Trying to Remove PricePeep Ads

N

Nickatnight

New Member
Thread author
May 20, 2013
5
OTL logfile created on: 5/20/2013 6:41:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marrier\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.54% Memory free
5.82 Gb Paging File | 4.90 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive E: | 69.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARRIER-0425E80 | User Name: Marrier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Marrier\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll ()
MOD - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\wincfi39.dll ()
MOD - C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Services (SafeList) ==========

SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe File not found
SRV - (Sleepy) -- C:\Program Files\Sleepy\service.exe File not found
SRV - (SDWSCService) -- C:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- C:\Program Files\Spybot File not found
SRV - (SDScannerService) -- C:\Program Files\Spybot File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (NSL) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\WINDOWS\system32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (dump_wmimmc) -- C:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys File not found
DRV - (hitmanpro37) -- C:\WINDOWS\system32\drivers\hitmanpro37.sys ()
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130515.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130520.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\VirusDefs\20130520.003\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130517.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symtdi.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ironx86.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\WINDOWS\system32\drivers\NIS\1403010.016\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ccSet_NST) -- C:\WINDOWS\system32\drivers\NST\0200000.010\ccSetx86.sys (Symantec Corporation)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (LADF_RenderOnly) -- C:\WINDOWS\system32\drivers\ladfGSRi386.sys (Logitech)
DRV - (LADF_CaptureOnly) -- C:\WINDOWS\system32\drivers\ladfGSCi386.sys (Logitech)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AtiHDAudioService) -- C:\WINDOWS\system32\drivers\AtihdXP3.sys (ATI Technologies, Inc.)
DRV - (LGVirHid) -- C:\WINDOWS\system32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\WINDOWS\system32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{04DA659F-89F0-4FDE-B413-86118C8649B8}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPCK_en
IE - HKCU\..\SearchScopes\{E6AF6939-8D25-4996-AA92-EA85F1BD3B43}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPCK_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://corner.bigblueinteractive.com/index.php"
FF - prefs.js..extensions.enabledAddons: plugin%40vfd.com:1.5
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: smarterwiki%40wikiatic.com:5.1.3
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%205
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.5.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: iobit@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.91
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: yyginstantplay@yoyogames.com:1.1.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}:3.6
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\coFFPlgn\ [2013/05/20 18:08:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPlgn\ [2013/03/04 16:23:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/19 15:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 15:49:22 | 000,000,000 | ---D | M]

[2012/02/15 21:32:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions
[2009/06/13 21:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/05/16 19:20:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions
[2012/05/23 16:47:40 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2012/08/24 20:03:34 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\plugin@vfd.com
[2013/04/05 16:26:23 | 000,361,682 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\smarterwiki@wikiatic.com.xpi
[2012/08/01 17:50:19 | 001,675,213 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}.xpi
[2012/12/30 17:18:43 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/05/08 15:43:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/20 18:08:14 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\COFFPLGN
[2013/03/04 16:23:51 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\IPSFFPLGN
[2013/04/13 16:52:07 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/30 14:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2012/08/29 18:22:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/04 15:47:57 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://corner.bigblueinteractive.com/index.php
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\Marrier\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16291 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Solitaire Games = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo\1.0.0.3_0\
CHR - Extension: Bubble Shooter -HD = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\
CHR - Extension: StumbleUpon = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.3.7.1_0\
CHR - Extension: Norton Identity Protection = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.3.19_0\

O1 HOSTS File: ([2013/05/06 14:38:38 | 000,445,361 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15296 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdmTask] C:\Program Files\AdmTask\admtask.exe (LexoSoft Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [StartupDelayer] C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher GUI.exe (r2 studios)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/06/14 15:05:45 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Value error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219106024718 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {994CF098-73ED-4C83-B227-B15F2A8D6177} https://www.d-life.com/D-Life//DLCUALibrary.cab (CTUADriverWrapperCtrl Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://cincinnati.connectge.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://cincinnati.connectge.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AABA5FE-995A-4EBB-9BAB-0AE8F49BE23D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Marrier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marrier\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 19:27:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/05/11 16:02:36 | 002,431,246 | ---- | M] () - C:\AutoRuns.arn -- [ NTFS ]
O32 - AutoRun File - [2011/11/05 13:52:32 | 000,049,648 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2012/09/10 09:16:28 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2012/09/10 09:16:28 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O32 - AutoRun File - [2003/11/19 06:16:26 | 000,000,056 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{20cebf6d-73c4-11dd-8229-0019d1987999}\Shell\AutoRun\command - "" = wscript.exe \SMRTNTKY\script.js
O33 - MountPoints2\{4d87a803-faf1-11dd-833b-0019d1987999}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bcc8dff9-1cd0-11de-836d-0019d1987999}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{bde3c206-f2d0-11df-8633-0019d1987999}\Shell\AutoRun\command - "" = F:\DPVSETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 17:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/05/19 15:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/19 15:48:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/16 19:27:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marrier\Recent
[2013/05/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/05/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marrier\Start Menu\Programs\Revo Uninstaller
[2013/05/06 12:13:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/06 12:13:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\WINDOWS\System32\sdnclean.exe
[2013/05/06 12:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/05/06 12:09:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/05/06 12:09:47 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/05/06 12:09:47 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/05/06 12:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/20 18:30:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/20 18:29:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 18:07:56 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 18:07:56 | 000,000,620 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/20 18:07:56 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2013/05/20 18:07:53 | 000,030,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/20 18:07:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/20 18:00:30 | 000,000,908 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/05/20 17:52:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1844237615-725345543-1004UA.job
[2013/05/20 17:00:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2013/05/20 13:52:00 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1844237615-725345543-1004Core.job
[2013/05/20 11:34:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/05/18 11:53:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/16 19:28:15 | 000,024,776 | ---- | M] () -- C:\Documents and Settings\Marrier\My Documents\cc_20130516_192812.reg
[2013/05/16 19:21:05 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Revo Uninstaller.lnk
[2013/05/15 19:09:13 | 000,001,360 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/05/15 18:15:08 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/15 18:10:59 | 000,433,574 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/15 18:10:59 | 000,068,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/15 18:01:50 | 000,000,616 | ---- | M] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/14 22:30:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/14 22:30:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/11 22:40:47 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Norton Installation Files.lnk
[2013/05/11 16:09:24 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 3.0.lnk
[2013/05/11 16:02:36 | 002,431,246 | ---- | M] () -- C:\AutoRuns.arn
[2013/05/11 10:44:47 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Microsoft Word.lnk
[2013/05/07 00:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/06 14:38:38 | 000,445,361 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2013/05/06 12:14:03 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/06 12:13:52 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013/05/06 12:06:21 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\Marrier\Desktop\Update Checker.lnk
[2013/05/06 12:04:22 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2013/05/06 12:03:36 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/05/04 11:39:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/20 18:07:53 | 000,030,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro37.sys
[2013/05/20 18:00:30 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/05/16 19:28:13 | 000,024,776 | ---- | C] () -- C:\Documents and Settings\Marrier\My Documents\cc_20130516_192812.reg
[2013/05/16 19:21:05 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\Revo Uninstaller.lnk
[2013/05/11 22:40:45 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\Marrier\Desktop\Norton Installation Files.lnk
[2013/05/06 12:14:02 | 000,000,620 | ---- | C] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/05/06 12:14:02 | 000,000,616 | ---- | C] () -- C:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/05/06 12:14:02 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/05/06 12:13:53 | 000,001,842 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/06 12:13:52 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
[2012/02/15 21:32:24 | 000,001,360 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/14 18:43:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/01 19:35:56 | 000,076,360 | ---- | C] () -- C:\WINDOWS\System32\ladfGSRCoinst_i386.dll
[2011/01/04 17:28:20 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/01/18 19:26:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marrier\Ÿ9Ÿ9
[2008/12/23 20:00:13 | 000,735,889 | ---- | C] () -- C:\Documents and Settings\Marrier\Application Data\pbsetup.zip
[2008/12/23 19:47:55 | 000,674,600 | ---- | C] () -- C:\Program Files\pbsvc.exe
[2008/12/23 18:22:16 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Marrier\Application Data\PnkBstrK.sys
[2008/12/23 02:47:15 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Marrier\__Call Of Duty 4 - Modern Warfare Multiplayer

========== ZeroAccess Check ==========

[2008/12/22 23:14:12 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/03/09 13:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/08/19 00:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/12/03 00:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/05/28 11:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2008/08/22 11:00:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2008/08/18 19:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/12/25 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2013/05/20 18:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/08/12 21:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ijjigame
[2010/11/27 12:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/12/25 22:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/12/06 19:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/02/14 13:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/11/16 21:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2011/04/18 20:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/11/21 20:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/12 21:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/10/12 12:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2012/02/01 20:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/12/05 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2009/12/19 22:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TelTel
[2009/03/17 21:51:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/30 17:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\utilinkl
[2009/03/18 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/08 19:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/29 18:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/03/18 14:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2009/06/09 20:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/19 00:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\acccore
[2009/08/27 17:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Amazon
[2010/12/03 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Ashampoo
[2010/12/03 00:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\BitTorrent
[2009/10/10 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Blitware
[2008/11/08 21:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/27 10:52:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\DeviceDoctorSoftware
[2011/09/22 19:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\FileZilla
[2009/06/08 18:41:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marrier\Application Data\ijjigame
[2011/09/21 08:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Juniper Networks
[2008/11/05 20:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Leadertech
[2009/07/23 20:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\LimeWire
[2011/08/19 16:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\LolClient
[2011/02/13 19:22:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Marine Aquarium 3
[2010/12/05 15:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\r2 Studios
[2009/11/23 17:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TeamViewer
[2009/12/19 22:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TelTel
[2010/03/15 19:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Tific
[2012/04/05 18:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\TS3Client
[2010/02/03 23:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\Uniblue
[2011/04/09 20:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\uTorrent
[2010/10/25 01:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\WeGame
[2008/11/08 21:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marrier\Application Data\zweitgeist

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
OTL Extras logfile created on: 5/20/2013 6:41:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Marrier\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.54% Memory free
5.82 Gb Paging File | 4.90 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 18.00 Gb Free Space | 24.16% Space Free | Partition Type: NTFS
Drive E: | 69.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARRIER-0425E80 | User Name: Marrier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57915:TCP" = 57915:TCP:*:Enabled:pando Media Booster
"57915:UDP" = 57915:UDP:*:Enabled:pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57915:TCP" = 57915:TCP:*:Enabled:pando Media Booster
"57915:UDP" = 57915:UDP:*:Enabled:pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"H:\Josh\SteamApps\common\alien swarm\srcds.exe" = H:\Josh\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:pando Media Booster -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHIN
 

Attachments

  • Screenshot.ppt
    403 KB · Views: 82
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply

 
Last edited by a moderator:
N

Nickatnight

New Member
Thread author
May 20, 2013
5
kuttus said:
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />
STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply
Click to expand...

# AdwCleaner v2.301 - Logfile created 05/20/2013 at 19:48:45
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Marrier - MARRIER-0425E80
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Marrier\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\StumbleUpon

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Marrier\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1031 octets] - [20/05/2013 19:48:45]

########## EOF - C:\AdwCleaner[S1].txt - [1091 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Marrier on Mon 05/20/2013 at 20:05:10.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Documents and Settings\Marrier\Application Data\mozilla\firefox\profiles\thtksfry.default\minidumps [14 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/20/2013 at 20:10:01.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Last edited by a moderator:
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Click on Start Menu ---> Control Panel --> Add/Remove Programs.
There you can see a list of programs installed on your computer. In that list you can see PricePeep ... Remove that one and restart your computer. After that check if you are getting any ads from PricePeep ....
 
N

Nickatnight

New Member
Thread author
May 20, 2013
5
I do not see PricePeep as a choice to remove. Could it be called something else (like : Pando Media Booster) ?
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code: 
:OTL
[2009/06/13 21:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2013/04/05 16:26:23 | 000,361,682 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\smarterwiki@wikiatic.c​om.xpi
[2012/08/01 17:50:19 | 001,675,213 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{1DEAE5AA-E19E-458b-9C8C-73CB651B9A58}.xpi
[2012/12/30 17:18:43 | 000,377,738 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/05/08 15:43:26 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Marrier\Application Data\Mozilla\Firefox\Profiles\thtksfry.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/13 16:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll File not found
[2010/01/18 19:26:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Marrier\Ÿ9Ÿ9




:commands
[emptytemp]
[reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
 
Last edited by a moderator:
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




STEP 2: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
 
Last edited by a moderator:

Similar threads

F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
2,355
Windows Malware Removal Help & Support
nasdaq
nasdaq
K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
2,501
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
2,282
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top