Need help to remove malware ism.sitescout.com

Dragonziggy · Jul 30, 2013

hi everyone

I need some assistance/advise/suggestions to remove it completely from Google Chrome and Firefox.
What I had done so far.
(1) I already used Malwarebytes and Spybot to try to remove it in Safe Mode but the ism.sitescout.com will occasionally popup when I am browsing.
(2) I had reset Firefox back to factory default & tested it to see if ism.sitescout.com will popup when I browse Wikipedia and it didnt.
(3) When I browse Wikipedia on Google Chrome to test if ism.sitescout.com will popup & it did. From my perspective ism.sitescout.com is still in my computer.
What is the next step from here?

DSTM (Dougie) · Jul 30, 2013

Hi and welcome to Computer Help Forums.
This one is a nasty one.

"Ism.sitescout.com is such a harmful item:
ism.sitescout.com is a parasitic browser hijacker
ism.sitescout.com may show numerous annoying advertisements
ism.sitescout.com is installed without your consent
ism.sitescout.com will replace (hijack) your browser homepage
ism.sitescout.com may spread lots of spyware and adware parasites
ism.sitescout.com violates your privacy and compromises your security"

One of our Malware Specialists will help you to get rid of it completely.
It will have to be removed from each browser/ Toolbar etc.

Please follow these initial instructions and post logs rather than link them.

http://computerhelpforums.net/threads/preparation-for-malware-removal-help.4818/

Dragonziggy · Jul 31, 2013

Here are my logs as follows

Dragonziggy · Jul 31, 2013

Malwarebytes' Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: 913073101

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

31-07-13 2:34:53 PM
mbam-log-2013-07-31 (14-34-53).txt

Scan type: Full scan (C:\|D:\|M:\|)
Objects scanned: 461474
Time elapsed: 1 hour(s), 22 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dragonziggy · Jul 31, 2013

OTL logfile created on: 31-07-13 3:09:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Prgm Files\Scan Malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MM-yy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.16% Memory free
4.23 Gb Paging File | 3.18 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 163.77 Gb Total Space | 101.42 Gb Free Space | 61.93% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.99 Gb Free Space | 11.64% Space Free | Partition Type: NTFS
Drive M: | 125.78 Gb Total Space | 30.92 Gb Free Space | 24.58% Space Free | Partition Type: NTFS

Computer Name: QUEEN | User Name: Queen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Prgm Files\Scan Malware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
PRC - C:\Prgm Files\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Prgm Files\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Prgm Files\Sphinx4Firewall\Windows7FirewallControl.exe (Sphinx Software)
PRC - C:\Prgm Files\Sphinx4Firewall\Windows7FirewallService.exe (Sphinx Software)
PRC - C:\Prgm Files\Eset40437\ekrn.exe (ESET)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Prgm Files\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Prgm Files\Spybot\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Prgm Files\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
PRC - C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Prgm Files\WinRAR\RarExt.dll ()
MOD - C:\Prgm Files\Stickies\shook45.dll ()

========== Services (SafeList) ==========

SRV - (BstHdLogRotatorSvc) -- C:\Program Files\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)
SRV - (BstHdAndroidSvc) -- C:\Program Files\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avast! Antivirus) -- C:\Prgm Files\Avast5\AvastSvc.exe (AVAST Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Windows7FirewallService) -- C:\Prgm Files\Sphinx4Firewall\Windows7FirewallService.exe (Sphinx Software)
SRV - (ekrn) -- C:\Prgm Files\Eset40437\ekrn.exe (ESET)
SRV - (SBSDWSCService) -- C:\Prgm Files\Spybot\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\WINDOWS\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\WINDOWS\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (BstHdDrv) -- C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BlueStack Systems)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ssudmdm) -- C:\WINDOWS\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) -- C:\WINDOWS\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nmwcdnsu) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (Epfwndis) -- C:\WINDOWS\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\System32\drivers\eamon.sys (ESET)
DRV - (AnyDVD) -- C:\WINDOWS\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (winusb) -- C:\WINDOWS\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (3xHybrid) -- C:\WINDOWS\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)
DRV - (ndiscm) -- C:\WINDOWS\System32\drivers\NetMotCM.sys (Motorola Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=73&bd=Pavilion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {A7C26D37-B68D-44B1-8D9B-24473D7BDD71}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{A7C26D37-B68D-44B1-8D9B-24473D7BDD71}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {A7C26D37-B68D-44B1-8D9B-24473D7BDD71}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A7C26D37-B68D-44B1-8D9B-24473D7BDD71}: "URL" = http://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Prgm Files\Real\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Prgm Files\Real\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Prgm Files\Real\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Prgm Files\VLC206\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Queen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Queen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Prgm Files\Avast5\WebRep\FF [2013-05-10 15:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Prgm Files\Firefox\components [2013-07-03 16:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Prgm Files\Firefox\plugins [2013-07-03 16:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: M:\aa Prgm Files\Thunberbird\components [2013-07-03 16:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: M:\aa Prgm Files\Thunberbird\plugins

[2010-02-10 21:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Queen\AppData\Roaming\mozilla\Extensions
[2010-02-10 21:11:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Queen\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Queen\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Queen\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Queen\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Prgm Files\Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Prgm Files\Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Prgm Files\Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Prgm Files\Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Prgm Files\Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Prgm Files\Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Prgm Files\Firefox\plugins\npqtplugin4.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Prgm Files\Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Prgm Files\Firefox\plugins\nprpjplug.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Prgm Files\VLC206\npvlc.dll
CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Queen\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Users\Queen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\Queen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: hosts = C:\Users\Queen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\crossrider
CHR - Extension: hosts = C:\Users\Queen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.23.3_0\

O1 HOSTS File: ([2013-07-30 22:43:16 | 000,450,349 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15461 more lines...
O2 - BHO: (hosts) - {11111111-1111-1111-1111-110311531182} - C:\Program Files\hosts\hosts-bho.dll (Alex)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Prgm Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Prgm Files\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Prgm Files\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Prgm Files\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\WINDOWS\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Prgm Files\Sphinx4Firewall\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Prgm Files\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Queen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Prgm Files\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Prgm Files\MSOffice2003\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Prgm Files\MSOffice2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Prgm Files\Spybot\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.134.49 61.9.133.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46CA9336-7796-498B-BE87-9D707E8DA590}: DhcpNameServer = 61.9.134.49 61.9.133.193
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD491508-0830-4366-ACBE-FDADBD2286CF}: DhcpNameServer = 192.168.42.129
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Alternative\Joshua & Lisa poster #9 copyright MW.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Alternative\Joshua & Lisa poster #9 copyright MW.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-06-28 07:15:12 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013-07-13 23:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2013-07-13 16:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\BlueStacks
[2013-07-13 16:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
[2013-07-13 16:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013-07-06 17:39:19 | 000,000,000 | ---D | C] -- C:\Users\Queen\AppData\Roaming\AVS4YOU
[2013-07-06 17:37:11 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxsw32.dll
[2013-07-06 17:37:10 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\System32\libmfxhw32.dll
[2013-07-06 17:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2013-07-06 17:36:20 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\GdiPlus.dll
[2013-07-06 17:36:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2013-07-06 17:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013-07-06 17:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2013-07-06 17:23:32 | 000,000,000 | ---D | C] -- C:\Users\Queen\AppData\Roaming\Python-Eggs
[2013-07-06 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Queen\AppData\Roaming\BitLord
[2013-07-06 17:18:43 | 000,000,000 | ---D | C] -- C:\Users\Queen\Documents\BitLord
[2013-07-06 17:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitLord 2
[2013-07-06 17:17:27 | 000,000,000 | ---D | C] -- C:\Users\Queen\AppData\Roaming\eIntaller
[2013-07-06 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\Queen\AppData\Roaming\DownLite
[2013-07-06 16:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\hosts
[2013-07-03 16:38:36 | 000,000,000 | ---D | C] -- C:\Users\Queen\AppData\Local\Apple Computer
[2013-07-03 16:17:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013-07-03 16:17:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013-07-03 16:17:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013-07-03 16:17:09 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013-07-03 16:17:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013-07-03 16:17:06 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013-07-03 16:17:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013-07-03 16:17:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013-07-03 15:59:09 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013-07-03 15:59:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013-07-03 15:58:59 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013-07-03 15:58:50 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013-07-03 15:58:49 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013-07-03 15:58:49 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013-07-03 15:58:46 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013-07-03 15:58:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013-07-03 15:58:44 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
[2013-07-03 15:56:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013-07-03 15:56:03 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-07-31 15:08:31 | 000,003,484 | ---- | M] () -- C:\Windows\WINCMD.INI
[2013-07-31 15:00:56 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-07-31 15:00:56 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-07-31 14:07:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013-07-31 14:07:21 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013-07-31 10:52:17 | 000,002,541 | ---- | M] () -- C:\Users\Queen\Desktop\Word 2003.lnk
[2013-07-31 10:20:58 | 000,002,044 | ---- | M] () -- C:\Users\Queen\Desktop\Google Chrome.lnk
[2013-07-31 10:07:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-07-31 10:07:07 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2013-07-31 09:54:00 | 000,393,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-07-31 09:19:46 | 000,000,196 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2013-07-30 22:43:16 | 000,450,349 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013-07-30 20:41:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-07-28 22:27:39 | 000,450,349 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130730-224316.backup
[2013-07-28 22:21:50 | 000,450,349 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130728-222739.backup
[2013-07-28 14:43:13 | 000,002,539 | ---- | M] () -- C:\Users\Queen\Desktop\Excel 2003.lnk
[2013-07-27 21:10:14 | 000,001,490 | ---- | M] () -- C:\Users\Queen\.recently-used.xbel
[2013-07-27 21:09:37 | 000,018,073 | ---- | M] () -- C:\Windows\CSTBox.INI
[2013-07-21 20:40:43 | 000,053,760 | ---- | M] () -- C:\Users\Queen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013-07-18 14:30:23 | 000,000,408 | ---- | M] () -- C:\Users\Queen\Desktop\LAN Internet Connection.lnk
[2013-07-06 17:32:51 | 000,024,638 | ---- | M] () -- C:\Users\Queen\AppData\Local\recently-used.xbel
[2013-07-06 01:00:20 | 000,449,864 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130728-222150.backup
[2013-07-03 16:27:10 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013-07-03 16:27:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-07-31 09:53:41 | 2145,869,824 | -HS- | C] () -- C:\hiberfil.sys
[2013-07-31 09:19:46 | 000,000,196 | ---- | C] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2013-07-27 21:10:14 | 000,001,490 | ---- | C] () -- C:\Users\Queen\.recently-used.xbel
[2013-07-18 14:30:23 | 000,000,408 | ---- | C] () -- C:\Users\Queen\Desktop\LAN Internet Connection.lnk
[2013-07-06 17:32:51 | 000,024,638 | ---- | C] () -- C:\Users\Queen\AppData\Local\recently-used.xbel
[2013-06-13 15:26:05 | 000,000,076 | ---- | C] () -- C:\Users\Queen\.gtk-bookmarks
[2013-03-07 22:06:00 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013-03-07 22:05:59 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012-12-18 09:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012-12-18 09:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012-12-18 09:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012-12-18 09:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012-12-18 09:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010-10-14 14:39:27 | 000,545,440 | ---- | C] () -- C:\Users\Queen\VISA statement 7Aug-6Sept'1.2010_10_14_15_39_27.0
[2010-08-01 01:55:32 | 000,000,680 | ---- | C] () -- C:\Users\Queen\AppData\Local\d3d9caps.dat
[2009-12-04 10:58:53 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009-12-04 10:58:26 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009-11-26 20:34:38 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009-09-05 14:34:00 | 000,053,760 | ---- | C] () -- C:\Users\Queen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-07-29 14:25:50 | 000,000,000 | ---- | C] () -- C:\Users\Queen\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006-11-02 22:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 03:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009-08-25 22:44:19 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\ACD Systems
[2013-07-13 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Audacity
[2012-06-20 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\avidemux
[2013-07-06 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\BitLord
[2013-07-27 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Canon
[2012-05-05 12:58:47 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\CasaPortale.de
[2013-07-06 16:50:21 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\DownLite
[2012-11-22 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Dropbox
[2013-06-23 12:34:58 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\DVDVideoSoft
[2013-07-06 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\eIntaller
[2013-06-29 22:23:02 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\gtk-2.0
[2012-03-23 22:34:23 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\HandBrake
[2009-08-25 21:06:32 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Inkscape
[2009-10-16 21:14:53 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Leadertech
[2009-10-24 14:57:03 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Nokia
[2012-08-16 22:55:50 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\PandoraRecovery
[2010-03-25 21:04:21 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\PC Suite
[2013-07-06 17:23:32 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Python-Eggs
[2013-02-15 21:44:49 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Samsung
[2013-07-31 10:08:12 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\stickies
[2009-07-29 14:27:29 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Template
[2010-02-10 21:11:17 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\Thunderbird
[2012-04-09 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\Queen\AppData\Roaming\VistaCodecs

========== Purity Check ==========

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: SCSI
Media Type: Fixed hard disk media
Model: ST3320820AS
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic USB SD Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic USB CF Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic USB SM Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic USB MS Reader USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 164.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 126.00GB
Starting Offset: 175849340928
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 9.00GB
Starting Offset: 310907358720
Hidden sectors: 0

< %SYSTEMDRIVE%\*.* >
[2007-06-28 07:15:12 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009-04-10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007-06-28 07:19:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012-03-11 14:10:21 | 000,000,010 | RHS- | M] () -- C:\config.sys
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007-11-07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007-11-07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007-11-07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007-11-07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013-07-31 10:07:07 | 2145,869,824 | -HS- | M] () -- C:\hiberfil.sys
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007-11-07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007-11-07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007-11-07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007-11-07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007-11-07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007-11-07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007-11-07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007-11-07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007-11-07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009-07-28 21:37:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-07-28 21:37:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013-07-31 10:07:06 | 2459,709,440 | -HS- | M] () -- C:\pagefile.sys
[2007-06-28 06:44:37 | 000,000,471 | ---- | M] () -- C:\RHDSetup.log
[2007-11-07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007-11-07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007-11-07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012-03-11 15:32:55 | 000,134,976 | ---- | M] () -- C:\wubildr
[2012-03-11 15:32:53 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[1 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006-11-02 19:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\Spool\prtprocs\w32x86\CNBPP3.DLL
[2006-11-02 22:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2004-03-22 15:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\mdippr.dll
[2006-10-27 12:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006-11-02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2009-08-18 23:07:46 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Prgm Files\Firefox\uninstall\helper.exe" /HideShortcuts [2013-06-29 17:58:59 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Prgm Files\Firefox\uninstall\helper.exe" /ShowShortcuts [2013-06-29 17:58:59 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Prgm Files\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013-06-29 17:58:59 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Prgm Files\Firefox\firefox.exe [2013-06-29 17:59:01 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Prgm Files\Firefox\firefox.exe" -preferences [2013-06-29 17:59:01 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Prgm Files\Firefox\firefox.exe" -safe-mode [2013-06-29 17:59:01 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012-06-28 12:35:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012-06-28 12:35:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012-06-28 12:35:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013-05-17 09:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013-05-17 09:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Prgm Files\Firefox\uninstall\helper.exe" /HideShortcuts [2013-06-29 17:58:59 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Prgm Files\Firefox\uninstall\helper.exe" /ShowShortcuts [2013-06-29 17:58:59 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Prgm Files\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013-06-29 17:58:59 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Prgm Files\Firefox\firefox.exe [2013-06-29 17:59:01 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Prgm Files\Firefox\firefox.exe" -preferences [2013-06-29 17:59:01 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Prgm Files\Firefox\firefox.exe" -safe-mode [2013-06-29 17:59:01 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Queen\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-25 10:49:49 | 000,846,288 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012-06-28 12:35:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012-06-28 12:35:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012-06-28 12:35:01 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013-05-17 09:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013-05-17 09:34:33 | 000,757,400 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\WINDOWS:3F86CA71FA345956
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

< End of report >

Dragonziggy · Jul 31, 2013

OTL Extras logfile created on: 31-07-13 3:09:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Prgm Files\Scan Malware
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: dd-MM-yy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.16% Memory free
4.23 Gb Paging File | 3.18 Gb Available in Paging File | 75.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 163.77 Gb Total Space | 101.42 Gb Free Space | 61.93% Space Free | Partition Type: NTFS
Drive D: | 8.53 Gb Total Space | 0.99 Gb Free Space | 11.64% Space Free | Partition Type: NTFS
Drive M: | 125.78 Gb Total Space | 30.92 Gb Free Space | 24.58% Space Free | Partition Type: NTFS

Computer Name: QUEEN | User Name: Queen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Prgm Files\Notepad+\Notepad.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Prgm Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Prgm Files\MSOffice2003\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Prgm Files\MSOffice2003\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\PRGMFI~1\NOTEPA~1\Notepad.exe "%1" ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Prgm Files\VLC206\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Prgm Files\VLC206\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C25248E-B77C-4D2A-BC0C-A77B960EF5FB}" = protocol=17 | dir=in | app=c:\users\queen\appdata\roaming\dropbox\bin\dropbox.exe |
"{4C3B4599-8479-48C9-BF39-4394003DF46C}" = protocol=17 | dir=in | app=c:\program files\bitlord 2\bitlord files\bitlord.exe |
"{4C79715A-2102-4DC1-AFB9-76CDF7CCDE88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{592C5227-1B17-4C20-BB39-3CF08B43DF6D}" = protocol=6 | dir=in | app=c:\program files\bitlord 2\bitlord files\bitlord.exe |
"{85480F5A-2E12-4709-9382-A5DA2C3A3C86}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E2037337-EA05-4816-97A4-15FB983BB139}" = protocol=6 | dir=in | app=c:\users\queen\appdata\roaming\dropbox\bin\dropbox.exe |
"{F3916E2B-E851-4663-8786-FD8427B34645}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{110BAFC4-4852-4A7A-9AC4-4623A9BF1DDE}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{3DB7767B-492A-4BE6-9232-F7E0EC61DA51}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{79AF22AB-C42C-431E-8292-75ABB5019792}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{8310C1EE-0904-4AC1-AE04-F2DD8BA52E6B}C:\prgm files\real\realplay.exe" = protocol=6 | dir=in | app=c:\prgm files\real\realplay.exe |
"TCP Query User{97D4EE91-4955-41F9-8FD7-A17805FE2CC2}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{E204C5D9-0697-48C1-9D50-2C94E3A4248D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{FCA666A0-BF0B-48C1-BF0D-B63CFDE5706D}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{00A81D79-620C-4F08-89DF-078CE8A521E8}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{1DA03546-B401-4E0B-B0ED-C0EC77D8CA35}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{27D84F3A-DF81-47BF-8956-22A51877218E}C:\prgm files\real\realplay.exe" = protocol=17 | dir=in | app=c:\prgm files\real\realplay.exe |
"UDP Query User{319022D1-B010-4C82-8276-2EE8BC8D1B7D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{36284290-DDAB-477E-B7FB-A95DD5BD5AFE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{84C66F15-FE06-47AA-8913-9FAE8690E823}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{D6736B1A-DD2F-4AA6-B4B3-57B1BBBE0E6B}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 25
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser HD Edition
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{74C85607-9668-4F88-B1D5-244889192DFC}" = BlueStacks Notification Center
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D9ECEE0-3F15-48AF-815B-5FCFC022495B}" = Resize My Pictures
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF5E8D43-49AD-4BE7-A941-2BB0A8CACA62}" = ACDSee 5.0 Standard
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aktiv MP3 Recorder" = Aktiv MP3 Recorder
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BitLord" = BitLord 2.3
"BlueStacks App Player" = BlueStacks App Player
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.6.221
"Free AVI Video Converter_is1" = Free AVI Video Converter version 5.0.25.610
"Free Video to BlackBerry Converter_is1" = Free Video to BlackBerry Converter version 5.0.13.608
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.17
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.3.610
"HandBrake" = HandBrake 0.9.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hosts" = hosts
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"Inkscape" = Inkscape 0.48.0
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder
"King's Quest 2 VGA" = King's Quest 2 VGA
"King's Quest 2 VGA Speech Pack" = King's Quest 2 VGA Speech Pack
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"Mozilla Thunderbird 17.0.7 (x86 en-US)" = Mozilla Thunderbird 17.0.7 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PandoraRecovery" = PandoraRecovery (Remove Only)
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"QuicktimeAlt_is1" = QuickTime Alternative 2.8.0
"RealPlayer 6.0" = RealPlayer
"Stickies 6.7a" = Stickies 6.7a
"SugarSync" = SugarSync Manager
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.6
"Windows7FirewallControl_is1" = Windows7FirewallControl (i386) 4.0.144.38
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR archiver
"Wubi" = Ubuntu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23-12-12 9:38:49 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:49 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:53 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:53 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:56 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:56 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:56 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:38:56 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:39:00 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:39:00 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:39:03 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

Error - 23-12-12 9:39:03 AM | Computer Name = Queen | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 30-07-13 8:24:18 AM | Computer Name = Queen | Source = Service Control Manager | ID = 7001
Description =

Error - 30-07-13 8:24:18 AM | Computer Name = Queen | Source = Service Control Manager | ID = 7001
Description =

Error - 30-07-13 8:24:18 AM | Computer Name = Queen | Source = Service Control Manager | ID = 7001
Description =

Error - 30-07-13 8:37:34 AM | Computer Name = Queen | Source = DCOM | ID = 10005
Description =

Error - 30-07-13 7:53:55 PM | Computer Name = Queen | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 30-07-13 7:54:11 PM | Computer Name = Queen | Source = Service Control Manager | ID = 7000
Description =

Error - 30-07-13 7:54:11 PM | Computer Name = Queen | Source = Service Control Manager | ID = 7023
Description =

Error - 30-07-13 8:07:16 PM | Computer Name = Queen | Source = Microsoft-Windows-TaskScheduler | ID = 412
Description =

Error - 30-07-13 8:07:37 PM | Computer Name = Queen | Source = Service Control Manager | ID = 7000
Description =

Error - 30-07-13 8:07:37 PM | Computer Name = Queen | Source = Service Control Manager | ID = 7023
Description =

< End of report >

Dragonziggy · Jul 31, 2013

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-31 16:35:38
-----------------------------
16:35:38.880 OS Version: Windows 6.0.6002 Service Pack 2
16:35:38.880 Number of processors: 2 586 0xF02
16:35:38.895 ComputerName: QUEEN UserName: Queen
16:35:40.767 Initialize success
16:35:47.101 AVAST engine defs: 13073001
16:37:35.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:37:35.287 Disk 0 Vendor: ST332082 3.CH Size: 305245MB BusType: 3
16:37:35.365 Disk 0 MBR read successfully
16:37:35.380 Disk 0 MBR scan
16:37:35.380 Disk 0 unknown MBR code
16:37:35.396 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 167702 MB offset 63
16:37:35.412 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 128801 MB offset 343455744
16:37:35.443 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 8738 MB offset 607240935
16:37:35.474 Disk 0 scanning sectors +625137345
16:37:35.599 Disk 0 scanning C:\Windows\system32\drivers
16:37:48.781 Service scanning
16:38:07.657 Modules scanning
16:38:13.023 Disk 0 trace - called modules:
16:38:13.039 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
16:38:13.039 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864f71b8]
16:38:13.054 3 CLASSPNP.SYS[88fa48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x859dc030]
16:38:13.803 AVAST engine scan C:\Windows
16:38:16.861 AVAST engine scan C:\Windows\system32
16:40:29.352 AVAST engine scan C:\Windows\system32\drivers
16:40:53.734 AVAST engine scan C:\Users\Queen
16:44:14.553 AVAST engine scan C:\ProgramData
16:46:17.996 Scan finished successfully
16:51:02.441 Disk 0 MBR has been saved successfully to "M:\My Documents\Downloads\MBR.dat"
16:51:02.456 The log file has been saved successfully to "M:\My Documents\Downloads\aswMBR.txt"

starbuck · Jul 31, 2013

Hi Dragonziggy,

A little work for you.....

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, BitLord, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

Step 1
Please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.

Open Spybot and click on 'Mode' then click 'Advanced Mode'.

Click on 'Tools' in bottom left hand corner.

Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.

Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.

Reboot the computer.

We no longer recommend Spybot as a means of malware removal.
MBAM is a much better program and is updated more frequently.
As you already have MBAM on your system, Spybot isn't really needed anyway.

Step 2
Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (Anti Virus/Anti Malware programs)

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Step 3
If the following Otl fix freezes, you will have to uninstall MBAM.... run the fix again and then reinstall MBAM once the Otl fix has finished.
This is a known problem on some systems. (it may not happen, but at least you are aware)

Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section at the bottom)
Code:
:otl
PRC - C:\Prgm Files\Eset40437\ekrn.exe (ESET)
SRV - (ekrn) -- C:\Prgm Files\Eset40437\ekrn.exe (ESET)
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (Epfwndis) -- C:\WINDOWS\System32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\System32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\System32\drivers\eamon.sys (ESET)
O2 - BHO: (hosts) - {11111111-1111-1111-1111-110311531182} - C:\Program Files\hosts\hosts-bho.dll (Alex)
O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE File not found
[2013-07-06 16:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\hosts
@Alternate Data Stream - 72 bytes -> C:\WINDOWS:3F86CA71FA345956
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8CE646EE

:Files
C:\Prgm Files\Eset40437
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]
Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

In your next reply, please submit:
JRT.txt
Otl fix report

Thanks.

Dragonziggy · Aug 1, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Queen on 01-08-13 at 15:48:02.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{4d076ab4-7562-427a-b5d2-bd96e19dee56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{826d7151-8d99-434b-8540-082b8c2ae556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\interface\{66eef543-a9ac-4a9d-aa3c-1ed148ac8eee}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\typelib\{11549fe4-7c5a-4c17-9fc3-56fc5162a994}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0035382.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311531182}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322532282}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355535582}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366536682}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\CrossriderApp0035382.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Queen\appdata\local\{5E2DC775-0D9A-4AE3-86F7-10E1B5A58F4B}
Successfully deleted: [Empty Folder] C:\Users\Queen\appdata\local\{DFA4F9D8-3029-4CA3-B436-7A7FC4CF8B5E}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-08-13 at 15:51:35.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dragonziggy · Aug 1, 2013

All processes killed
========== OTL ==========
Process ekrn.exe killed successfully!
Error: Unable to stop service ekrn!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ekrn deleted successfully.
C:\Prgm Files\Eset40437\ekrn.exe moved successfully.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys File not found not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys File not found not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys File not found not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys File not found not found.
Service Epfwndis stopped successfully!
Service Epfwndis deleted successfully!
File move failed. C:\WINDOWS\System32\drivers\epfwndis.sys scheduled to be moved on reboot.
Error: Unable to stop service epfw!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\epfw deleted successfully.
File move failed. C:\WINDOWS\System32\drivers\epfw.sys scheduled to be moved on reboot.
Error: Unable to stop service ehdrv!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehdrv deleted successfully.
File move failed. C:\WINDOWS\System32\drivers\ehdrv.sys scheduled to be moved on reboot.
Error: Unable to stop service eamon!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon deleted successfully.
File move failed. C:\WINDOWS\System32\drivers\eamon.sys scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\ not found.
C:\Program Files\hosts\hosts-bho.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KBD deleted successfully.
C:\Program Files\hosts folder moved successfully.
ADS C:\WINDOWS:3F86CA71FA345956 deleted successfully.
ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.
========== FILES ==========
C:\Prgm Files\Eset40437 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Prgm Files\Scan Malware\cmd.bat deleted successfully.
C:\Prgm Files\Scan Malware\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 82666 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Public

User: Queen
->Temp folder emptied: 2760569 bytes
->Temporary Internet Files folder emptied: 9285841 bytes
->Java cache emptied: 873194 bytes
->FireFox cache emptied: 18773685 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 506 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1657427391 bytes

Total Files Cleaned = 1,612.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 08012013_155717

Files\Folders moved on Reboot...
C:\WINDOWS\System32\drivers\epfwndis.sys moved successfully.
C:\WINDOWS\System32\drivers\epfw.sys moved successfully.
C:\WINDOWS\System32\drivers\ehdrv.sys moved successfully.
C:\WINDOWS\System32\drivers\eamon.sys moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Dragonziggy · Aug 1, 2013

To Starbuck. Thanks

starbuck · Aug 1, 2013

Hi Dragonziggy,

Sorry i forgot to add this to the last post:

Please remove:
Java(TM) 6 Update 31 .... (This is an old version and should have been removed when the latest version was installed)
Once removed, reboot the system.

Do Not remove Java 7 Update 25 as this is the latest version.

How is the system running now?

Dragonziggy · Aug 3, 2013

Hi Starbuck
Java(TM) 6 Update 31 - uninstalled done.
My system is running fine.

The Ism.sitescout.com (Ism) popup is gone. Before I did what you instructed, I resetted Firefox to default settings, after resetting Firefox the Ism stopped poping up & my system ran fine. My goal with asking assistance in the forum was to ensure no residual left with Ism after resetting Firefox.

After removing Ism with your instructions, my system is running fine similar to when Firefox was resetted, should I be keeping an eye out for Ism popup in Firefox to ensure this malware is completely removed?

After doing what you instructed I haven't run Google Chrome to see if Ism will popup.

Should Google Chrome be uninstalled since I rarely use it?

Thanks

starbuck · Aug 4, 2013

Hi Dragonziggy,

Should Google Chrome be uninstalled since I rarely use it?
Click to expand...

Entirely up to you.
I personally use Firefox as my main browser, with IE occasionally ( some sites still work better with IE )

These types of infections can also add other things as well, so we should really run an online scan to double check for this.

I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
http://www.eset.com/us/online-scanner

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer.
Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked

Click the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Click , and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply.

Click the button.

Click

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology