Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

PC non responsive, slow, self rebooting.....


  • Please log in to reply
66 replies to this topic

#46 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 26 July 2012 - 10:10 AM

no. A windows box asked if i wanted to run it,i said yes and nothing happened.

    Advertisements

Register to Remove


#47 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 26 July 2012 - 03:10 PM

Just a quick question while I'm analyzing the OTL log. Did you knowing allow and enable the Chrome plugin to allow remote desktop viewing of your computer?
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#48 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 26 July 2012 - 03:50 PM

hi, i really wouldnt know how to allow it, it sounds like its to allow others to view my laptop so i would never allow that.

#49 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 26 July 2012 - 03:56 PM

Well, supposedly, it's part of a beta program where you can remotely view your desktop from another computer. But yes, if you did not knowingly install and allow the extension then yes, someone else could potentially be looking at your computer when you don't want them to be. So let's go ahead and get rid of that extension if you don't know what it is and you aren't using it. If it turns out to be something that you need, you can always reinstall it later :) (And I'm sorry it took so long for my reply. It was a busy day at work and since OTL logs are long I had to wait to research it until I got home from work. Thanks for your patience.)


Type the following into the address box of your browser:

chrome:extensions

This will show all of the installed extensions in Chrome. Please find the extension for Remote Viewer and uninstall it. You can then close Chrome.

If you are not able to find and remove the extension by doing this, please let me know and we will handle it via another method.



Run OTL.exe by right-clicking and choosing Run as Administrator on the icon.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT3072253
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}...000701a04ecee4d
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?...;ctid=CT3072253
    [2012/05/27 22:32:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Babylon
    [2012/06/04 12:31:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Finder
    
    :Files
    C:\ProgramData\TEMP:EFC181EC
    C:\Users\Lisa\AppData\Roaming\Media Finder
    C:\Users\Lisa\AppData\Roaming\Babylon
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, part of this fix will automatically reboot the computer when the script is done so please don't be alarmed.
  • Then post the resulting OTL log


Please let me know if the unwanted search bars are gone and how the computer is behaving now.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#50 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 26 July 2012 - 04:46 PM

hi, i couldnt find remote viewer, the laptop is working ok so far, the search browser is bing only on IE, which is good news, here is the log result: All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. C:\Users\Lisa\AppData\Roaming\Babylon folder moved successfully. C:\Users\Lisa\AppData\Roaming\Media Finder\Temp folder moved successfully. C:\Users\Lisa\AppData\Roaming\Media Finder\Extensions folder moved successfully. C:\Users\Lisa\AppData\Roaming\Media Finder folder moved successfully. ========== FILES ========== File\Folder C:\ProgramData\TEMP:EFC181EC not found. File\Folder C:\Users\Lisa\AppData\Roaming\Media Finder not found. File\Folder C:\Users\Lisa\AppData\Roaming\Babylon not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Lisa ->Temp folder emptied: 212365 bytes ->Temporary Internet Files folder emptied: 31792702 bytes ->Google Chrome cache emptied: 354874179 bytes ->Flash cache emptied: 30499860 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 49523 bytes RecycleBin emptied: 132597 bytes Total Files Cleaned = 398.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Lisa ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.54.1 log created on 07262012_232919 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. PendingFileRenameOperations files... [2012/07/26 23:33:10 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5 Registry entries deleted on Reboot...

#51 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 26 July 2012 - 04:52 PM

How about if I give you the right instructions? That might help a little huh? Type the following into the address box of your browser:

chrome:plugins

This will show all of the installed plugins in Chrome. Please find the plugin for Remote Viewer and disable it. You can then close Chrome.

Let me know if you are able to do that successfully please.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#52 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 26 July 2012 - 05:24 PM

After this last step, please go ahead and try the ESET scan again.



This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.


Go here to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.

~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#53 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 27 July 2012 - 10:01 AM

hi i managed to disable the Remote Viewer ive ran the eset scan twice but it hasnt produced a log, i have writen down what it found hope this is ok: C:/User\Lisa\Downloads\random\DTLite4452-0287.exe Win32/OpenCandy application

#54 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 27 July 2012 - 02:59 PM

That is likely a false positive and nothing to be worried about. Is the machine still behaving well?
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#55 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 29 July 2012 - 03:39 AM

The laptop running pretty well to be honest. Touch wood better than previously. Just wondering if I should run a few of the scans we ran on laptop on my pc. Only due to the simular behaviour. I downloaded the flash disinfecter on the pc and it prompted me to insert any USB devices. I am unable to do a full recovery on my pc,think its because of the hard drive replacement, I have nothing on it to do anything such as safemode,recovery etc. Think I can do it manually though but I have no clue for programming.

    Advertisements

Register to Remove


#56 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 29 July 2012 - 12:16 PM

ON THE LAPTOP:

The following will implement some cleanup procedures as well as reset System Restore points:
  • Click the Windows Key + R to open the Run box.
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Posted Image


Now to remove most of the tools that we have used in fixing your machine:
  • Run OTL.exe by right-clicking on the icon and choosing Run as Administrator
  • This time, click on the CleanUp button.

If you notice any remaining tools or files you can delete them by right clicking and choosing delete. You should keep Malwarebytes as it is a program you'll want to run regularly.



ON THE DESKTOP:

Please run a fresh OTL log and post the results so I can re-analyze them.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#57 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 31 July 2012 - 02:26 PM

Hi Sry for delay been none stop at work, just didn't want you to think I'd disappeared. My super hub has stopped working and the technician isn't available until Friday to replace it, so I'm just letting you know I can only contact you via my phone so can't download anything until then. Not sure if we have any connection with the hub going down but if they can hold viruses then it seems coincidence seeing as its brand new ;)

#58 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 31 July 2012 - 02:46 PM

No worries. Take your time. I'll leave the thread open for now. And it will be interesting to see if things are better when the hub is replaced. But we will still want to check the desktop for infections either way once you have connection again :)
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#59 lisafunkypants

lisafunkypants

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 03 August 2012 - 12:32 PM

hi im back, the pc is as bad as ever, if none of this works i was wondering if i wish to recover the pc back to its original state will i need to buy windows again?

OTL logfile created on: 03/08/2012 18:51:11 - Run 4
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Access Granted\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.48 Mb Total Physical Memory | 266.20 Mb Available Physical Memory | 26.01% Memory free
2.40 Gb Paging File | 1.35 Gb Available in Paging File | 56.04% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 79.05 Gb Free Space | 53.04% Space Free | Partition Type: NTFS

Computer Name: SN048919120306 | User Name: Access Granted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Access Granted\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
PRC - C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe ()
PRC - C:\WINDOWS\system32\slserv.exe (Smart Link)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdncoms.exe ( )
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12080300\algo.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\avutil-51.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\avformat-54.dll ()
MOD - C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll ()
MOD - C:\Program Files\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdnmsdmon.exe ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.monitor.core.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.monitor.common.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdndrs.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdnscw.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdncaps.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll ()
MOD - C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdndatr.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdncats.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\APPS\SKYPE\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeActiveFileMonitor10.0) -- C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (lxdnCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe ()
SRV - (SLService) -- C:\WINDOWS\System32\slserv.exe (Smart Link)
SRV - (lxdn_device) -- C:\WINDOWS\system32\lxdncoms.exe ( )
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\ACCESS~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RapportCerberus_34302) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ()
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\slnthal.sys (Smart Link)
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\slwdmsup.sys (Smart Link)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\slntamr.sys (Smart Link)
DRV - (NtMtlFax) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys (Smart Link)
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys (Smart Link)
DRV - (RecAgent) -- C:\WINDOWS\system32\drivers\RecAgent.sys (Smart Link)
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\mtlstrm.sys (Smart Link)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (vcsmpdrv) -- C:\WINDOWS\system32\drivers\vcsmpdrv.sys (H+H Software GmbH)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 2C 29 F7 5E 1A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...amp;Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/26 13:01:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 17:53:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/01 21:19:19 | 000,000,000 | ---D | M]

[2012/07/08 22:06:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/24 11:18:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g
oogle:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1451_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Documents and Settings\Access Granted\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/19 22:22:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! EasyPass Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! EasyPass Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [lxdnamon] C:\Program Files\Lexmark 2600 Series\lxdnamon.exe ()
O4 - HKLM..\Run: [lxdnmon.exe] C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - Startup: C:\Documents and Settings\Access Granted\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show avast! EasyPass Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra 'Tools' menuitem : Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342555031671 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A5780F9-9298-4B3F-BBAD-FA85CF37EE1F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\APPS\SKYPE\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Access Granted\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/27 12:08:36 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/03 18:42:50 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Access Granted\Desktop\OTL.exe
[2012/07/27 12:44:06 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Access Granted\Desktop\TDSSKiller.exe
[2012/07/27 12:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Access Granted\Desktop\my sounds
[2012/07/27 12:08:36 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2012/07/20 11:03:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/19 23:57:33 | 000,607,260 | ---- | C] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds1.scr
[2012/07/19 23:47:50 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds.scr
[2012/07/19 16:01:24 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Access Granted\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/17 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/07/17 21:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/07/15 16:51:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/15 16:51:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/15 16:51:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/15 16:51:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/15 16:51:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/15 16:46:23 | 004,582,475 | R--- | C] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\ComboFix.exe
[2012/07/15 13:33:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/08 07:19:18 | 000,065,752 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/07/07 15:57:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Access Granted\Recent
[2012/07/05 20:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/04 20:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Access Granted\Desktop\New Folder (2)

========== Files - Modified Within 30 Days ==========

[2012/08/03 19:12:19 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1491025595-1780334667-4173316225-1006UA.job
[2012/08/03 18:57:09 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/08/03 18:42:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Access Granted\Desktop\OTL.exe
[2012/08/03 18:32:50 | 000,000,126 | ---- | M] () -- C:\Documents and Settings\Access Granted\Desktop\OTL.url
[2012/08/03 17:12:08 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1491025595-1780334667-4173316225-1006Core.job
[2012/08/03 17:01:35 | 000,000,332 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/08/03 16:58:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/03 16:58:23 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 15:31:58 | 000,000,016 | ---- | M] () -- C:\InjectIntoProcess crash
[2012/08/03 14:57:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/03 14:57:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/03 14:22:45 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Access Granted\Desktop\Google Chrome.lnk
[2012/08/03 14:22:45 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/03 02:00:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-SN048919120306-Access Granted.job
[2012/08/02 11:38:25 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/31 12:55:19 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/29 11:11:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Access Granted\Desktop\TDSSKiller.exe
[2012/07/20 10:04:51 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/20 10:04:51 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 23:57:43 | 000,607,260 | ---- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds1.scr
[2012/07/19 23:48:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\dds.scr
[2012/07/19 22:22:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/19 21:58:46 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\ComboFix.exe
[2012/07/19 14:49:41 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Access Granted\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/14 23:56:41 | 003,723,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/14 23:51:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 14:18:13 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/07/09 14:18:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/07/09 14:17:26 | 001,074,636 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/07/08 07:19:18 | 000,065,752 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/07/04 20:37:43 | 000,043,604 | ---- | M] () -- C:\Documents and Settings\Access Granted\Desktop\toilet in the desert.jpg

========== Files Created - No Company Name ==========

[2012/08/03 18:32:50 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Access Granted\Desktop\OTL.url
[2012/07/16 18:16:33 | 000,000,016 | ---- | C] () -- C:\InjectIntoProcess crash
[2012/07/15 16:51:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/15 16:51:37 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/15 16:51:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/15 16:51:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/15 16:51:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/14 23:22:12 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/07/09 14:14:05 | 000,010,264 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/07/04 20:37:40 | 000,043,604 | ---- | C] () -- C:\Documents and Settings\Access Granted\Desktop\toilet in the desert.jpg
[2012/07/04 19:34:51 | 000,035,363 | ---- | C] () -- C:\Documents and Settings\Access Granted\Desktop\Copy of spiderman.jpg
[2012/06/30 21:55:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2012/06/30 21:54:56 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoin.dll
[2012/06/30 21:53:13 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2012/06/30 21:53:13 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2012/06/30 21:53:12 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2012/06/30 21:51:37 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2012/06/30 21:51:36 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2012/06/30 21:51:36 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2012/06/30 21:51:36 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2012/06/30 21:51:36 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2012/06/30 21:51:35 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2012/06/30 21:51:35 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2012/06/30 21:51:34 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2012/06/30 21:51:34 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2012/06/30 21:51:31 | 000,315,392 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnih.exe
[2012/06/30 21:51:30 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2012/06/30 21:51:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2012/06/30 21:51:25 | 000,589,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncoms.exe
[2012/06/30 21:51:24 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2012/06/30 21:51:23 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2012/06/30 21:51:23 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncfg.exe
[2012/04/25 16:14:36 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2012/03/29 22:17:54 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Access Granted\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 13:34:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/10 15:58:05 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 18:40:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/22 10:45:18 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/10/22 10:45:16 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/10/22 10:45:15 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/10/22 10:45:14 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/10/22 10:45:13 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/09/18 15:00:39 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Access Granted\ntuser.bak
[2011/08/08 11:34:01 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Access Granted\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/07/04 23:27:06 | 000,057,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/06/15 22:18:30 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/15 22:18:30 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/15 22:18:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/15 22:16:07 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/06/09 11:48:13 | 000,039,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2011/06/09 11:48:12 | 000,205,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2011/04/27 20:05:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2011/02/15 22:15:37 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Access Granted\Application Data\wklnhst.dat
[2011/01/21 18:41:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\iedit.INI
[2011/01/19 17:36:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/13 15:49:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/01/13 15:46:06 | 000,003,439 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2011/01/13 15:42:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/01/13 15:39:24 | 000,000,514 | ---- | C] () -- C:\WINDOWS\System32\SETUPPC.INI
[2011/01/13 15:33:42 | 000,007,584 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2011/01/13 15:32:28 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/13 15:17:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

========== LOP Check ==========

[2011/11/05 21:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Ashampoo
[2011/06/20 14:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Audacity
[2011/06/03 12:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Auslogics
[2011/08/28 18:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Boolat Games
[2012/07/19 21:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Canon
[2011/07/04 23:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/04 18:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/08 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\DDMSettings
[2011/10/19 19:38:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\ElevatedDiagnostics
[2011/08/23 16:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\go
[2011/05/26 19:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\GrabPro
[2011/03/26 13:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Leadertech
[2012/06/30 22:20:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Lexmark Productivity Studio
[2011/10/23 22:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\LibreOffice
[2011/06/20 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\NCH Swift Sound
[2011/01/20 22:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OD2
[2011/07/15 10:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OnlineArmor
[2011/06/23 12:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OpenCandy
[2011/10/23 22:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\OpenOffice.org
[2012/02/16 18:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Oracle
[2012/06/24 10:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Orbit
[2011/09/16 22:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\PhotoScape
[2011/05/26 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\ProgSense
[2011/09/18 08:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\QuickScan
[2012/07/01 21:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\RoboForm
[2011/10/17 22:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Spotify
[2011/10/17 20:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Systweak
[2011/02/15 22:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Template
[2011/09/14 21:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\TP
[2011/06/20 10:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Trusteer
[2011/01/19 22:45:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\Ulead Systems
[2011/05/31 12:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\WinPatrol
[2011/09/14 21:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Access Granted\Application Data\{90140011-0061-0409-0000-0000000FF1CE}
[2011/02/18 16:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/11/05 21:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/07/01 21:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/02/24 18:17:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/09/14 21:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2012/07/02 12:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
[2011/06/09 11:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/06/20 17:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/01/13 15:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OD2
[2011/06/09 12:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/11/01 19:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/07/01 21:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/06/20 10:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/01/13 15:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2011/01/13 15:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/09/14 21:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2011/04/25 22:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/08/07 22:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/01/30 15:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/08/03 17:01:35 | 000,000,332 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/01/13 15:28:50 | 000,000,210 | RHS- | M] () -- C:\BOOT.BAK
[2011/06/15 21:47:21 | 000,000,281 | -HS- | M] () -- C:\BOOT.INI
[2004/08/04 15:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2012/07/19 22:29:00 | 000,022,385 | ---- | M] () -- C:\ComboFix.txt
[2011/09/21 09:53:43 | 000,509,099 | ---- | M] () -- C:\DeQuarantine.txt
[2011/01/13 16:07:20 | 000,006,569 | ---- | M] () -- C:\DWNLOG.TXT
[2011/11/02 20:51:55 | 000,011,149 | ---- | M] () -- C:\HCT.Log
[2012/08/03 16:58:23 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/03 15:31:58 | 000,000,016 | ---- | M] () -- C:\InjectIntoProcess crash
[2011/01/13 15:31:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/01/13 15:33:19 | 000,000,886 | -H-- | M] () -- C:\IPH.PH
[2011/09/19 13:39:24 | 000,026,004 | ---- | M] () -- C:\JavaRa.log
[2011/04/27 23:55:48 | 005,748,345 | ---- | M] () -- C:\Lemmings.log
[2011/01/13 16:07:20 | 000,006,569 | ---- | M] () -- C:\MCDLOG.TXT
[2011/01/13 15:31:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 15:00:00 | 000,047,564 | ---- | M] () -- C:\NTDETECT.COM
[2011/01/29 20:01:49 | 000,250,048 | ---- | M] () -- C:\NTLDR
[2012/08/03 16:58:18 | 1609,801,728 | -HS- | M] () -- C:\pagefile.sys
[2012/07/04 21:46:45 | 000,011,614 | ---- | M] () -- C:\profile_43.txt
[2012/06/24 18:39:38 | 000,016,234 | ---- | M] () -- C:\RootRepeal report 06-24-12 (18-39-38).txt
[2012/07/27 12:48:10 | 000,186,006 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_27.07.2012_12.45.26_log.txt
[2011/01/13 16:07:20 | 000,000,000 | ---- | M] () -- C:\UPDFLOP.TAG

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/10 17:58:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/13 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/09/13 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/08/13 07:02:22 | 000,147,968 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdndrpp.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/06/28 13:52:20 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/10 17:46:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 17:46:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 17:46:06 | 000,847,872 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/01/29 20:05:59 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/29 20:18:17 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/10 18:04:54 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Access Granted\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2012/07/19 21:58:46 | 004,582,475 | R--- | M] (Swearware) -- C:\Documents and Settings\Access Granted\Desktop\ComboFix.exe
[2011/09/19 19:43:21 | 016,897,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Access Granted\Desktop\jre-6u27-windows-i586.exe
[2012/07/19 14:49:41 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Access Granted\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/03 18:42:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Access Granted\Desktop\OTL.exe
[2011/01/19 17:29:52 | 001,029,000 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\Access Granted\Desktop\SkypeSetup.exe
[2012/07/24 13:22:36 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Access Granted\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-07-14 22:51:49

< >

< End of report >

#60 patndoris

patndoris

    SuperMember

  • Malware Team
  • 2,593 posts

Posted 03 August 2012 - 04:49 PM

While I'm analyzing the OTL log let's go ahead and get rid of Remote viewer like we did on the laptop. I think that may have something to do with things here.

Type the following into the address box of your browser:

chrome:plugins

This will show all of the installed plugins in Chrome. Please find the plugin for Remote Viewer and disable it. You can then close Chrome.

Let me know if you are able to do that successfully and if that helps at all with your browsing please.
~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users