Jump to content

trojan dropper bcminer


Recommended Posts

Hello ijt12 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

I was able to restart my laptop again but OTL still isn't working. Here is a copy of the log from malwarebytes that I ran the other day, hopefully this will help.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)

Internet Explorer 9.0.8112.16421

Lil J :: LILJ-HP [administrator]

6/12/2012 5:33:52 PM

mbam-log-2012-06-12 (17-33-52).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 455145

Time elapsed: 1 hour(s), 44 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Ok here's the results of the scan. Also i've noticed 2 extra things on my desktop both say desktop.ini, is something I need to be worried about?

OTL logfile created on: 6/14/2012 7:08:53 PM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Lil J\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 81.35% Memory free

3.87 Gb Paging File | 3.52 Gb Available in Paging File | 91.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 216.47 Gb Total Space | 168.01 Gb Free Space | 77.62% Space Free | Partition Type: NTFS

Drive D: | 16.12 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: LILJ-HP | User Name: Lil J | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 19:04:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lil J\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/13 23:28:54 | 000,245,352 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2010/10/13 23:28:54 | 000,200,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2010/10/13 23:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)

SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV:64bit: - [2009/10/07 02:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV - [2012/06/01 15:21:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/08/10 11:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/30 17:51:13 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/10/13 23:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2010/10/13 23:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2010/10/13 23:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2010/10/13 23:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2010/10/13 23:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2010/10/13 23:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2010/10/13 23:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)

DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)

DRV:64bit: - [2010/02/04 22:06:00 | 001,093,152 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)

DRV:64bit: - [2009/10/07 09:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam S5500(UVC)

DRV:64bit: - [2009/10/07 09:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 02:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A0A61B8E-94D8-401E-A890-8352F326E712}

IE:64bit: - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql

IE:64bit: - HKLM\..\SearchScopes\{96DA4965-F60F-49AB-9B78-E2876CD7056A}: "URL" = http://en.wikipedia....ch={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{A0A61B8E-94D8-401E-A890-8352F326E712}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{F1BB949B-C7E7-4AF7-8B50-3E8BDB32CC3A}: "URL" = http://search.yahoo....psg&type=CPNTDF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1

IE - HKLM\..\SearchScopes,DefaultScope = {A0A61B8E-94D8-401E-A890-8352F326E712}

IE - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql

IE - HKLM\..\SearchScopes\{96DA4965-F60F-49AB-9B78-E2876CD7056A}: "URL" = http://en.wikipedia....ch={searchTerms}

IE - HKLM\..\SearchScopes\{A0A61B8E-94D8-401E-A890-8352F326E712}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\..\SearchScopes\{F1BB949B-C7E7-4AF7-8B50-3E8BDB32CC3A}: "URL" = http://search.yahoo....psg&type=CPNTDF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes,DefaultScope = {F1BB949B-C7E7-4AF7-8B50-3E8BDB32CC3A}

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{54D4AEC0-2C8D-43A8-A16B-293CFB045D6A}: "URL" = http://www.flickr.co...?q={searchTerms}

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{96DA4965-F60F-49AB-9B78-E2876CD7056A}: "URL" = http://en.wikipedia....ch={searchTerms}

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{A0A61B8E-94D8-401E-A890-8352F326E712}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{D089364B-E130-4784-9B6D-753C5A00B333}: "URL" = http://delicious.com...?p={searchTerms}

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{F1BB949B-C7E7-4AF7-8B50-3E8BDB32CC3A}: "URL" = http://search.yahoo....0520,6901,0,8,0

IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/09 18:52:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110223215719.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110223215719.dll (McAfee, Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()

O4 - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E69046-4B35-4ED2-BFB6-2CF003180388}: DhcpNameServer = 40.6.1.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF30FD3C-84DF-4322-87F0-C87946984EE8}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 19:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/06/14 19:03:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Lil J\Desktop\OTL.exe

[2012/06/12 17:31:31 | 000,000,000 | ---D | C] -- C:\Windows\pss

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/14 19:07:59 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk

[2012/06/14 19:05:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/14 19:05:31 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/14 19:04:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Lil J\Desktop\OTL.exe

[2012/06/12 17:31:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/12 17:31:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/12 17:14:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/12 14:25:53 | 000,006,512 | ---- | M] () -- C:\bootsqm.dat

[2012/06/09 22:15:12 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/09 16:36:33 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLil J.job

[2012/05/16 16:26:13 | 000,093,670 | ---- | M] () -- C:\Users\Lil J\Documents\VA Student Temporary Employment Program (STEP).pdf

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/13 20:53:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@

[2012/06/12 17:22:55 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@

[2012/06/12 14:25:53 | 000,006,512 | ---- | C] () -- C:\bootsqm.dat

[2012/06/09 22:15:12 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/01 15:21:08 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/01 15:20:16 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@

[2012/06/01 15:20:11 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@

[2012/06/01 15:20:10 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@

[2012/06/01 15:20:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@

[2012/06/01 15:20:10 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@

[2012/05/16 16:26:13 | 000,093,670 | ---- | C] () -- C:\Users\Lil J\Documents\VA Student Temporary Employment Program (STEP).pdf

[2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@

[2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@

[2011/03/09 18:32:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/01/07 23:32:54 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat

[2010/11/06 21:08:16 | 000,743,662 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/11 00:06:40 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini

[2010/07/10 23:02:49 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini

[2010/07/08 03:30:19 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2010/07/08 03:26:19 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2010/07/08 03:26:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/07/08 03:26:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/07/08 03:26:19 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2010/07/08 03:26:18 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2010/07/08 03:25:53 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010/07/08 03:25:53 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== LOP Check ==========

[2011/03/09 18:35:52 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\Leadertech

[2010/12/19 16:00:10 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\PlayFirst

[2012/04/20 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\Research In Motion

[2012/06/12 13:07:04 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\SoftGrid Client

[2010/11/06 21:09:17 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\TP

[2011/11/12 17:34:29 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\W Photo Studio Viewer

[2011/09/25 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\Lil J\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

[2011/12/05 05:28:11 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2011/03/10 14:13:08 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?B) -- C:\Windows\SysNative\륀B

[2011/03/10 14:13:08 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?B) -- C:\Windows\SysNative\륀B

< End of report >

OTL Extras logfile created on: 6/14/2012 7:08:53 PM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Lil J\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 81.35% Memory free

3.87 Gb Paging File | 3.52 Gb Available in Paging File | 91.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 216.47 Gb Total Space | 168.01 Gb Free Space | 77.62% Space Free | Partition Type: NTFS

Drive D: | 16.12 Gb Total Space | 2.33 Gb Free Space | 14.43% Space Free | Partition Type: NTFS

Computer Name: LILJ-HP | User Name: Lil J | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd

"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0

"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 29

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer

"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5

"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker

"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo

"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep™

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"Adobe AIR" = Adobe AIR

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"HP Photo Creations" = HP Photo Creations

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MSC" = McAfee SecurityCenter

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureDC" = Canon Utilities RemoteCapture DC

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"WT087328" = Blackhawk Striker 2

"WT087335" = Build-a-lot 2

"WT087342" = Dora's Carnival Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087373" = Jewel Quest 3

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087513" = Virtual Villagers - The Secret City

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WTA-2c16fc3c-1197-4bfe-a6a9-cd12a4689252" = Diner Dash

"WTA-8fe98940-5988-4d6e-ac8a-af85198369a2" = Diner Dash - Seasonal Snack Pack

"WTA-99656b9b-0c84-4ed6-8d20-14c5fac50379" = Bejeweled 3

"WTA-ac485c34-9412-4993-8a39-408a24446079" = Avenue Flo: Special Delivery

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Software Update" = Yahoo! Software Update

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/4/2012 12:14:36 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/4/2012 12:14:36 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/4/2012 12:14:36 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/5/2012 9:23:50 AM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/5/2012 12:28:52 PM | Computer Name = LilJ-HP | Source = CVHSVC | ID = 100

Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):

DownloadLatest Failed: There are currently no active network connections. Background

Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 6/5/2012 12:29:01 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/6/2012 7:04:16 PM | Computer Name = LilJ-HP | Source = System Restore | ID = 8193

Description =

Error - 6/6/2012 11:22:56 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 5:37:11 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 6/9/2012 5:47:15 PM | Computer Name = LilJ-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download....authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]

Error - 3/7/2012 11:07:43 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 3/7/2012 11:07:43 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 3/7/2012 11:58:05 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 3/7/2012 11:58:05 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 4/9/2012 6:01:09 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0] Message: The server did not provide a meaningful

reply; this might be caused by a contract mismatch, a premature session shutdown

or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String

action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]

outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage

methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage

message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 1978 Ram Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage)

Error - 4/30/2012 6:05:57 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 4/30/2012 6:05:57 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 6/6/2012 7:14:03 PM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 6/12/2012 11:37:39 AM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 6/12/2012 11:45:28 AM | Computer Name = LilJ-HP | Source = HPSF.exe | ID = 4000

Description =

[ HP Wireless Assistant Events ]

Error - 8/5/2011 11:06:48 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 9/13/2011 12:40:18 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 10/1/2011 4:19:49 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 10/20/2011 4:31:21 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 11/2/2011 8:36:32 AM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 11/10/2011 10:12:22 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 11/18/2011 8:41:21 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 12/9/2011 2:04:35 PM | Computer Name = LilJ-HP | Source = HP WA Service | ID = 0

Description = System.Runtime.InteropServices.COMException Call was canceled by the

message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at

System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,

IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object

o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String

hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1

radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 12/21/2011 5:40:23 PM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 12/24/2011 10:42:33 AM | Computer Name = LilJ-HP | Source = HP WA Application | ID = 0

Description = System.Exception HardwareAccess hasn't been instantiated properly.

at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

[ System Events ]

Error - 6/14/2012 8:06:25 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:06:28 PM | Computer Name = LilJ-HP | Source = DCOM | ID = 10005

Description =

Error - 6/14/2012 8:06:28 PM | Computer Name = LilJ-HP | Source = DCOM | ID = 10005

Description =

Error - 6/14/2012 8:06:29 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:06:30 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:06:30 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:06:30 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:06:30 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:06:30 PM | Computer Name = LilJ-HP | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 6/14/2012 8:10:01 PM | Computer Name = LilJ-HP | Source = DCOM | ID = 10005

Description =

< End of report >

Link to post
Share on other sites

Ok here's the results of the scan. Also i've noticed 2 extra things on my desktop both say desktop.ini, is something I need to be worried about?

This is because they were unhide. Don't worry about that.

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
    IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    [2012/06/13 20:53:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@
    [2012/06/12 17:22:55 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@
    [2012/06/01 15:20:16 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@
    [2012/06/01 15:20:11 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@
    [2012/06/01 15:20:10 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@
    [2012/06/01 15:20:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@
    [2012/06/01 15:20:10 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@
    [2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@
    [2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@

    :files
    C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [purity]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Here are the logs that you requested.

All processes killed

Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlIE - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqlIE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value foundIE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql[2012/06/13 20:53:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@[2012/06/12 17:22:55 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@[2012/06/01 15:20:16 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@[2012/06/01 15:20:11 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{0281> in the current context!

Error: Unable to interpret <5385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@[2012/06/01 15:20:10 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@[2012/06/01 15:20:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@[2012/06/01 15:20:10 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@[2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@[2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@:filesC:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}ipconfig /flushdns /c:Commands[emptytemp][purity][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.48.0 log created on 06152012_153319

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.15.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Lil J :: LILJ-HP [administrator]

6/15/2012 3:36:51 PM

mbam-log-2012-06-15 (15-36-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 218933

Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Your script was not activated properly. Every entrie should be on a new line. The script in OTL should looks like this:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-2509990142-1586556887-4078824275-1000\..\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
[2012/06/13 20:53:52 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@
[2012/06/12 17:22:55 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@
[2012/06/01 15:20:16 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@
[2012/06/01 15:20:11 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@
[2012/06/01 15:20:10 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@
[2012/06/01 15:20:10 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@
[2012/06/01 15:20:10 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@
[2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@
[2012/01/11 17:20:35 | 000,002,048 | -HS- | C] () -- C:\Users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@

:files
C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}
ipconfig /flushdns /c

:Commands
[emptytemp]
[purity]
[clearallrestorepoints]

Please repeat both steps.

Link to post
Share on other sites

Ok, hopefully I did it right this time. The logs are listed below.

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889F7530-20D7-404D-9C6B-29E632763DEA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889F7530-20D7-404D-9C6B-29E632763DEA}\ not found.

Registry value HKEY_USERS\S-1-5-21-2509990142-1586556887-4078824275-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.

Registry key HKEY_USERS\S-1-5-21-2509990142-1586556887-4078824275-1000\Software\Microsoft\Internet Explorer\SearchScopes\{889F7530-20D7-404D-9C6B-29E632763DEA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{889F7530-20D7-404D-9C6B-29E632763DEA}\ not found.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@ moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000032.@ moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L\00000004.@ moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@ moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@ moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000004.@ moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\000000cb.@ moved successfully.

File C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@ not found.

File C:\Users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\@ not found.

========== FILES ==========

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U folder moved successfully.

C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52} scheduled to be moved on reboot.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Lil J\Desktop\cmd.bat deleted successfully.

C:\Users\Lil J\Desktop\cmd.txt deleted successfully.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.15.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Lil J :: LILJ-HP [administrator]

6/15/2012 6:19:33 PM

mbam-log-2012-06-15 (18-19-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 215450

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Hi maniac

I ran the scan in normal mode and nothing was found but I still can't turn real time scanning on and my firewall still turns off immediately after I turn it on. Also before I ran malwarebytes in normal mode I ran it in safe mode and 2 toran viruses were found, which I removed. Below is the log for the scan in normal mode.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.16.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Lil J :: LILJ-HP [administrator]

6/16/2012 7:38:24 AM

mbam-log-2012-06-16 (07-38-24).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 421607

Time elapsed: 1 hour(s), 36 minute(s), 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Here's the log you requested.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.15.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Lil J :: LILJ-HP [administrator]

6/15/2012 6:36:33 PM

mbam-log-2012-06-15 (18-36-33).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 417036

Time elapsed: 46 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\_OTL\MovedFiles\06152012_173657\C_Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\_OTL\MovedFiles\06152012_181508\C_Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

These are backup files we alreaedy remove them with OTL.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Here's the combofix log. I'm not sure if my anti virus was turnned off because I don't know to turn it off. The scanning and firewall were off.

ComboFix 12-06-15.06 - Lil J 06/16/2012 12:01:26.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1096 [GMT -5:00]

Running from: c:\users\Lil J\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}

c:\users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\n

c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}

c:\windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\n

c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete

c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-05-16 to 2012-06-16 )))))))))))))))))))))))))))))))

.

.

2012-06-16 17:12 . 2012-06-16 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-15 20:33 . 2012-06-15 20:33 -------- d-----w- C:\_OTL

2012-06-12 20:04 . 2012-06-12 20:04 -------- d-----w- c:\users\Administrator

2012-06-01 20:21 . 2012-06-01 20:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-01 20:21 . 2011-05-13 22:24 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-21 00:25 . 2012-04-21 00:25 53248 ----a-r- c:\users\Lil J\AppData\Roaming\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe

2012-04-04 20:56 . 2010-11-11 16:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 06:05 . 2012-05-12 17:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-12 17:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-12 17:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-12 17:24 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-12 17:24 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]

[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1484856]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 257696]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-16 183560]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 102608]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 245352]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPNAT

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 20:21]

.

2012-06-09 c:\windows\Tasks\HPCeeScheduleForLil J.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-04-24 6489704]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-06-16 12:25:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-16 17:25

.

Pre-Run: 181,465,567,232 bytes free

Post-Run: 180,960,800,768 bytes free

.

- - End Of File - - 4D790E0E1780B6F297D429AEB41E1C1F

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Here's the results of the Eset Scan. A log wasn't saved so I just copied the results.

C:\Qoobox\Quarantine\C\Users\Lil J\AppData\Local\{02815385-b3dc-aa2c-a083-2e509dc82d52}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\n.vir Win64/Sirefef.W trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06152012_173657\C_Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06152012_173657\C_Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06152012_181508\C_Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined

C:\_OTL\MovedFiles\06152012_181508\C_Windows\Installer\{02815385-b3dc-aa2c-a083-2e509dc82d52}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined

Link to post
Share on other sites

Maniac you are awesome!!! Thanks so much for all your help!!! Everything seems to be back to normal, no more web page redirects and my firewall is staying on now. I know those trojans are very tricky so I hope i'm not overlooking anything. Is it ok to delete those scanners that i downloaded? If so can i just right click and delete them?

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.