1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Strong Vault

Discussion in 'Virus & Other Malware Removal' started by lyoung5, Feb 24, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    It came in about a week ago on the back of some audio conversion software. It's a real pain!

    I've followed some posts and run suggested software creating logs but nothing I try gets rid of it (not in Add/Remove Programs, either).

    -----
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) D CPU 3.00GHz, x86 Family 15 Model 6 Stepping 2
    Processor Count: 2
    RAM: 1023 Mb
    Graphics Card: NVIDIA GeForce 6200 TurboCache(TM), 256 Mb
    Hard Drives: C: Total - 190771 MB, Free - 159448 MB; D: Total - 286165 MB, Free - 189589 MB;
    Motherboard: ASUSTeK Computer INC., P5LD2
    Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled
    -----

    Blocking restore point and HD backup from that week is not available.

    Would appreciate anything you might be able to do to help.

    L. Young
     
  2. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello lyoung5,

    You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

    If you do not have Malwarebytes please download from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy & Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

    Next

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

      • o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.
    So when you return please post
    • MBAM log
    • the two OTL logs - OTL.txt and Extras.txt


    Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
     
  3. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    NOTE: I run c:\ for programs; d:\ for files and data; and e:\ for backup of both (not open during these scans).

    When running previously installed Malwarebytes, I received two errors and so
    I removed and re-installed. THe errors appeared again. They are...

    Error 1 -- "Internal Error: Expression error "Runtime Error (at 16:151):
    RegSrv32 failed with exit code 0x5.' [OK]

    Error 2 -- Above error is repeated.

    Log:
    nti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.27.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Leila :: LEILA-P5WD2 [administrator]

    Protection: Enabled

    2/27/2013 8:32:41 AM
    mbam-log-2013-02-27 (08-32-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System |
    Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 274740
    Time elapsed: 26 minute(s), 15 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)
    ------------------------------------

    Downloaded OTL

    Logs:

    OTL.txt

    OTL logfile created on: 2/27/2013 9:17:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Leila\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.17 Mb Total Physical Memory | 438.16 Mb Available Physical Memory | 42.82% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.84% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 155.56 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
    Drive D: | 279.46 Gb Total Space | 185.11 Gb Free Space | 66.24% Space Free | Partition Type: NTFS

    Computer Name: LEILA-P5WD2 | User Name: Leila | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leila\Desktop\OTL.exe
    PRC - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    PRC - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    PRC - [2009/08/14 10:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    PRC - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe
    PRC - [2003/07/25 11:15:48 | 000,536,576 | ---- | M] (-) -- C:\Program Files\Eraser\eraser.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\jetrt\baseline720.dll
    MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\java.dll
    MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\zip.dll
    MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll
    MOD - [2011/06/26 08:16:13 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    MOD - [2009/08/14 10:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
    MOD - [2009/08/14 10:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    MOD - [2001/10/28 16:42:00 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/02/26 21:11:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/19 20:15:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
    SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
    SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
    SRV - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
    DRV - [2013/02/27 08:03:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FAC7BE0D-B7CB-4981-A926-D9F4E57AC8C6}\MpKslc422d23a.sys -- (MpKslc422d23a)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/07 16:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2009/08/17 16:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2009/07/09 14:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
    DRV - [2009/06/21 11:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2009/05/11 16:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/07/24 19:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2008/02/04 19:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2005/04/25 03:34:52 | 002,937,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2005/04/06 13:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
    DRV - [2005/02/01 07:20:00 | 000,229,888 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={sea...SP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60617
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?sourc...120514064D4BBB976834B6573BF1D1&q={searchTerms}
    IE - HKCU\..\SearchScopes\{4864B127-800C-4DBC-8D74-FB4F6373A68B}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=63263&p={searchTerms}
    IE - HKCU\..\SearchScopes\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}: "URL" = http://www.mysearchresults.com/search?&c=4002&t=10&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80473&lng=en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Delta Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.bing.com"
    FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 05:56:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:22:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/20 15:22:01 | 000,000,000 | ---D | M]

    [2012/04/16 19:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Extensions
    [2013/02/15 12:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions
    [2013/02/14 09:33:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/15 11:56:21 | 000,118,969 | ---- | M] () (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\BrowserProtect.xml
    [2013/02/14 20:16:53 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\delta.xml
    [2013/02/14 22:47:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\search-here.xml
    [2013/02/19 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/20 15:22:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/02/19 20:15:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/30 05:55:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
    [2012/05/14 09:56:18 | 000,002,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
    [2013/02/19 20:14:39 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (-)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe ()
    O4 - Startup: C:\Documents and Settings\Leila\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab (Reg Error: Key error.)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Leila\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leila\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/17 13:34:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/01/17 14:15:16 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell - "" = AutoRun
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun\command - "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun\command - "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/27 09:14:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 08:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/27 08:25:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/27 08:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/27 08:23:48 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/26 21:11:27 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Desktop\2-26-13logs
    [2013/02/24 12:54:22 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/22 19:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\Help
    [2013/02/22 19:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
    [2013/02/22 09:31:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 15:24:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
    [2013/02/20 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2013/02/20 15:24:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\DefaultTab
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\.android
    [2013/02/20 15:21:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013/02/20 09:59:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:48 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/19 20:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/02/19 14:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\Malwarebytes
    [2013/02/19 13:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/02/15 12:52:14 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Leila\Local Settings\Application Data\log4cxx.dll
    [2013/02/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/14 20:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\Babylon
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsvousb.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghstrace.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsdiagmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsdiag.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsat.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ghsdiag.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\ghsandroid.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\androidusb.sys
    [2013/02/14 18:30:13 | 000,015,896 | ---- | C] (HandSet Incorporated) -- C:\WINDOWS\System32\drivers\massfilter_hs.sys
    [2013/02/14 18:30:08 | 000,102,936 | ---- | C] (Google, inc) -- C:\WINDOWS\AdbWinApi.dll
    [2013/02/10 21:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2013/02/09 14:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\IsolatedStorage
    [2013/02/09 14:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\My Documents\Family Tree Maker
    [2013/02/09 14:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\Ancestry.com
    [2013/02/09 14:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
    [2013/02/09 14:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
    [2013/02/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media
    [2013/02/09 14:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
    [2013/02/09 14:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
    [2013/02/09 14:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Family Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
    [2013/01/28 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\Sun
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 09:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/27 08:33:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/27 08:28:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/27 08:23:53 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/27 08:03:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/27 08:02:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/27 08:02:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/27 08:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/26 22:01:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:15:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\TheBlaze.url
    [2013/02/26 21:11:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/26 21:11:38 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/26 21:11:30 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 20:52:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/25 13:16:12 | 001,678,013 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/24 15:38:11 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/24 12:54:23 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/23 01:32:05 | 000,000,002 | ---- | M] () -- C:\.colstatus
    [2013/02/22 19:15:57 | 002,811,211 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:54 | 000,367,524 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\gmer.zip
    [2013/02/22 09:31:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 18:33:54 | 000,376,832 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:19 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\SweetPalace.url
    [2013/02/20 09:58:16 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/20 09:58:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:09 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/02/20 09:58:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2013/02/20 09:58:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Leila\ntuser.pol
    [2013/02/13 08:39:01 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 08:16:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2013/02/13 08:12:26 | 000,435,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 08:12:26 | 000,068,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/10 21:01:27 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/02/10 21:01:27 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
    [2013/02/09 22:05:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/09 14:00:39 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | M] () -- C:\Documents and Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2013/01/29 19:18:39 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\OldRadio.url
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/27 08:28:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/26 22:00:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:14:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\TheBlaze.url
    [2013/02/25 13:16:06 | 001,678,013 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/22 19:15:56 | 002,811,211 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:52 | 000,367,524 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\gmer.zip
    [2013/02/20 18:33:54 | 000,376,832 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:08 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\SweetPalace.url
    [2013/02/15 19:37:48 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/15 12:52:14 | 000,196,608 | ---- | C] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\common_functions.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Leila\ntuser.pol
    [2013/02/14 18:30:08 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2013/02/10 21:01:27 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/02/09 14:00:39 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/29 19:18:26 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\OldRadio.url
    [2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\ie_runner_app.exe
    [2012/05/14 09:56:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
    [2012/05/02 06:45:50 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Leila\jobq.dat
    [2012/02/15 16:31:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/04/22 10:19:12 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/17 21:16:42 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/08/03 11:34:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E76ABF

    < End of report >

    Extras.txt

    OTL Extras logfile created on: 2/27/2013 9:17:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Leila\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.17 Mb Total Physical Memory | 438.16 Mb Available Physical Memory | 42.82% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.84% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 155.56 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
    Drive D: | 279.46 Gb Total Space | 185.11 Gb Free Space | 66.24% Space Free | Partition Type: NTFS

    Computer Name: LEILA-P5WD2 | User Name: Leila | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
    InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "19540:UDP" = 19540:UDP:*:Enabled:SXUPTP

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Disabled:Google Chrome
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)
    "C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:mad:xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe" = C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe:*:Enabled:Belkin USB Print and Storage Center -- (Belkin International, Inc.)
    "C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01D42BF0-ED08-463f-8A28-99EB6FEE962B}" = ZTE Handset USB Driver
    "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
    "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
    "{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
    "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Autobahn" = NexDef Plug-in
    "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
    "Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
    "EmailStripper_is1" = EmailStripper 2.2
    "Eraser_is1" = Eraser
    "Family Tree Maker 2011" = Family Tree Maker 2011
    "Foxit Reader_is1" = Foxit Reader
    "Free Easy Burner_is1" = Free Easy Burner V 5.1
    "HTC_WModemDriver" = WModem Driver Installer
    "InstallShield_{9C3F9580-F5CF-4288-894E-9FF0EB24A21C}" = Maxtor Backup
    "InstallShield_{FF268652-B3E8-494F-8343-1FC6DD0FF523}" = Maxtor OneTouch III
    "Logitech Vid" = Logitech Vid HD
    "lvdrivers_12.0" = Logitech Webcam Software Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "pdfFactory" = pdfFactory
    "PhotomatixLight1x32_is1" = Photomatix Light 32-bit version 1.0.1
    "PowerDVDPlayer" = Power DVD Player 2.1
    "RealPlayer 15.0" = RealPlayer
    "VLC media player" = VLC media player 1.1.11
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinZip" = WinZip
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 2/26/2013 11:22:04 PM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/26/2013 11:22:04 PM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 8:52:05 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 8:52:05 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 8:52:05 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 8:52:05 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 9:01:54 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 9:01:54 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 9:01:54 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
    and it will not be loaded. This is most likely caused by a faulty registration.

    Error - 2/27/2013 9:01:54 AM | Computer Name = LEILA-P5WD2 | Source = Userenv | ID = 1041
    Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
    and it will not be loaded. This is most likely caused by a faulty registration.

    [ System Events ]
    Error - 2/22/2013 3:26:35 PM | Computer Name = LEILA-P5WD2 | Source = iteatapi | ID = 262153
    Description = The device, \Device\Scsi\iteatapi1, did not respond within the timeout
    period.

    Error - 2/22/2013 3:33:56 PM | Computer Name = LEILA-P5WD2 | Source = iteatapi | ID = 262153
    Description = The device, \Device\Scsi\iteatapi1, did not respond within the timeout
    period.

    Error - 2/22/2013 3:35:21 PM | Computer Name = LEILA-P5WD2 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service gupdate with
    arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

    Error - 2/22/2013 3:35:24 PM | Computer Name = LEILA-P5WD2 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Google Update Service
    (gupdate) service to connect.

    Error - 2/22/2013 3:35:25 PM | Computer Name = LEILA-P5WD2 | Source = Service Control Manager | ID = 7000
    Description = The Google Update Service (gupdate) service failed to start due to
    the following error: %%1053

    Error - 2/22/2013 7:38:07 PM | Computer Name = LEILA-P5WD2 | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the nvsvc service.

    Error - 2/23/2013 6:51:34 PM | Computer Name = LEILA-P5WD2 | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.15 on
    the Network Card with network address 0017313BDFA5.

    Error - 2/25/2013 10:49:45 AM | Computer Name = LEILA-P5WD2 | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.15 on
    the Network Card with network address 0017313BDFA5.

    Error - 2/26/2013 1:55:33 PM | Computer Name = LEILA-P5WD2 | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.15 on
    the Network Card with network address 0017313BDFA5.

    Error - 2/26/2013 6:03:04 PM | Computer Name = LEILA-P5WD2 | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.2.15 on
    the Network Card with network address 0017313BDFA5.


    < End of report >
     
  4. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hello lyoung5,

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=1...000017313bdfa5
      IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={sear...000017313bdfa5
      IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispat...ms}&tbid=60617
      IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?source...q={searchTerms}
      IE - HKCU\..\SearchScopes\{4864B127-800C-4DBC-8D74-FB4F6373A68B}: "URL" = http://search.freecause.com/search?o...p={searchTerms}
      IE - HKCU\..\SearchScopes\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}: "URL" = http://www.mysearchresults.com/searc...q={searchTerms}
      IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/disp...d=80473&lng=en
      FF - prefs.js..browser.search.selectedEngine: "Delta Search"
      FF - prefs.js..browser.search.useDBForOrder: true
      FF - prefs.js..browser.startup.homepage: "www.bing.com"
      FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
      FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
      [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
      [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
      [2012/05/14 09:56:18 | 000,002,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
      [2013/02/19 20:14:39 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
      O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
      [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
      [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      
      :Files
      C:\Documents and Settings\Leila\Application Data\Babylon
      ipconfig /flushdns /c
      
      :Commands
      [resethosts]
      [emptytemp]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
    Next

    Please download AdwCleaner from here to your desktop
    • Click on the green downward facing arrow on the right to commence download.
    • Run AdwCleaner and select Delete

    [​IMG]

    Once done it will ask to reboot, allow this.

    On reboot a log will be produced please post that back here.

    • So when you return please post
    • OTL fix.txt
    • AdwCleaner log
     
  5. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    Ran OTL.exe with code as directed. After 3.5 hours, 2+ frozen at over 75% accomplished, (Task Mngr would not run / then heading at top of box said "Not Responding"). I initiated a hard off (turn toggle on back of box) to regain control. Waited 30+ seconds and turned back on. No log by OTL came on screen and upon investigation none was created.

    Direction, Please.
     
  6. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Hmm...

    Let's do this and after that we can have another look at OTL and AdwCleaner.

    Please download ComboFix from one of this location:

    Link

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    • Double click on ComboFix.exe & follow the prompts.
    • Your desktop may go blank. This is normal.
    • ComboFix may reboot your machine. This is normal too.

    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
     
  7. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    I noticed upon boot up this AM that MS-Security Essentials is not running at all and I cannot locate it. I attempted to d'load it from MS but was told it is installed on my machine. I worry about being online w/out its protection. Please advise.

    After initiating ComboFix the following msg appeared:

    "...Recovery Console..." not available. Gave a link to d;load and I did so. ComboFix the continued without my further input.

    It ran for about an hour -- the last 20-25 minutes probably sitting idle with generated log on screen. After 20+ minutes, I scrolled to the end of file and determined it was complete I "Saved" and "Saved as" to ensure the file was there then rebooted.

    ---------ComboFix.txt---------
    ComboFix 13-02-26.01 - Leila 02/28/2013 8:17.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.604 [GMT -5:00]
    Running from: c:\documents and settings\Leila\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Leila\Application Data\DefaultTab\DefaultTab
    c:\documents and settings\Leila\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
    c:\documents and settings\Leila\Local Settings\Application Data\common_functions.dll
    c:\documents and settings\Leila\Local Settings\Application Data\ie_runner_app.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\SET71.tmp
    c:\windows\system32\SET76.tmp
    D:\AUTORUN.INF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-28 12:52 . 2013-02-28 12:52 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D56F8486-8922-4803-B4CE-B837C8D5A1C9}\MpKsl616c50c3.sys
    2013-02-28 11:36 . 2013-02-28 11:36 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D56F8486-8922-4803-B4CE-B837C8D5A1C9}\MpKsl4d1b0e10.sys
    2013-02-28 01:32 . 2013-02-28 01:32 -------- d-----w- C:\_OTL
    2013-02-28 01:27 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D56F8486-8922-4803-B4CE-B837C8D5A1C9}\mpengine.dll
    2013-02-27 13:25 . 2013-02-27 13:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-02-27 13:25 . 2012-12-14 21:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-27 02:11 . 2013-02-27 02:11 16473456 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2013-02-26 13:20 . 2013-02-08 00:45 6954968 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-23 00:18 . 2013-02-28 13:10 -------- d-----w- c:\program files\Eraser
    2013-02-20 20:24 . 2013-02-20 20:24 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2013-02-20 20:24 . 2013-02-20 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
    2013-02-20 20:24 . 2013-02-28 13:22 -------- d-----w- c:\documents and settings\Leila\Application Data\DefaultTab
    2013-02-15 01:17 . 2013-02-15 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Strongvault Online Backup
    2013-02-15 01:17 . 2013-02-20 20:24 -------- d-----w- C:\AI_RecycleBin
    2013-02-15 01:16 . 2013-02-15 01:16 -------- d-----w- c:\documents and settings\Leila\Application Data\Babylon
    2013-02-09 19:04 . 2013-02-09 19:04 -------- d-----w- c:\documents and settings\Leila\Local Settings\Application Data\IsolatedStorage
    2013-02-09 19:04 . 2013-02-09 19:04 -------- d-----w- c:\documents and settings\Leila\Local Settings\Application Data\Ancestry.com
    2013-02-09 19:01 . 2013-02-09 19:01 -------- d-----w- c:\windows\system32\windows media
    2013-02-09 19:01 . 2013-02-09 19:01 -------- d--h--w- c:\windows\msdownld.tmp
    2013-02-09 19:01 . 2013-02-09 19:01 -------- d-----w- c:\program files\Windows Media Components
    2013-02-09 19:00 . 2013-02-09 19:00 -------- d-----w- c:\program files\Microsoft WSE
    2013-02-09 18:57 . 2013-02-09 19:00 -------- d-----w- c:\program files\BCL Technologies
    2013-02-09 18:57 . 2013-02-09 19:00 -------- d-----w- c:\program files\Family Tree Maker 2011
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 02:11 . 2013-01-20 23:34 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-27 02:11 . 2013-01-20 23:34 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-20 14:58 . 2012-07-30 13:40 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-20 14:58 . 2012-07-30 13:40 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-20 14:58 . 2010-07-26 21:42 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-30 10:53 . 2010-07-17 19:21 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-20 20:59 . 2010-10-25 02:25 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-07 01:19 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2008-04-14 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2008-04-14 12:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49 . 2008-04-14 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-27 10:24 . 2013-01-16 21:50 81920 ----a-w- c:\windows\system32\ieencode.dll
    2012-12-27 10:24 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2012-12-27 10:24 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2012-12-24 07:51 . 2008-04-14 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
    2013-02-20 01:15 . 2013-02-20 01:14 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
    "Eraser"="c:\program files\Eraser\eraser.exe" [2003-07-25 536576]
    .
    c:\documents and settings\Leila\Start Menu\Programs\Startup\
    NexDef Plug-in.lnk - c:\documents and settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe [2011-8-11 15490560]
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-14 607584]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19540:UDP"= 19540:UDP:SXUPTP
    .
    R1 MpKsl616c50c3;MpKsl616c50c3;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D56F8486-8922-4803-B4CE-B837C8D5A1C9}\MpKsl616c50c3.sys [2/28/2013 7:52 AM 29904]
    R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [1/5/2013 7:01 PM 246936]
    S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [1/5/2013 7:01 PM 152576]
    S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [1/5/2013 7:01 PM 49152]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/27/2013 8:28 AM 398184]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/27/2013 8:28 AM 682344]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
    S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2/14/2013 6:30 PM 15896]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/27/2013 8:25 AM 21104]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL616C50C3
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-26 02:11]
    .
    2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 11:36]
    .
    2013-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-09 11:36]
    .
    2013-02-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
    .
    2013-02-10 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 22:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=70b702120000000000000017313bdfa5
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}: NameServer = 8.8.8.8,8.8.4.4
    FF - ProfilePath - c:\documents and settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\
    FF - prefs.js: browser.search.selectedEngine - Delta Search
    FF - prefs.js: browser.startup.homepage - www.bing.com
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 70b702120000000000000017313bdfa5
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15751
    FF - user.js: extensions.delta.vrsn - 1.8.10.0
    FF - user.js: extensions.delta.vrsni - 1.8.10.0
    FF - user.js: extensions.delta.vrsnTs - 1.8.10.020:16
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - en
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-28 08:32
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Completion time: 2013-02-28 08:35:18
    ComboFix-quarantined-files.txt 2013-02-28 13:35
    .
    Pre-Run: 171,032,035,328 bytes free
    Post-Run: 174,038,286,336 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - F4817F10387A0CFDCFB6E91F1A993C56

    -----------------
     
  8. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Making progress.

    Now

    I think MBAM interfered with the running the OTL fix. Please uninstall Malwarebytes and carry out the instructions at post #4. Both for the OTL one and then the AdwCleaner one.

    We can reinstall MBAM later.:)
     
  9. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    Malwarebytes -- uninstalled

    OTL run/fix w/ provided code -- system rebooted log generated onscreen.

    Note: StrongVault tried to load as my mouse touched the desktop to copy
    file. I canceled the installation ASAP. What a pain!

    ------------02282013_175500-Notepad-----------------------
    All processes killed
    ========== OTL ==========
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set
    successfully!
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set
    successfully!
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\
    not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\ deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}\
    not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\
    not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{4864B127-800C-4DBC-8D74-FB4F6373A68B}\ deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4864B127-800C-4DBC-8D74-FB4F6373A68B}\
    not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}\ deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}\
    not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
    Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\
    not found.
    Prefs.js: "Delta Search" removed from browser.search.selectedEngine
    Prefs.js: true removed from browser.search.useDBForOrder
    Prefs.js: "www.bing.com" removed from browser.startup.homepage
    Prefs.js: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6 removed from
    extensions.enabledAddons
    Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 removed from
    extensions.enabledAddons
    C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved
    successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\bing.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved
    successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\search.xml moved
    successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml moved
    successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\
    not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted
    successfully.
    Registry key
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\
    not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Windows\\AppInit_Dlls not found.
    C:\WINDOWS\msdownld.tmp folder deleted successfully.
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    ========== FILES ==========
    C:\Documents and Settings\Leila\Application Data\Babylon folder moved
    successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Leila\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Leila\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Leila
    ->Temp folder emptied: 723847 bytes
    ->Temporary Internet Files folder emptied: 4588780 bytes
    ->Java cache emptied: 1491253 bytes
    ->FireFox cache emptied: 76372668 bytes
    ->Google Chrome cache emptied: 146476188 bytes
    ->Flash cache emptied: 2658121 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 5316 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 113775 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder
    emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet
    Files folder emptied: 33170 bytes
    RecycleBin emptied: 62958384 bytes

    Total Files Cleaned = 282.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02282013_175500

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    ---------END-----------------

    ----------OTL.txt----------------- Created yesterday???
    OTL logfile created on: 2/27/2013 9:17:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and
    Settings\Leila\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type =
    NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format:
    M/d/yyyy

    1023.17 Mb Total Physical Memory | 438.16 Mb Available Physical Memory |
    42.82% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.84% Paging File
    free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
    Files
    Drive C: | 186.30 Gb Total Space | 155.56 Gb Free Space | 83.50% Space Free
    | Partition Type: NTFS
    Drive D: | 279.46 Gb Total Space | 185.11 Gb Free Space | 66.24% Space Free
    | Partition Type: NTFS

    Computer Name: LEILA-P5WD2 | User Name: Leila | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name
    Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) --
    C:\Documents and Settings\Leila\Desktop\OTL.exe
    PRC - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation) --
    C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft
    Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes
    Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes
    Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes
    Corporation) -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamscheduler.exe
    PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) --
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    PRC - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) --
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) --
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    PRC - [2009/08/14 10:48:52 | 000,607,584 | ---- | M] (Broadcom
    Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) --
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft
    Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program
    Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    PRC - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) -- C:\Program
    Files\Maxtor\Utils\SyncServices.exe
    PRC - [2003/07/25 11:15:48 | 000,536,576 | ---- | M] (-) -- C:\Program
    Files\Eraser\eraser.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application
    Data\Autobahn\rt\jetrt\baseline720.dll
    MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\java.dll
    MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\zip.dll
    MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll
    MOD - [2011/06/26 08:16:13 | 000,985,088 | ---- | M] () -- C:\Program
    Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program
    Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program
    Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    MOD - [2009/08/14 10:47:34 | 002,854,976 | ---- | M] () --
    C:\WINDOWS\system32\btwicons.dll
    MOD - [2009/08/14 10:45:04 | 000,069,697 | ---- | M] () -- C:\Program
    Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program
    Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    MOD - [2001/10/28 16:42:00 | 000,116,224 | ---- | M] () --
    C:\WINDOWS\system32\redmonnt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/02/26 21:11:39 | 000,251,248 | ---- | M] (Adobe Systems
    Incorporated) [On_Demand | Stopped] --
    C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe --
    (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation)
    [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe --
    (JavaQuickStarterService)
    SRV - [2013/02/19 20:15:26 | 000,115,608 | ---- | M] (Mozilla Foundation)
    [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance
    Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation)
    [Auto | Running] -- C:\Program Files\Microsoft Security
    Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes
    Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes
    Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies)
    [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe --
    (SkypeUpdate)
    SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto
    | Running] -- C:\Program Files\Belkin\Router Setup and
    Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] --
    C:\Program Files\Belkin\Belkin USB Print and Storage
    Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
    SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] --
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe --
    (Belkin Network USB Helper)
    SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto |
    Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe --
    (LVPrcSrv)
    SRV - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () [Auto | Running] --
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe --
    (MaxBackServiceInt)
    SRV - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) [Auto | Running] --
    C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] --
    System32\Drivers\AFGMp50.sys -- (AFGMp50)
    DRV - [2013/02/27 08:03:08 | 000,029,904 | ---- | M] (Microsoft Corporation)
    [Kernel | System | Running] -- C:\Documents and Settings\All
    Users\Application Data\Microsoft\Microsoft Antimalware\Definition
    Updates\{FAC7BE0D-B7CB-4981-A926-D9F4E57AC8C6}\MpKslc422d23a.sys --
    (MpKslc422d23a)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes
    Corporation) [File_System | On_Demand | Running] --
    C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/07 16:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated)
    [Kernel | On_Demand | Stopped] --
    C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing
    Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] --
    C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2009/08/17 16:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys --
    (btaudio)
    DRV - [2009/07/09 14:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys --
    (BTKRNL)
    DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology,
    Inc.) [Kernel | On_Demand | Running] --
    C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
    DRV - [2009/06/21 11:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys --
    (BTWUSB)
    DRV - [2009/05/11 16:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys --
    (btwhid)
    DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys --
    (FilterService)
    DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand
    | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/07/24 19:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] --
    C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2008/02/04 19:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys --
    (BTDriver)
    DRV - [2005/04/25 03:34:52 | 002,937,344 | ---- | M] (Realtek Semiconductor
    Corp.) [Kernel | On_Demand | Running] --
    C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2005/04/06 13:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys --
    (MXOPSWD)
    DRV - [2005/02/01 07:20:00 | 000,229,888 | ---- | M] (Marvell) [Kernel |
    On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys --
    (yukonwxp)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand
    | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    http://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope =
    {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
    http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =
    http://www.delta-search.com/?q={sea...SP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" =
    http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60617
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
    https://search.blekko.com/ws/?sourc...120514064D4BBB976834B6573BF1D1&q={searchTerms}
    IE - HKCU\..\SearchScopes\{4864B127-800C-4DBC-8D74-FB4F6373A68B}: "URL" =
    http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=63263&p={searchTerms}
    IE - HKCU\..\SearchScopes\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}: "URL" =
    http://www.mysearchresults.com/search?&c=4002&t=10&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
    http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" =
    http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80473&lng=en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
    "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Delta Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.bing.com"
    FF - prefs.js..extensions.enabledAddons:
    %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
    FF - prefs.js..extensions.enabledAddons:
    %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
    C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not
    found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program
    Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader
    Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT
    READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program
    Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2:
    C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2:
    C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
    C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft
    Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
    Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53:
    c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53:
    c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF -
    HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53:
    C:\Documents and Settings\All Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    (RealNetworks, Inc.)
    FF -
    HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53:
    C:\Documents and Settings\All Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53:
    c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
    C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
    C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF -
    HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:
    C:\Documents and Settings\All Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 05:56:00 |
    000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
    19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    [2013/02/20 15:22:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
    19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M]

    [2012/04/16 19:08:22 | 000,000,000 | ---D | M] (No name found) --
    C:\Documents and Settings\Leila\Application Data\Mozilla\Extensions
    [2013/02/15 12:56:32 | 000,000,000 | ---D | M] (No name found) --
    C:\Documents and Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions
    [2013/02/14 09:33:28 | 000,817,280 | ---- | M] () (No name found) --
    C:\Documents and Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/15 11:56:21 | 000,118,969 | ---- | M] () (No name found) --
    C:\Documents and Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\BrowserProtect.xml
    [2013/02/14 20:16:53 | 000,001,294 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\delta.xml
    [2013/02/14 22:47:42 | 000,000,000 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\search-here.xml
    [2013/02/19 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program
    Files\Mozilla Firefox\extensions
    [2013/02/20 15:22:02 | 000,000,000 | ---D | M] (Skype extension) --
    C:\Program Files\Mozilla
    Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
    Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
    Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
    Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/02/19 20:15:28 | 000,263,064 | ---- | M] (Mozilla Foundation) --
    C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/30 05:55:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program
    Files\mozilla firefox\plugins\nprpplugin.dll
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\babylon.xml
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\bing.xml
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\crawlersrch.xml
    [2012/05/14 09:56:18 | 000,002,143 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\search.xml
    [2013/02/19 20:14:39 | 000,002,086 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) -
    C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) -
    {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All
    Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) -
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) -
    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
    Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} -
    No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
    {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
    {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (-)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program
    Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start
    Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth
    Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\Leila\Start
    Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe ()
    O4 - Startup: C:\Documents and Settings\Leila\Start
    Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program
    Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
    Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
    Software\btsendto_ie.htm ()
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
    (Reg Error: Key error.)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71}
    http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
    http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg
    Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java
    Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java
    Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
    192.168.2.1
    O17 -
    HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}:
    DhcpNameServer = 192.168.2.1
    O17 -
    HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}:
    NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs:
    (c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -
    File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe
    (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -
    C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Leila\Local
    Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leila\Local
    Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/17 13:34:42 | 000,000,000 | ---- | M] () -
    C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/01/17 14:15:16 | 000,000,090 | ---- | M] () -
    D:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell - "" =
    AutoRun
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun - ""
    = Auto&Play
    O33 -
    MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun\command -
    "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000}
    5.2066.1.A10B02 PID_0083
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell - "" =
    AutoRun
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun - ""
    = Auto&Play
    O33 -
    MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun\command -
    "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000}
    5.2066.1.A10B02 PID_0083
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days
    ==========


    [2013/02/27 09:14:52 | 000,602,112 | ---- | C] (OldTimer Tools) --
    C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 08:28:55 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/27 08:25:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) --
    C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/27 08:25:16 | 000,000,000 | ---D | C] -- C:\Program
    Files\Malwarebytes' Anti-Malware
    [2013/02/27 08:23:48 | 010,156,424 | ---- | C] (Malwarebytes
    ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/26 21:11:27 | 016,473,456 | ---- | C] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Desktop\2-26-13logs
    [2013/02/24 12:54:22 | 000,509,440 | ---- | C] (Tech Support Guy System) --
    C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/22 19:23:00 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\Help
    [2013/02/22 19:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
    [2013/02/22 09:31:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents
    and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) --
    C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 15:24:24 | 000,000,000 | -HSD | C] --
    C:\WINDOWS\System32\AI_RecycleBin
    [2013/02/20 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\Babylon
    [2013/02/20 15:24:20 | 000,000,000 | -H-D | C] --
    C:\WINDOWS\System32\GroupPolicy
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\DefaultTab
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\.android
    [2013/02/20 15:21:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013/02/20 09:59:19 | 000,262,560 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:48 | 000,094,112 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/19 20:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla
    Firefox
    [2013/02/19 14:35:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\Malwarebytes
    [2013/02/19 13:40:10 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\Malwarebytes
    [2013/02/15 12:52:14 | 000,940,544 | ---- | C] (Apache Software
    Foundation) -- C:\Documents and Settings\Leila\Local Settings\Application
    Data\log4cxx.dll
    [2013/02/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/14 20:16:27 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\Babylon
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsvousb.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghstrace.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsdiagmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsdiag.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsat.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\ghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\ghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\ghsdiag.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) --
    C:\WINDOWS\System32\drivers\ghsandroid.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) --
    C:\WINDOWS\System32\drivers\androidusb.sys
    [2013/02/14 18:30:13 | 000,015,896 | ---- | C] (HandSet Incorporated) --
    C:\WINDOWS\System32\drivers\massfilter_hs.sys
    [2013/02/14 18:30:08 | 000,102,936 | ---- | C] (Google, inc) --
    C:\WINDOWS\AdbWinApi.dll
    [2013/02/10 21:01:27 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Foxit Reader
    [2013/02/09 14:04:41 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\IsolatedStorage
    [2013/02/09 14:04:15 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\My Documents\Family Tree Maker
    [2013/02/09 14:04:09 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Ancestry.com
    [2013/02/09 14:01:39 | 000,000,000 | ---D | C] --
    C:\WINDOWS\System32\windows media
    [2013/02/09 14:01:12 | 000,000,000 | ---D | C] --
    C:\WINDOWS\RegisteredPackages
    [2013/02/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Windows Media
    [2013/02/09 14:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows
    Media Components
    [2013/02/09 14:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    WSE
    [2013/02/09 14:00:39 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Family Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Family
    Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\BCL
    Technologies
    [2013/01/28 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Sun
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) --
    C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 09:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe
    Flash Player Updater.job
    [2013/02/27 08:33:02 | 000,000,884 | ---- | M] () --
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/27 08:28:56 | 000,000,784 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/27 08:23:53 | 010,156,424 | ---- | M] (Malwarebytes
    ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/27 08:03:06 | 000,013,646 | ---- | M] () --
    C:\WINDOWS\System32\wpa.dbl
    [2013/02/27 08:02:11 | 000,000,278 | ---- | M] () --
    C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/27 08:02:00 | 000,000,880 | ---- | M] () --
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/27 08:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/26 22:01:11 | 000,000,079 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:15:01 | 000,000,079 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\TheBlaze.url
    [2013/02/26 21:11:39 | 000,691,568 | ---- | M] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/26 21:11:38 | 000,071,024 | ---- | M] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/26 21:11:30 | 016,473,456 | ---- | M] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 20:52:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/25 13:16:12 | 001,678,013 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/24 15:38:11 | 000,000,716 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/24 12:54:23 | 000,509,440 | ---- | M] (Tech Support Guy System) --
    C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/23 01:32:05 | 000,000,002 | ---- | M] () -- C:\.colstatus
    [2013/02/22 19:15:57 | 002,811,211 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:54 | 000,367,524 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.zip
    [2013/02/22 09:31:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents
    and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) --
    C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 18:33:54 | 000,376,832 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:19 | 000,000,116 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\SweetPalace.url
    [2013/02/20 09:58:16 | 000,094,112 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/20 09:58:10 | 000,262,560 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:09 | 000,143,872 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\javacpl.cpl
    [2013/02/20 09:58:07 | 000,861,088 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\npdeployJava1.dll
    [2013/02/20 09:58:07 | 000,782,240 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\deployJava1.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | M] () -- C:\Documents and
    Settings\Leila\ntuser.pol
    [2013/02/13 08:39:01 | 000,289,296 | ---- | M] () --
    C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 08:16:29 | 000,001,945 | ---- | M] () --
    C:\WINDOWS\epplauncher.mif
    [2013/02/13 08:12:26 | 000,435,726 | ---- | M] () --
    C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 08:12:26 | 000,068,622 | ---- | M] () --
    C:\WINDOWS\System32\perfc009.dat
    [2013/02/10 21:01:27 | 000,000,809 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick
    Launch\Foxit Reader.lnk
    [2013/02/10 21:01:27 | 000,000,791 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Foxit Reader.lnk
    [2013/02/09 22:05:09 | 000,000,286 | ---- | M] () --
    C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/09 14:00:39 | 000,001,751 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | M] () -- C:\Documents and
    Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) --
    C:\WINDOWS\System32\MpSigStub.exe
    [2013/01/29 19:18:39 | 000,000,118 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\OldRadio.url
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/27 08:28:56 | 000,000,784 | ---- | C] () -- C:\Documents and
    Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/26 22:00:30 | 000,000,079 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:14:37 | 000,000,079 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\TheBlaze.url
    [2013/02/25 13:16:06 | 001,678,013 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/22 19:15:56 | 002,811,211 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:52 | 000,367,524 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.zip
    [2013/02/20 18:33:54 | 000,376,832 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:08 | 000,000,116 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\SweetPalace.url
    [2013/02/15 19:37:48 | 000,000,716 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/15 12:52:14 | 000,196,608 | ---- | C] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\common_functions.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | C] () -- C:\Documents and
    Settings\Leila\ntuser.pol
    [2013/02/14 18:30:08 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2013/02/10 21:01:27 | 000,000,809 | ---- | C] () -- C:\Documents and
    Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick
    Launch\Foxit Reader.lnk
    [2013/02/09 14:00:39 | 000,001,751 | ---- | C] () -- C:\Documents and
    Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | C] () -- C:\Documents and
    Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/29 19:18:26 | 000,000,118 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\OldRadio.url
    [2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\ie_runner_app.exe
    [2012/05/14 09:56:51 | 000,116,224 | ---- | C] () --
    C:\WINDOWS\System32\redmonnt.dll
    [2012/05/02 06:45:50 | 000,000,106 | ---- | C] () -- C:\Documents and
    Settings\Leila\jobq.dat
    [2012/02/15 16:31:25 | 000,003,072 | ---- | C] () --
    C:\WINDOWS\System32\iacenc.dll
    [2011/04/22 10:19:12 | 000,001,324 | ---- | C] () --
    C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/17 21:16:42 | 000,031,744 | ---- | C] () -- C:\Documents and
    Settings\Leila\Local Settings\Application
    Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/08/03 11:34:26 | 000,000,227 | RHS- | M] () --
    C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400
    | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 |
    000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 |
    000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:15E76ABF

    < End of report >

    ---END---

    ----ADWCleaner.log--------------

    # AdwCleaner v2.113 - Logfile created 02/28/2013 at 18:13:43
    # Updated 23/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Leila - LEILA-P5WD2
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Leila\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\BrowserProtect.xml
    File Deleted : C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\delta.xml
    File Deleted : C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\search-here.xml
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Deleted : C:\Documents and Settings\Leila\Application Data\DefaultTab
    Folder Deleted : C:\Documents and Settings\Leila\Local Settings\Application Data\searchcom_001
    Folder Deleted : C:\Program Files\Common Files\FreeCause

    ***** [Registry] *****

    Key Deleted : HKCU\Software\5c68cdeb43eed43
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\CompeteInc
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{093B3D46-0F87-44CF-B44B-79537F1597E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1B169632-4FA6-4BE0-B980-460B5BF7FD08}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{80987362-6216-49BC-98E4-77E6CF71A5D7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{093B3D46-0F87-44CF-B44B-79537F1597E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B169632-4FA6-4BE0-B980-460B5BF7FD08}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80987362-6216-49BC-98E4-77E6CF71A5D7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC376ED9-9E09-4B39-BAD5-083D151EAA86}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\SOFTWARE\5c68cdeb43eed43
    Key Deleted : HKLM\Software\AskBarDis
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80987362-6216-49BC-98E4-77E6CF71A5D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{18FBD679-6983-4B7D-9BB5-76A8FCB66798}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C51B0916-59FE-41D3-8D68-87E6390E18CA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE7F8734-035D-4460-8DD4-609BD251E110}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A839EF3-D283-48A0-B24C-FF0911ED6A86}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\TENCENT
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v6.0.2900.5512

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-US)

    File : C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\prefs.js

    C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\user.js ... Deleted !

    Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntr[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119520&babsrc[...]
    Deleted : user_pref("extensions.delta.admin", false);
    Deleted : user_pref("extensions.delta.aflt", "babsst");
    Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Deleted : user_pref("extensions.delta.autoRvrt", "false");
    Deleted : user_pref("extensions.delta.dfltLng", "en");
    Deleted : user_pref("extensions.delta.excTlbr", false);
    Deleted : user_pref("extensions.delta.id", "70b702120000000000000017313bdfa5");
    Deleted : user_pref("extensions.delta.instlDay", "15751");
    Deleted : user_pref("extensions.delta.instlRef", "sst");
    Deleted : user_pref("extensions.delta.newTab", false);
    Deleted : user_pref("extensions.delta.prdct", "delta");
    Deleted : user_pref("extensions.delta.prtnrId", "delta");
    Deleted : user_pref("extensions.delta.rvrt", "false");
    Deleted : user_pref("extensions.delta.smplGrp", "none");
    Deleted : user_pref("extensions.delta.tlbrId", "base");
    Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
    Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
    Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.020:16:52");
    Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");

    -\\ Google Chrome v [Unable to get version]

    File : C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [8492 octets] - [28/02/2013 18:13:43]

    ########## EOF - C:\AdwCleaner[S1].txt - [8552 octets] ##########

    ---END---
     
  10. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Let's see if this makes a difference.

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      C:\Documents and Settings\Leila\Local Settings\Application Data\Strongvault Online Backup
      c:\documents and settings\All Users\Application Data\Strongvault Online Backup
      C:\Documents and Settings\Leila\Application Data\Babylon
      
      :Commands
      [reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
    Next

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :folderfind
      StrongVault
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt
     
  11. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    Ran OTL with new code. OTL.txt reflects yesterday's date...???

    While clicking on desktop to open this file, StrongVault tried to install
    once again.

    ---OTL.txt---

    OTL logfile created on: 2/27/2013 9:17:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and
    Settings\Leila\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type =
    NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format:
    M/d/yyyy

    1023.17 Mb Total Physical Memory | 438.16 Mb Available Physical Memory |
    42.82% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.84% Paging File
    free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
    Files
    Drive C: | 186.30 Gb Total Space | 155.56 Gb Free Space | 83.50% Space Free
    | Partition Type: NTFS
    Drive D: | 279.46 Gb Total Space | 185.11 Gb Free Space | 66.24% Space Free
    | Partition Type: NTFS

    Computer Name: LEILA-P5WD2 | User Name: Leila | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name
    Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) --
    C:\Documents and Settings\Leila\Desktop\OTL.exe
    PRC - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation) --
    C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft
    Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes
    Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes
    Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes
    Corporation) -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamscheduler.exe
    PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) --
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    PRC - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) --
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) --
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    PRC - [2009/08/14 10:48:52 | 000,607,584 | ---- | M] (Broadcom
    Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) --
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft
    Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program
    Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    PRC - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) -- C:\Program
    Files\Maxtor\Utils\SyncServices.exe
    PRC - [2003/07/25 11:15:48 | 000,536,576 | ---- | M] (-) -- C:\Program
    Files\Eraser\eraser.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application
    Data\Autobahn\rt\jetrt\baseline720.dll
    MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\java.dll
    MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\zip.dll
    MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll
    MOD - [2011/06/26 08:16:13 | 000,985,088 | ---- | M] () -- C:\Program
    Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program
    Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program
    Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program
    Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    MOD - [2009/08/14 10:47:34 | 002,854,976 | ---- | M] () --
    C:\WINDOWS\system32\btwicons.dll
    MOD - [2009/08/14 10:45:04 | 000,069,697 | ---- | M] () -- C:\Program
    Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program
    Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    MOD - [2001/10/28 16:42:00 | 000,116,224 | ---- | M] () --
    C:\WINDOWS\system32\redmonnt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/02/26 21:11:39 | 000,251,248 | ---- | M] (Adobe Systems
    Incorporated) [On_Demand | Stopped] --
    C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe --
    (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation)
    [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe --
    (JavaQuickStarterService)
    SRV - [2013/02/19 20:15:26 | 000,115,608 | ---- | M] (Mozilla Foundation)
    [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance
    Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation)
    [Auto | Running] -- C:\Program Files\Microsoft Security
    Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes
    Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes
    Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes'
    Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies)
    [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe --
    (SkypeUpdate)
    SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto
    | Running] -- C:\Program Files\Belkin\Router Setup and
    Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] --
    C:\Program Files\Belkin\Belkin USB Print and Storage
    Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
    SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] --
    C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe --
    (Belkin Network USB Helper)
    SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto |
    Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe --
    (LVPrcSrv)
    SRV - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () [Auto | Running] --
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe --
    (MaxBackServiceInt)
    SRV - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) [Auto | Running] --
    C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] --
    System32\Drivers\AFGMp50.sys -- (AFGMp50)
    DRV - [2013/02/27 08:03:08 | 000,029,904 | ---- | M] (Microsoft Corporation)
    [Kernel | System | Running] -- C:\Documents and Settings\All
    Users\Application Data\Microsoft\Microsoft Antimalware\Definition
    Updates\{FAC7BE0D-B7CB-4981-A926-D9F4E57AC8C6}\MpKslc422d23a.sys --
    (MpKslc422d23a)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes
    Corporation) [File_System | On_Demand | Running] --
    C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/07 16:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated)
    [Kernel | On_Demand | Stopped] --
    C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing
    Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] --
    C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2009/08/17 16:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys --
    (btaudio)
    DRV - [2009/07/09 14:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys --
    (BTKRNL)
    DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology,
    Inc.) [Kernel | On_Demand | Running] --
    C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
    DRV - [2009/06/21 11:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys --
    (BTWUSB)
    DRV - [2009/05/11 16:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys --
    (btwhid)
    DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys --
    (FilterService)
    DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand
    | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/07/24 19:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Stopped] --
    C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2008/02/04 19:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.)
    [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys --
    (BTDriver)
    DRV - [2005/04/25 03:34:52 | 002,937,344 | ---- | M] (Realtek Semiconductor
    Corp.) [Kernel | On_Demand | Running] --
    C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2005/04/06 13:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel
    | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys --
    (MXOPSWD)
    DRV - [2005/02/01 07:20:00 | 000,229,888 | ---- | M] (Marvell) [Kernel |
    On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys --
    (yukonwxp)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand
    | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    http://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope =
    {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
    http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =
    http://www.delta-search.com/?q={sea...SP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" =
    http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60617
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
    https://search.blekko.com/ws/?sourc...120514064D4BBB976834B6573BF1D1&q={searchTerms}
    IE - HKCU\..\SearchScopes\{4864B127-800C-4DBC-8D74-FB4F6373A68B}: "URL" =
    http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=63263&p={searchTerms}
    IE - HKCU\..\SearchScopes\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}: "URL" =
    http://www.mysearchresults.com/search?&c=4002&t=10&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
    http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" =
    http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80473&lng=en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
    "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Delta Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.bing.com"
    FF - prefs.js..extensions.enabledAddons:
    %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
    FF - prefs.js..extensions.enabledAddons:
    %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
    C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not
    found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program
    Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader
    Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT
    READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program
    Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2:
    C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2:
    C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:
    C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft
    Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
    C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
    Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53:
    c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53:
    c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF -
    HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53:
    C:\Documents and Settings\All Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    (RealNetworks, Inc.)
    FF -
    HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53:
    C:\Documents and Settings\All Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53:
    c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3:
    C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9:
    C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF -
    HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}:
    C:\Documents and Settings\All Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 05:56:00 |
    000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
    19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    [2013/02/20 15:22:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
    19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M]

    [2012/04/16 19:08:22 | 000,000,000 | ---D | M] (No name found) --
    C:\Documents and Settings\Leila\Application Data\Mozilla\Extensions
    [2013/02/15 12:56:32 | 000,000,000 | ---D | M] (No name found) --
    C:\Documents and Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions
    [2013/02/14 09:33:28 | 000,817,280 | ---- | M] () (No name found) --
    C:\Documents and Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/15 11:56:21 | 000,118,969 | ---- | M] () (No name found) --
    C:\Documents and Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\BrowserProtect.xml
    [2013/02/14 20:16:53 | 000,001,294 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\delta.xml
    [2013/02/14 22:47:42 | 000,000,000 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application
    Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\search-here.xml
    [2013/02/19 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program
    Files\Mozilla Firefox\extensions
    [2013/02/20 15:22:02 | 000,000,000 | ---D | M] (Skype extension) --
    C:\Program Files\Mozilla
    Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
    Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
    Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program
    Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/02/19 20:15:28 | 000,263,064 | ---- | M] (Mozilla Foundation) --
    C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/30 05:55:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program
    Files\mozilla firefox\plugins\nprpplugin.dll
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\babylon.xml
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\bing.xml
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\crawlersrch.xml
    [2012/05/14 09:56:18 | 000,002,143 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\search.xml
    [2013/02/19 20:14:39 | 000,002,086 | ---- | M] () -- C:\Program
    Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local
    Settings\Application Data\Google\Chrome\User
    Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) -
    C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) -
    {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All
    Users\Application
    Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) -
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
    Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) -
    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
    Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} -
    No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
    {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) -
    {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (-)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program
    Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start
    Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth
    Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\Leila\Start
    Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and
    Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe ()
    O4 - Startup: C:\Documents and Settings\Leila\Start
    Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program
    Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
    NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program
    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
    Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 -
    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth
    Software\btsendto_ie.htm ()
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
    http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
    (Reg Error: Key error.)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71}
    http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
    http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg
    Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java
    Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java
    Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
    192.168.2.1
    O17 -
    HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}:
    DhcpNameServer = 192.168.2.1
    O17 -
    HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}:
    NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
    C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs:
    (c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -
    File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe
    (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -
    C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Leila\Local
    Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leila\Local
    Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/17 13:34:42 | 000,000,000 | ---- | M] () -
    C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/01/17 14:15:16 | 000,000,090 | ---- | M] () -
    D:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell - "" =
    AutoRun
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun - ""
    = Auto&Play
    O33 -
    MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun\command -
    "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000}
    5.2066.1.A10B02 PID_0083
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell - "" =
    AutoRun
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun - ""
    = Auto&Play
    O33 -
    MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun\command -
    "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000}
    5.2066.1.A10B02 PID_0083
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days
    ==========


    [2013/02/27 09:14:52 | 000,602,112 | ---- | C] (OldTimer Tools) --
    C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 08:28:55 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/27 08:25:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) --
    C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/27 08:25:16 | 000,000,000 | ---D | C] -- C:\Program
    Files\Malwarebytes' Anti-Malware
    [2013/02/27 08:23:48 | 010,156,424 | ---- | C] (Malwarebytes
    ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/26 21:11:27 | 016,473,456 | ---- | C] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Desktop\2-26-13logs
    [2013/02/24 12:54:22 | 000,509,440 | ---- | C] (Tech Support Guy System) --
    C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/22 19:23:00 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\Help
    [2013/02/22 19:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
    [2013/02/22 09:31:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents
    and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) --
    C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 15:24:24 | 000,000,000 | -HSD | C] --
    C:\WINDOWS\System32\AI_RecycleBin
    [2013/02/20 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\Babylon
    [2013/02/20 15:24:20 | 000,000,000 | -H-D | C] --
    C:\WINDOWS\System32\GroupPolicy
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\DefaultTab
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\.android
    [2013/02/20 15:21:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013/02/20 09:59:19 | 000,262,560 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:48 | 000,094,112 | ---- | C] (Oracle Corporation) --
    C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/19 20:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla
    Firefox
    [2013/02/19 14:35:54 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\Malwarebytes
    [2013/02/19 13:40:10 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\Malwarebytes
    [2013/02/15 12:52:14 | 000,940,544 | ---- | C] (Apache Software
    Foundation) -- C:\Documents and Settings\Leila\Local Settings\Application
    Data\log4cxx.dll
    [2013/02/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/14 20:16:27 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Application Data\Babylon
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsvousb.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghstrace.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsdiagmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsdiag.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\zghsat.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\ghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\ghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) --
    C:\WINDOWS\System32\drivers\ghsdiag.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) --
    C:\WINDOWS\System32\drivers\ghsandroid.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) --
    C:\WINDOWS\System32\drivers\androidusb.sys
    [2013/02/14 18:30:13 | 000,015,896 | ---- | C] (HandSet Incorporated) --
    C:\WINDOWS\System32\drivers\massfilter_hs.sys
    [2013/02/14 18:30:08 | 000,102,936 | ---- | C] (Google, inc) --
    C:\WINDOWS\AdbWinApi.dll
    [2013/02/10 21:01:27 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Foxit Reader
    [2013/02/09 14:04:41 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\IsolatedStorage
    [2013/02/09 14:04:15 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\My Documents\Family Tree Maker
    [2013/02/09 14:04:09 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Ancestry.com
    [2013/02/09 14:01:39 | 000,000,000 | ---D | C] --
    C:\WINDOWS\System32\windows media
    [2013/02/09 14:01:12 | 000,000,000 | ---D | C] --
    C:\WINDOWS\RegisteredPackages
    [2013/02/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Windows Media
    [2013/02/09 14:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows
    Media Components
    [2013/02/09 14:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    WSE
    [2013/02/09 14:00:39 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\All Users\Start Menu\Programs\Family Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Family
    Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\BCL
    Technologies
    [2013/01/28 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\Sun
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) --
    C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 09:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe
    Flash Player Updater.job
    [2013/02/27 08:33:02 | 000,000,884 | ---- | M] () --
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/27 08:28:56 | 000,000,784 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/27 08:23:53 | 010,156,424 | ---- | M] (Malwarebytes
    ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/27 08:03:06 | 000,013,646 | ---- | M] () --
    C:\WINDOWS\System32\wpa.dbl
    [2013/02/27 08:02:11 | 000,000,278 | ---- | M] () --
    C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/27 08:02:00 | 000,000,880 | ---- | M] () --
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/27 08:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/26 22:01:11 | 000,000,079 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:15:01 | 000,000,079 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\TheBlaze.url
    [2013/02/26 21:11:39 | 000,691,568 | ---- | M] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/26 21:11:38 | 000,071,024 | ---- | M] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/26 21:11:30 | 016,473,456 | ---- | M] (Adobe Systems
    Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 20:52:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/25 13:16:12 | 001,678,013 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/24 15:38:11 | 000,000,716 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/24 12:54:23 | 000,509,440 | ---- | M] (Tech Support Guy System) --
    C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/23 01:32:05 | 000,000,002 | ---- | M] () -- C:\.colstatus
    [2013/02/22 19:15:57 | 002,811,211 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:54 | 000,367,524 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.zip
    [2013/02/22 09:31:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents
    and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) --
    C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 18:33:54 | 000,376,832 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:19 | 000,000,116 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\SweetPalace.url
    [2013/02/20 09:58:16 | 000,094,112 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/20 09:58:10 | 000,262,560 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:09 | 000,143,872 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\javacpl.cpl
    [2013/02/20 09:58:07 | 000,861,088 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\npdeployJava1.dll
    [2013/02/20 09:58:07 | 000,782,240 | ---- | M] (Oracle Corporation) --
    C:\WINDOWS\System32\deployJava1.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | M] () -- C:\Documents and
    Settings\Leila\ntuser.pol
    [2013/02/13 08:39:01 | 000,289,296 | ---- | M] () --
    C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 08:16:29 | 000,001,945 | ---- | M] () --
    C:\WINDOWS\epplauncher.mif
    [2013/02/13 08:12:26 | 000,435,726 | ---- | M] () --
    C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 08:12:26 | 000,068,622 | ---- | M] () --
    C:\WINDOWS\System32\perfc009.dat
    [2013/02/10 21:01:27 | 000,000,809 | ---- | M] () -- C:\Documents and
    Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick
    Launch\Foxit Reader.lnk
    [2013/02/10 21:01:27 | 000,000,791 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Foxit Reader.lnk
    [2013/02/09 22:05:09 | 000,000,286 | ---- | M] () --
    C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/09 14:00:39 | 000,001,751 | ---- | M] () -- C:\Documents and
    Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | M] () -- C:\Documents and
    Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) --
    C:\WINDOWS\System32\MpSigStub.exe
    [2013/01/29 19:18:39 | 000,000,118 | ---- | M] () -- C:\Documents and
    Settings\Leila\Desktop\OldRadio.url
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/27 08:28:56 | 000,000,784 | ---- | C] () -- C:\Documents and
    Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/26 22:00:30 | 000,000,079 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:14:37 | 000,000,079 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\TheBlaze.url
    [2013/02/25 13:16:06 | 001,678,013 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/22 19:15:56 | 002,811,211 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:52 | 000,367,524 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.zip
    [2013/02/20 18:33:54 | 000,376,832 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:08 | 000,000,116 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\SweetPalace.url
    [2013/02/15 19:37:48 | 000,000,716 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/15 12:52:14 | 000,196,608 | ---- | C] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\common_functions.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | C] () -- C:\Documents and
    Settings\Leila\ntuser.pol
    [2013/02/14 18:30:08 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2013/02/10 21:01:27 | 000,000,809 | ---- | C] () -- C:\Documents and
    Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick
    Launch\Foxit Reader.lnk
    [2013/02/09 14:00:39 | 000,001,751 | ---- | C] () -- C:\Documents and
    Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | C] () -- C:\Documents and
    Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/29 19:18:26 | 000,000,118 | ---- | C] () -- C:\Documents and
    Settings\Leila\Desktop\OldRadio.url
    [2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Documents and
    Settings\Leila\Local Settings\Application Data\ie_runner_app.exe
    [2012/05/14 09:56:51 | 000,116,224 | ---- | C] () --
    C:\WINDOWS\System32\redmonnt.dll
    [2012/05/02 06:45:50 | 000,000,106 | ---- | C] () -- C:\Documents and
    Settings\Leila\jobq.dat
    [2012/02/15 16:31:25 | 000,003,072 | ---- | C] () --
    C:\WINDOWS\System32\iacenc.dll
    [2011/04/22 10:19:12 | 000,001,324 | ---- | C] () --
    C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/17 21:16:42 | 000,031,744 | ---- | C] () -- C:\Documents and
    Settings\Leila\Local Settings\Application
    Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/08/03 11:34:26 | 000,000,227 | RHS- | M] () --
    C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400
    | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 |
    000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 |
    000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All
    Users\Application Data\TEMP:15E76ABF

    < End of report >
    -----
    Ran SystemLook w/ Code

    ----SystemLook.txt----------
    SystemLook 30.07.11 by jpshortstuff
    Log created at 19:13 on 28/02/2013 by Leila
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "StrongVault"
    C:\AI_RecycleBin\{8DBEA361-FED0-43D9-BAA8-D2EBFB2EF939}\5\Strongvault
    d------ [01:17 15/02/2013]

    -= EOF =-
    --------------
     
  12. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    That OTL fix didn't work.

    Looks like you clicked Run Scan instead of Run Fix .

    Here it is again I have added the one that SystemLook found:

    Please run OTL.exe

    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :Files
      C:\Documents and Settings\Leila\Local Settings\Application Data\Strongvault Online Backup
      c:\documents and settings\All Users\Application Data\Strongvault Online Backup
      C:\Documents and Settings\Leila\Application Data\Babylon
      C:\AI_RecycleBin\{8DBEA361-FED0-43D9-BAA8-D2EBFB2EF939}\5\Strongvault
      
      :Commands
      [reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
     
  13. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    I'm sorry... Fighting migraines in between running your fixes on the PC.

    Ran OTL with new code. No sign of StrongVault this time...

    Does it matter that the log says it's created on 02/27? Does it append consecutive runs to the end?

    ----OTL.txt-----
    OTL logfile created on: 2/27/2013 9:17:02 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Leila\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1023.17 Mb Total Physical Memory | 438.16 Mb Available Physical Memory | 42.82% Memory free
    2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.84% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 186.30 Gb Total Space | 155.56 Gb Free Space | 83.50% Space Free | Partition Type: NTFS
    Drive D: | 279.46 Gb Total Space | 185.11 Gb Free Space | 66.24% Space Free | Partition Type: NTFS

    Computer Name: LEILA-P5WD2 | User Name: Leila | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leila\Desktop\OTL.exe
    PRC - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
    PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    PRC - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    PRC - [2009/08/14 10:48:52 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    PRC - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) -- C:\Program Files\Maxtor\Utils\SyncServices.exe
    PRC - [2003/07/25 11:15:48 | 000,536,576 | ---- | M] (-) -- C:\Program Files\Eraser\eraser.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\jetrt\baseline720.dll
    MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\java.dll
    MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe
    MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\zip.dll
    MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\rt\bin\jetvm\jvm.dll
    MOD - [2011/06/26 08:16:13 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
    MOD - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
    MOD - [2009/08/14 10:47:34 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
    MOD - [2009/08/14 10:45:04 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    MOD - [2001/10/28 16:42:00 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/02/26 21:11:39 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/02/20 09:58:13 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2013/02/19 20:15:26 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/23 15:57:36 | 000,563,104 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
    SRV - [2011/04/19 16:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
    SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
    SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/03/20 17:09:26 | 000,188,416 | ---- | M] () [Auto | Running] -- C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -- (MaxBackServiceInt)
    SRV - [2007/03/20 14:22:06 | 000,114,344 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\Maxtor\Utils\SyncServices.exe -- (NTService1)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
    DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
    DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
    DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
    DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
    DRV - [2013/02/27 08:03:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FAC7BE0D-B7CB-4981-A926-D9F4E57AC8C6}\MpKslc422d23a.sys -- (MpKslc422d23a)
    DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/07/07 16:13:46 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_hs.sys -- (massfilter_hs)
    DRV - [2010/08/22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
    DRV - [2009/08/17 16:00:26 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2009/07/09 14:45:00 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2009/06/22 16:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp)
    DRV - [2009/06/21 11:56:14 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2009/05/11 16:45:26 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
    DRV - [2009/04/30 18:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/04/30 18:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
    DRV - [2009/04/30 18:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/07/24 19:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2008/02/04 19:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2005/04/25 03:34:52 | 002,937,344 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
    DRV - [2005/04/06 13:05:24 | 000,015,360 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
    DRV - [2005/02/01 07:20:00 | 000,229,888 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com/?affID=119520&babsrc=HP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={sea...SP_ss&mntrId=70b702120000000000000017313bdfa5
    IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60617
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = https://search.blekko.com/ws/?sourc...120514064D4BBB976834B6573BF1D1&q={searchTerms}
    IE - HKCU\..\SearchScopes\{4864B127-800C-4DBC-8D74-FB4F6373A68B}: "URL" = http://search.freecause.com/search?ourmark=4&fr=freecause&ei=utf-8&type=63263&p={searchTerms}
    IE - HKCU\..\SearchScopes\{5649AF9D-1AAD-4CF2-9E92-52F81C20C786}: "URL" = http://www.mysearchresults.com/search?&c=4002&t=10&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80473&lng=en
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Delta Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.bing.com"
    FF - prefs.js..extensions.enabledAddons: %7BF8A55C97-3DB6-4961-A81D-0DE0080E53CB%7D:0.9.6
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/30 05:56:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 15:22:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/20 15:22:01 | 000,000,000 | ---D | M]

    [2012/04/16 19:08:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Extensions
    [2013/02/15 12:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions
    [2013/02/14 09:33:28 | 000,817,280 | ---- | M] () (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/01/15 11:56:21 | 000,118,969 | ---- | M] () (No name found) -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\BrowserProtect.xml
    [2013/02/14 20:16:53 | 000,001,294 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\delta.xml
    [2013/02/14 22:47:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Mozilla\Firefox\Profiles\hdfj13bh.default\searchplugins\search-here.xml
    [2013/02/19 20:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/02/20 15:22:02 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/02/20 15:22:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/02/19 20:15:28 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/05/30 05:55:32 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2013/02/14 20:16:36 | 000,006,484 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
    [2012/05/14 09:56:18 | 000,002,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml
    [2013/02/19 20:14:39 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.1.0.2123\
    CHR - Extension: No name found = C:\Documents and Settings\Leila\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe (-)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O4 - Startup: C:\Documents and Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Documents and Settings\Leila\Local Settings\Application Data\Autobahn\nexdef.exe ()
    O4 - Startup: C:\Documents and Settings\Leila\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab (Reg Error: Key error.)
    O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF482C4-7B1F-401C-9FD9-C426C565E69B}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (c:\docume~1\alluse~1\applic~1\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Leila\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Leila\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/17 13:34:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2007/01/17 14:15:16 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell - "" = AutoRun
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1092603d-1514-11e2-b448-0017313bdfa5}\Shell\AutoRun\command - "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7fce90b1-761f-11e2-b4ee-0017313bdfa5}\Shell\AutoRun\command - "" = F:\windows\Autorun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A10B02 PID_0083
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/27 09:14:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 08:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/27 08:25:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2013/02/27 08:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2013/02/27 08:23:48 | 010,156,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/26 21:11:27 | 016,473,456 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 15:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Desktop\2-26-13logs
    [2013/02/24 12:54:22 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/22 19:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\Help
    [2013/02/22 19:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
    [2013/02/22 09:31:23 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:30 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 15:24:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
    [2013/02/20 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2013/02/20 15:24:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\DefaultTab
    [2013/02/20 15:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\.android
    [2013/02/20 15:21:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2013/02/20 09:59:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:48 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/19 20:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/02/19 14:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\Malwarebytes
    [2013/02/19 13:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2013/02/15 12:52:14 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Documents and Settings\Leila\Local Settings\Application Data\log4cxx.dll
    [2013/02/14 20:17:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Strongvault Online Backup
    [2013/02/14 20:17:07 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/14 20:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Application Data\Babylon
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsvousb.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghstrace.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsdiagmdm.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsdiag.sys
    [2013/02/14 18:30:13 | 000,113,688 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zghsat.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ghsnmea.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ghsmdm.sys
    [2013/02/14 18:30:13 | 000,113,432 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\ghsdiag.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\ghsandroid.sys
    [2013/02/14 18:30:13 | 000,032,408 | ---- | C] (Google Inc) -- C:\WINDOWS\System32\drivers\androidusb.sys
    [2013/02/14 18:30:13 | 000,015,896 | ---- | C] (HandSet Incorporated) -- C:\WINDOWS\System32\drivers\massfilter_hs.sys
    [2013/02/14 18:30:08 | 000,102,936 | ---- | C] (Google, inc) -- C:\WINDOWS\AdbWinApi.dll
    [2013/02/10 21:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
    [2013/02/09 14:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\IsolatedStorage
    [2013/02/09 14:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\My Documents\Family Tree Maker
    [2013/02/09 14:04:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\Ancestry.com
    [2013/02/09 14:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
    [2013/02/09 14:01:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
    [2013/02/09 14:01:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media
    [2013/02/09 14:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
    [2013/02/09 14:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft WSE
    [2013/02/09 14:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Family Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Family Tree Maker 2011
    [2013/02/09 13:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
    [2013/01/28 17:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Leila\Local Settings\Application Data\Sun
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/27 09:14:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Leila\Desktop\OTL.exe
    [2013/02/27 09:10:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/02/27 08:33:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/02/27 08:28:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/27 08:23:53 | 010,156,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Leila\Desktop\mbam-setup.exe
    [2013/02/27 08:03:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/02/27 08:02:11 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/27 08:02:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/02/27 08:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/02/26 22:01:11 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:15:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\TheBlaze.url
    [2013/02/26 21:11:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/02/26 21:11:38 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/02/26 21:11:30 | 016,473,456 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
    [2013/02/26 20:52:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/02/25 13:16:12 | 001,678,013 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/24 15:38:11 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/24 12:54:23 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Documents and Settings\Leila\Desktop\SysInfo.exe
    [2013/02/23 01:32:05 | 000,000,002 | ---- | M] () -- C:\.colstatus
    [2013/02/22 19:15:57 | 002,811,211 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:54 | 000,367,524 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\gmer.zip
    [2013/02/22 09:31:28 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Leila\Desktop\dds.scr
    [2013/02/22 09:03:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Leila\Desktop\HijackThis.exe
    [2013/02/20 18:33:54 | 000,376,832 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:19 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\SweetPalace.url
    [2013/02/20 09:58:16 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
    [2013/02/20 09:58:10 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
    [2013/02/20 09:58:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
    [2013/02/20 09:58:09 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
    [2013/02/20 09:58:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
    [2013/02/20 09:58:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | M] () -- C:\Documents and Settings\Leila\ntuser.pol
    [2013/02/13 08:39:01 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/02/13 08:16:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2013/02/13 08:12:26 | 000,435,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/02/13 08:12:26 | 000,068,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/02/10 21:01:27 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/02/10 21:01:27 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
    [2013/02/09 22:05:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-73586283-602609370-1606980848-1003.job
    [2013/02/09 14:00:39 | 000,001,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | M] () -- C:\Documents and Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/30 05:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
    [2013/01/29 19:18:39 | 000,000,118 | ---- | M] () -- C:\Documents and Settings\Leila\Desktop\OldRadio.url
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/27 08:28:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/02/26 22:00:30 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\Ancestry.url
    [2013/02/26 21:14:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\TheBlaze.url
    [2013/02/25 13:16:06 | 001,678,013 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\pc-decrapifier-2.3.1.exe
    [2013/02/22 19:15:56 | 002,811,211 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\Eraser57Setup.zip
    [2013/02/22 10:12:52 | 000,367,524 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\gmer.zip
    [2013/02/20 18:33:54 | 000,376,832 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\gmer.exe
    [2013/02/20 17:30:08 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\SweetPalace.url
    [2013/02/15 19:37:48 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\OpenLetter2Ben.lnk
    [2013/02/15 12:52:14 | 000,196,608 | ---- | C] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\common_functions.dll
    [2013/02/14 20:14:58 | 000,000,884 | RHS- | C] () -- C:\Documents and Settings\Leila\ntuser.pol
    [2013/02/14 18:30:08 | 000,584,584 | ---- | C] () -- C:\WINDOWS\adb.exe
    [2013/02/10 21:01:27 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Leila\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2013/02/09 14:00:39 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Family Tree Maker 2011.lnk
    [2013/01/31 10:44:14 | 000,001,059 | ---- | C] () -- C:\Documents and Settings\Leila\Start Menu\Programs\Startup\NexDef Plug-in.lnk
    [2013/01/29 19:18:26 | 000,000,118 | ---- | C] () -- C:\Documents and Settings\Leila\Desktop\OldRadio.url
    [2012/11/23 07:54:40 | 000,114,688 | ---- | C] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\ie_runner_app.exe
    [2012/05/14 09:56:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
    [2012/05/02 06:45:50 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\Leila\jobq.dat
    [2012/02/15 16:31:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2011/04/22 10:19:12 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/17 21:16:42 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Leila\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2010/08/03 11:34:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2012/12/27 05:24:19 | 001,510,400 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15E76ABF

    < End of report >

    -----------------
     
  14. emeraldnzl

    emeraldnzl Malware Specialist

    Joined:
    Nov 3, 2007
    Messages:
    2,570
    Oh dear, I am sorry to hear that. We have plenty of time... just take it slowly when you feel you can.:)

    I didn't ask you for a scan but you gave me one. Does that mean you ran a Scan again and not a Fix or does it mean the fix log didn't show up? Sometimes they don't, especially if you haven't downloaded to your desktop.

    If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

    C:\_OTL\MovedFiles

    See if you can find it there. :)

    If you didn't run the Fix instruction then please do and post the log back here.
     
  15. lyoung5

    lyoung5 Thread Starter

    Joined:
    Feb 22, 2013
    Messages:
    32
    I did run FIX last time!

    Every time I copy or right-click a file, the StrongVault attempts to install via MS-installer??? I have to stop it and a couple times it said the installer was having trouble... Do you want those error messages and code? I can make it do that at will... still...

    File at C:\_OTL\MovedFiles

    ---------------03012013_095457.log-------------------
    ========== FILES ==========
    File\Folder C:\Documents and Settings\Leila\Local Settings\Application Data\Strongvault Online Backup not found.
    File\Folder c:\documents and settings\All Users\Application Data\Strongvault Online Backup not found.
    File\Folder C:\Documents and Settings\Leila\Application Data\Babylon not found.
    C:\AI_RecycleBin\{8DBEA361-FED0-43D9-BAA8-D2EBFB2EF939}\5\Strongvault folder moved successfully.
    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.69.0 log created on 03012013_095457

    ------------------
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Strong Vault
  1. triciabard
    Replies:
    7
    Views:
    764
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090817

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice