,000 | ---D | C] -- C:\Temp
    [2012/12/18 12:14:22 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\OpenCandy
    [2012/12/18 03:02:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/12/17 12:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/12/16 22:00:36 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\vlc
    [2012/12/16 22:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/12/16 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
    [2012/12/16 01:08:59 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Macromedia

    ========== Files - Modified Within 30 Days ==========

    [2013/01/13 16:28:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/13 15:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 15:31:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/12 23:31:34 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/12 23:31:33 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
    [2013/01/12 23:30:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/12 23:30:49 | 2108,018,688 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/12 22:05:08 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/12 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
    [2013/01/11 20:04:41 | 000,001,957 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2013/01/11 20:04:41 | 000,001,933 | ---- | M] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
    [2013/01/09 16:14:39 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2013/01/08 21:05:31 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/01/08 11:25:24 | 001,809,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/01/08 11:25:24 | 000,530,442 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/01/07 11:56:19 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
    [2013/01/04 20:44:52 | 000,000,832 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/04 20:44:52 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/31 13:14:35 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/12/30 16:58:18 | 000,000,905 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/12/26 09:21:43 | 000,001,745 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
    [2012/12/26 08:08:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
    [2012/12/16 22:00:21 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

    ========== Files Created - No Company Name ==========

    [2013/01/12 22:05:08 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/04 20:44:52 | 000,000,832 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/01/04 20:44:52 | 000,000,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/01/04 20:44:52 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/31 00:55:16 | 000,001,957 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/31 00:55:16 | 000,001,933 | ---- | C] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
    [2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/27 11:10:53 | 2108,018,688 | -HS- | C] () -- C:\hiberfil.sys
    [2012/12/26 09:21:43 | 000,001,745 | ---- | C] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Dragon.lnk
    [2012/12/16 22:00:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/11/30 07:43:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/30 07:43:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/30 07:43:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/30 07:43:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/30 07:43:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/27 22:01:10 | 000,000,162 | ---- | C] () -- C:\Windows\reimage.ini
    [2012/11/27 21:33:39 | 000,000,024 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\mbam.context.scan
    [2012/11/26 02:33:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2012/11/26 02:33:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2012/11/18 16:56:24 | 000,000,680 | ---- | C] () -- C:\Users\Tom\AppData\Local\d3d9caps.dat
    [2012/11/17 16:05:16 | 000,261,910 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

    ========== ZeroAccess Check ==========

    [2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/11/29 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Anvisoft
    [2012/12/08 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\AVG2013
    [2012/12/31 23:20:08 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\Babylon
    [2012/11/18 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\DriverCure
    [2012/12/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\OpenCandy
    [2012/12/31 23:46:43 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\player
    [2012/11/18 13:57:17 | 000,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\SpeedyPC Software

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < Malwarebytes Anti-Malware (Trial) 1.65.1.1000 >
    [2006/11/02 07:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2006/11/02 07:58:10 | 000,032,528 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/11/18 13:56:59 | 000,000,436 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job
    [2012/11/18 13:56:59 | 000,000,488 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    [2012/11/18 13:57:25 | 000,000,464 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
    [2012/12/30 17:23:14 | 000,000,876 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/30 17:23:21 | 000,000,880 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/31 13:14:39 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

    < www.malwarebytes.org >

    < >

    < Database version: v2012.11.19.10 >

    < >

    < Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking) >
    Invalid Switch: Networking)

    < Internet Explorer 7.0.6001.18000 >

    < Tom :: TOM-PC [administrator] >

    < >

    < Protection: Disabled >

    < >

    < 11/19/2012 6:48:29 PM >
    Invalid Switch: 2012 6:48:29 PM

    < mbam-log-2012-11-19 (18-48-29).txt >

    < >

    < Scan type: Quick scan >

    < Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM >
    Invalid Switch: Shuriken | PUP | PUM

    < Scan options disabled: P2P >

    < Objects scanned: 184688 >

    < Time elapsed: 4 minute(s), 14 second(s) >

    < >

    < Memory Processes Detected: 0 >

    < (No malicious items detected) >

    < >

    < Memory Modules Detected: 1 >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

    < >

    < Registry Keys Detected: 15 >

    < HKCR\CLSID\{002d1ba6-4766-4d7d-82b8-f49439c66f97} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{002D1BA6-4766-4D7D-82B8-F49439C66F97} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SYSTEM\CurrentControlSet\Services\BringMeSports_1cService (PUP.MyWebSearch) -> No action taken. >

    < HKCR\CLSID\{82c7004a-078e-468c-9c0f-2243618ff7cb} (PUP.MyWebSearch) -> No action taken. >

    < HKCR\TypeLib\{256b342b-85a7-4e4e-aa2e-101cddef5efd} (PUP.MyWebSearch) -> No action taken. >

    < HKCR\Interface\{06FB54B9-0ABC-4271-9BB9-9015A19E7A5C} (PUP.MyWebSearch) -> No action taken. >

    < HKCR\BringMeSports_1c.SettingsPlugin.1 (PUP.MyWebSearch) -> No action taken. >

    < HKCR\BringMeSports_1c.SettingsPlugin (PUP.MyWebSearch) -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar Uninstall (PUP.MyWebSearch) -> No action taken. >

    < HKCR\CLSID\{f653d037-97fa-4755-98c1-7f382eeb59a7} (PUP.MyWebSearch) -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F653D037-97FA-4755-98C1-7F382EEB59A7} (PUP.MyWebSearch) -> No action taken. >

    < >

    < Registry Values Detected: 3 >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h -> No action taken. >

    < HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BringMeSports_1c Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\BRINGM~2\bar\1.bin\1cbrmon.exe -> No action taken. >

    < HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Updater (Trojan.Zbot) -> Data: "C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe" -> Quarantined and deleted successfully. >

    < >

    < Registry Data Items Detected: 0 >

    < (No malicious items detected) >

    < >

    < Folders Detected: 0 >

    < (No malicious items detected) >

    < >

    < Files Detected: 8 >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrcAs.dll (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cSrchMn.exe (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cbrmon.exe (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cbarsvc.exe (PUP.MyWebSearch) -> No action taken. >

    < C:\Program Files\BringMeSports_1c\bar\1.bin\1cbar.dll (PUP.MyWebSearch) -> No action taken. >

    < C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\N00YECCV\BringMeSports[1].exe (PUP.FunWebProducts) -> No action taken. >

    < C:\Users\Tom\Local Settings\Temporary Internet Files\Content.IE5\URX2F1C9\freevideoplayer_d750391[1].exe (PUP.BundleOffers.IIQ) -> No action taken. >

    < C:\Users\Tom\AppData\Local\Temp\013b1530a2fc.exe (Trojan.Zbot) -> Quarantined and deleted successfully. >

    < >

    < (end) >

    < End of report >
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - online videos won't
  1. hudstore44
    Replies:
    4
    Views:
    619
  2. Serge2012
    Replies:
    68
    Views:
    4,318
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084727

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice