Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI Virus
Message
<blockquote data-quote="Semloh" data-source="post: 97002" data-attributes="member: 4807"><p>No malwarebuyes results (run time 13 error)</p><p></p><p>OTLPE log:</p><p>OTL logfile created on: 1/15/2013 7:46:00 PM - Run </p><p>OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE</p><p>Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free</p><p>2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 280.03 Gb Total Space | 65.83 Gb Free Space | 23.51% Space Free | Partition Type: NTFS</p><p>Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS</p><p> </p><p>Computer Name: REATOGO | User Name: SYSTEM</p><p>Boot Mode: Normal | Scan Mode: All users</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p>Using ControlSet: ControlSet002</p><p> </p><p><span style="color: #E56717">========== Win32 Services (SafeList) ==========</span></p><p> </p><p>SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)</p><p>SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)</p><p>SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (qzfxsafu) -- File not found</p><p>DRV - (NwlnkFwd) -- File not found</p><p>DRV - (NwlnkFlt) -- File not found</p><p>DRV - (IpInIp) -- File not found</p><p>DRV - (esgiguard) -- File not found</p><p>DRV - (catchme) -- File not found</p><p>DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)</p><p>DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)</p><p>DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)</p><p>DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)</p><p>DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)</p><p>DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDzy0CtDyDyEtCtB0AtAzytN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1239308023</p><p> </p><p> </p><p>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p>IE - HKU\Dad_ON_C\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/</p><p>IE - HKU\Dad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/</p><p>IE - HKU\Dad_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1</p><p>IE - HKU\Dad_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)</p><p>IE - HKU\Dad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKU\Dad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local</p><p> </p><p> </p><p> </p><p> </p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: </p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: </p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p> </p><p> </p><p> </p><p>O1 HOSTS File: ([2012/09/16 01:46:05 | 000,443,504 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: 127.0.0.1 www.007guard.com</p><p>O1 - Hosts: 127.0.0.1 007guard.com</p><p>O1 - Hosts: 127.0.0.1 008i.com</p><p>O1 - Hosts: 127.0.0.1 www.008k.com</p><p>O1 - Hosts: 127.0.0.1 008k.com</p><p>O1 - Hosts: 127.0.0.1 www.00hq.com</p><p>O1 - Hosts: 127.0.0.1 00hq.com</p><p>O1 - Hosts: 127.0.0.1 010402.com</p><p>O1 - Hosts: 127.0.0.1 www.032439.com</p><p>O1 - Hosts: 127.0.0.1 032439.com</p><p>O1 - Hosts: 127.0.0.1 www.0scan.com</p><p>O1 - Hosts: 127.0.0.1 0scan.com</p><p>O1 - Hosts: 127.0.0.1 www.1000gratisproben.com</p><p>O1 - Hosts: 127.0.0.1 1000gratisproben.com</p><p>O1 - Hosts: 127.0.0.1 1001namen.com</p><p>O1 - Hosts: 127.0.0.1 www.1001namen.com</p><p>O1 - Hosts: 127.0.0.1 100888290cs.com</p><p>O1 - Hosts: 127.0.0.1 www.100888290cs.com</p><p>O1 - Hosts: 127.0.0.1 www.100sexlinks.com</p><p>O1 - Hosts: 127.0.0.1 100sexlinks.com</p><p>O1 - Hosts: 127.0.0.1 www.10sek.com</p><p>O1 - Hosts: 127.0.0.1 10sek.com</p><p>O1 - Hosts: 127.0.0.1 www.1-2005-search.com</p><p>O1 - Hosts: 127.0.0.1 1-2005-search.com</p><p>O1 - Hosts: 15259 more lines...</p><p>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)</p><p>O4 - HKLM..\Run: [] File not found</p><p>O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()</p><p>O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)</p><p>O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)</p><p>O4 - Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found</p><p>O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\Dad_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\Dad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0</p><p>O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O7 - HKU\UpdatusUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present</p><p>O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)</p><p>O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)</p><p>O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()</p><p>O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()</p><p>O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()</p><p>O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)</p><p>O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)</p><p>O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)</p><p>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)</p><p>O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - File not found</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)</p><p>O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)</p><p>O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab (HTECtrl Class)</p><p>O16 - DPF: {82836898-30F4-4813-9A2F-120C012E44E7} http://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab (EonDownloadCenter Class)</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.)</p><p>O16 - DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} (local) (EonUISpace Class)</p><p>O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)</p><p>O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)</p><p>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1</p><p>O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKU\Dad_ON_C Winlogon: Shell - (C:\Users\Dad\AppData\Roaming\ldr.mcb) - C:\Users\Dad\AppData\Roaming\ldr.mcb ()</p><p>O20 - HKU\Dad_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg</p><p>O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]</p><p>O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]</p><p>O34 - HKLM BootExecute: (autocheck autochk *) - File not found</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = ComFile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/01/15 20:22:43 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys</p><p>[2013/01/15 19:05:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER</p><p>[2013/01/09 00:09:07 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys</p><p>[2013/01/09 00:08:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll</p><p>[2012/12/24 10:59:12 | 000,000,000 | ---D | C] -- C:\QHData-zhTW</p><p>[2012/12/24 10:59:11 | 000,000,000 | ---D | C] -- C:\QHData-zhCN</p><p>[2012/12/24 10:59:11 | 000,000,000 | ---D | C] -- C:\QHData-ruRU</p><p>[2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-koKR</p><p>[2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-frFR</p><p>[2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-esMX</p><p>[2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-esES</p><p>[2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-enUS</p><p>[2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-deDE</p><p>[2012/12/24 10:59:09 | 000,000,000 | ---D | C] -- C:\QHData-base</p><p>[2012/12/24 10:59:08 | 000,000,000 | ---D | C] -- C:\QuestHelper</p><p>[2012/12/23 04:01:03 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll</p><p>[2012/12/23 04:01:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll</p><p>[2012/12/22 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft</p><p>[2012/12/22 13:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net</p><p>[2010/12/31 09:56:10 | 058,540,784 | ---- | C] (Igor Pavlov) -- C:\Program Files\Garmin_HomePort_203.exe</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/15 20:22:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys</p><p>[2013/01/15 20:22:16 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/15 20:21:28 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/01/15 20:21:28 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/01/15 20:21:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat</p><p>[2013/01/15 20:21:13 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/01/14 23:00:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/14 22:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/14 22:41:58 | 000,605,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat</p><p>[2013/01/14 22:41:58 | 000,104,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat</p><p>[2013/01/14 22:21:08 | 000,001,995 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk</p><p>[2013/01/14 22:21:08 | 000,001,971 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk</p><p>[2013/01/12 02:28:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome</p><p>[2013/01/09 04:35:31 | 000,263,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2013/01/09 02:59:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe</p><p>[2013/01/09 02:59:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>[2012/12/29 23:49:18 | 000,000,949 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk</p><p>[2012/12/24 10:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2012/12/22 13:19:18 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk</p><p>[2012/12/22 13:19:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft</p><p>[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/15 20:21:13 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys</p><p>[2012/12/22 13:03:50 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk</p><p>[2012/09/15 15:48:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe</p><p>[2012/09/15 15:48:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe</p><p>[2012/09/15 15:48:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe</p><p>[2012/09/15 15:48:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe</p><p>[2012/09/15 15:48:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe</p><p>[2012/08/14 00:36:12 | 000,384,844 | ---- | C] () -- C:\Users\Dad\AppData\Local\funmoods-speeddial.crx</p><p>[2012/05/13 12:10:40 | 000,171,520 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\ldr.mcb</p><p>[2012/03/04 21:42:23 | 000,000,268 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\suinc.sns</p><p>[2012/01/17 23:39:04 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll</p><p>[2012/01/17 23:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll</p><p>[2011/08/16 16:04:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol</p><p>[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll</p><p>[2009/11/04 21:08:34 | 000,137,400 | ---- | C] () -- C:\Windows\HPHins15.dat</p><p>[2009/11/04 21:08:34 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat</p><p>[2009/09/10 20:16:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin</p><p>[2009/09/10 20:16:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll</p><p>[2009/09/09 02:22:19 | 000,123,904 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>[2009/08/23 09:50:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI</p><p>[2009/08/18 03:01:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin</p><p>[2009/08/15 20:26:38 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI</p><p>[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll</p><p>[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe</p><p>[2009/05/17 18:21:40 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001</p><p>[2009/05/17 18:21:39 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat</p><p>[2009/05/13 21:32:44 | 000,000,680 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat</p><p>[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll</p><p>[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll</p><p>[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll</p><p>[2008/08/11 18:40:24 | 000,324,440 | ---- | C] () -- C:\Windows\HTEWEB.DLL</p><p>[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat</p><p>[2006/11/02 07:47:37 | 000,263,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT</p><p>[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll</p><p>[2006/11/02 05:33:01 | 000,605,880 | ---- | C] () -- C:\Windows\System32\perfh009.dat</p><p>[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat</p><p>[2006/11/02 05:33:01 | 000,104,620 | ---- | C] () -- C:\Windows\System32\perfc009.dat</p><p>[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat</p><p>[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat</p><p>[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin</p><p>[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT</p><p>[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini</p><p>[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2012/11/23 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft</p><p>[2010/12/31 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\anpo.republika.pl</p><p>[2010/09/06 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\appeon</p><p>[2013/01/15 20:23:30 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Dropbox</p><p>[2010/12/31 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\fltk.org</p><p>[2010/12/31 15:20:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GARMIN</p><p>[2010/12/04 13:48:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\navionicsChartInstaller.Air.A3B2DB703D5E0A7ECA24FBD4B07176191EDD3C63.1</p><p>[2012/08/23 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\opencpn</p><p>[2009/10/03 09:50:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Panasonic</p><p>[2012/09/11 22:38:00 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Shareaza</p><p>[2010/10/01 22:31:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WinAVI</p><p>[2010/08/06 17:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Xilisoft</p><p>[2012/11/23 18:32:57 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1</p><p>[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data</p><p>[2012/11/23 15:36:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask</p><p>[2012/12/22 13:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net</p><p>[2009/12/20 19:16:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ</p><p>[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop</p><p>[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents</p><p>[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites</p><p>[2010/08/15 02:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\FileCure</p><p>[2010/12/31 10:01:48 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN</p><p>[2010/01/18 19:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\NovaRad</p><p>[2009/10/03 09:50:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic</p><p>[2011/01/05 23:47:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle</p><p>[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu</p><p>[2012/09/04 18:10:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer</p><p>[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates</p><p>[2011/03/05 03:10:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint</p><p>[2012/09/04 18:12:06 | 000,000,000 | ---D | M] -- C:\ProgramData\WeCareReminder</p><p>[2013/01/15 01:00:32 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p>< End of report ></p></blockquote><p></p>
[QUOTE="Semloh, post: 97002, member: 4807"] No malwarebuyes results (run time 13 error) OTLPE log: OTL logfile created on: 1/15/2013 7:46:00 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 96.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 280.03 Gb Total Space | 65.83 Gb Free Space | 23.51% Space Free | Partition Type: NTFS Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet002 [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (qzfxsafu) -- File not found DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (IpInIp) -- File not found DRV - (esgiguard) -- File not found DRV - (catchme) -- File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0EzytDzy0CtDyDyEtCtB0AtAzytN0D0Tzu0CtBtByCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1239308023 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Dad_ON_C\Software\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.yahoo.com/ IE - HKU\Dad_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ IE - HKU\Dad_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\Dad_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\Dad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Dad_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\System32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2012/09/16 01:46:05 | 000,443,504 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15259 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\UpdatusUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Dad_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Dad_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\UpdatusUser_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab (HTECtrl Class) O16 - DPF: {82836898-30F4-4813-9A2F-120C012E44E7} http://www.dsvanywhere.com/appeon/weblibrary_ax/ceondownloadcenter.cab (EonDownloadCenter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C1417ACD-9FFB-4B26-8060-ED6B55F04CCE} (local) (EonUISpace Class) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\Dad_ON_C Winlogon: Shell - (C:\Users\Dad\AppData\Roaming\ldr.mcb) - C:\Users\Dad\AppData\Roaming\ldr.mcb () O20 - HKU\Dad_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/15 20:22:43 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/01/15 19:05:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013/01/09 00:09:07 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/09 00:08:41 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012/12/24 10:59:12 | 000,000,000 | ---D | C] -- C:\QHData-zhTW [2012/12/24 10:59:11 | 000,000,000 | ---D | C] -- C:\QHData-zhCN [2012/12/24 10:59:11 | 000,000,000 | ---D | C] -- C:\QHData-ruRU [2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-koKR [2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-frFR [2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-esMX [2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-esES [2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-enUS [2012/12/24 10:59:10 | 000,000,000 | ---D | C] -- C:\QHData-deDE [2012/12/24 10:59:09 | 000,000,000 | ---D | C] -- C:\QHData-base [2012/12/24 10:59:08 | 000,000,000 | ---D | C] -- C:\QuestHelper [2012/12/23 04:01:03 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012/12/23 04:01:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012/12/22 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [2012/12/22 13:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2010/12/31 09:56:10 | 058,540,784 | ---- | C] (Igor Pavlov) -- C:\Program Files\Garmin_HomePort_203.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/15 20:22:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/01/15 20:22:16 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/15 20:21:28 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/15 20:21:28 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/15 20:21:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/15 20:21:13 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys [2013/01/14 23:00:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/14 22:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/14 22:41:58 | 000,605,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/01/14 22:41:58 | 000,104,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/01/14 22:21:08 | 000,001,995 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/14 22:21:08 | 000,001,971 | ---- | M] () -- C:\Users\Dad\Desktop\Google Chrome.lnk [2013/01/12 02:28:32 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/09 04:35:31 | 000,263,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/09 02:59:14 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/09 02:59:14 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/12/29 23:49:18 | 000,000,949 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/12/24 10:28:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/22 13:19:18 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/12/22 13:19:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/15 20:21:13 | 2146,754,560 | -HS- | C] () -- C:\hiberfil.sys [2012/12/22 13:03:50 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2012/09/15 15:48:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/09/15 15:48:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/09/15 15:48:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/09/15 15:48:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/09/15 15:48:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/08/14 00:36:12 | 000,384,844 | ---- | C] () -- C:\Users\Dad\AppData\Local\funmoods-speeddial.crx [2012/05/13 12:10:40 | 000,171,520 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\ldr.mcb [2012/03/04 21:42:23 | 000,000,268 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\suinc.sns [2012/01/17 23:39:04 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012/01/17 23:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011/08/16 16:04:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2009/11/04 21:08:34 | 000,137,400 | ---- | C] () -- C:\Windows\HPHins15.dat [2009/11/04 21:08:34 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat [2009/09/10 20:16:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/09/10 20:16:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/09 02:22:19 | 000,123,904 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/23 09:50:44 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/08/18 03:01:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009/08/15 20:26:38 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/05/17 18:21:40 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/05/17 18:21:39 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009/05/13 21:32:44 | 000,000,680 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008/08/11 18:40:24 | 000,324,440 | ---- | C] () -- C:\Windows\HTEWEB.DLL [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,263,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 000,605,880 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,104,620 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [color=#E56717]========== LOP Check ==========[/color] [2012/11/23 16:57:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft [2010/12/31 17:10:39 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\anpo.republika.pl [2010/09/06 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\appeon [2013/01/15 20:23:30 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Dropbox [2010/12/31 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\fltk.org [2010/12/31 15:20:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\GARMIN [2010/12/04 13:48:44 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\navionicsChartInstaller.Air.A3B2DB703D5E0A7ECA24FBD4B07176191EDD3C63.1 [2012/08/23 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\opencpn [2009/10/03 09:50:53 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Panasonic [2012/09/11 22:38:00 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Shareaza [2010/10/01 22:31:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WinAVI [2010/08/06 17:50:35 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Xilisoft [2012/11/23 18:32:57 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data [2012/11/23 15:36:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Ask [2012/12/22 13:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net [2009/12/20 19:16:43 | 000,000,000 | -H-D | M] -- C:\ProgramData\CanonBJ [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites [2010/08/15 02:45:52 | 000,000,000 | ---D | M] -- C:\ProgramData\FileCure [2010/12/31 10:01:48 | 000,000,000 | ---D | M] -- C:\ProgramData\GARMIN [2010/01/18 19:12:38 | 000,000,000 | ---D | M] -- C:\ProgramData\NovaRad [2009/10/03 09:50:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Panasonic [2011/01/05 23:47:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Pinnacle [2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu [2012/09/04 18:10:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer [2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates [2011/03/05 03:10:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Viewpoint [2012/09/04 18:12:06 | 000,000,000 | ---D | M] -- C:\ProgramData\WeCareReminder [2013/01/15 01:00:32 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
