Jump to content
hezekiah

Yet Another BCMiner infection

Recommended Posts

Result #2: not better than result #1 :(

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012

Ran by SYSTEM at 2012-07-11 14:19:41 Run:2

Running from G:\

==============================================

Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.

==== End of Fixlog ====

The Wmic OS command returned this;

os - alias not found.

The second command returns AMD64

post-114590-0-41459500-1342042495.jpg

Share this post


Link to post
Share on other sites

Do you have your 64bit installation disk?

try sfc

please run the following:

  1. Go to Start and type in cmd
  2. Right-click on the cmd icon above, and click Run As Administrator
  3. At the command prompt, type sfc /scannow, and then press ENTER.
    Note This command may take several minutes to finish. You may be prompted to provide Windows installation source files when you run the sfc /scannow command.
  4. At the command prompt, type exit, and then press ENTER to close the command prompt.

personally, if this was my computer, I would completely wipe the drive after saving my important documents, then re-install the system afresh, I believe your system has been severely compromised by this infection

Share this post


Link to post
Share on other sites

It is running now. I do have my x64 CD sitting right next to me as I have been pondering nuking the system (oh how I hate doing that). I just worry about my work documents, I need to save them but I also need them to not be infectious- looks like they should be OK by the scans though? I don't know how viruses propagate computer to computer, so I don't want to transfer files unless I am pretty sure they are safe.

The scan says it successfully repaired corrupt files and they will be good after the next reboot. Good?

(rebooting)

Share this post


Link to post
Share on other sites

Aha! Good news! I solved one of the problems with the solution of Not being an Idiot :)

As it shut down after the sfc scannow I saw 'windows home premium' in the corner.. so out of curiosity I redid the frst64 and there was a 3rd repair option to click through to, home premium.. ran that with the fix and boom!

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012

Ran by SYSTEM at 2012-07-11 16:40:37 Run:1

Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

well, that is one problem that has hopefully been resolved

but to be honest, I think your system is still compromised by the dual installation. I'm not sure what could have happened during installation, but it doesn't seem right.

I really don't think you can ever really trust this machine 100%

There is no indication that any of your documents have been infected, so I would save your documents, pictures, music etc.

then I would completely wipe the drive, then re-install the operating system

It would be difficult to tell the extent of issues remaining given what is being reported.

The Wmic OS command returned this;

os - alias not found.

this should have come back as 64bit system

also, sometimes this infection can open a "backdoor" to your system to allow other infections to come on board or allow hackers access to your system. I usually recommend either a reformat or at least as a precaution, change all your on line passwords from a machine that has never been infected.

I can continue to try and clean this machine if you wish, but I think the wisest choice would be to wipe and start again.

Share this post


Link to post
Share on other sites

also, sometimes this infection can open a "backdoor" to your system to allow other infections to come on board or allow hackers access to your system. I usually recommend either a reformat or at least as a precaution, change all your on line passwords from a machine that has never been infected.

I can continue to try and clean this machine if you wish, but I think the wisest choice would be to wipe and start again.

Fortunately all our online passwords were changed Saturday after my husband's car got broken into and his personal laptop was stolen out of it. I haven't logged into any sensitive sites since then, so I am at least sure that there's no room for issues there :)

I'd like to try and continue for another day or so, just in case this can be redeemed, then if necessary I can use all weekend to set my computer up again if I have to reformat and reinstall.

Share this post


Link to post
Share on other sites

(to be more precise since I can't seem to edit my post, they were changed from his personal computer which is virus free).

Share this post


Link to post
Share on other sites

ok, that's fine

let's get another set of diagnostic logs, see where we are at

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Please run OTL again as well

also, please describe how the computer is behaving and what issues you may be having (any change since sfc?)

you might also want to run chkdsk, make sure there are no hardware issues

  • Go to Start and type in cmd
  • Right-click on the cmd icon above, and click Run As Administrator
  • Type in chkdsk /R to the command window that appears, and press enter
  • Agree to the prompt, then reboot your system

Note: Upon Reboot(Restart), CHKDSK will start and carry out the repairs required.

Share this post


Link to post
Share on other sites

Computer seems to be running fine, no weird popups saying my computer is trying to send out data, no slowness, no real suspicious acts on the computer. Will paste the next log(s) in seperate posts since they are quite large. MBR.zip

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-11 17:11:48

-----------------------------

17:11:48.785 OS Version: Windows x64 6.1.7601 Service Pack 1

17:11:48.785 Number of processors: 2 586 0xF0B

17:11:48.786 ComputerName: JEN-PC UserName: Jen

17:11:51.551 Initialize success

17:12:42.114 AVAST engine defs: 12071102

17:15:30.925 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

17:15:30.927 Disk 0 Vendor: WDC_WD5000AAKS-75YGA0 12.01C02 Size: 476938MB BusType: 3

17:15:30.929 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5

17:15:30.931 Disk 1 Vendor: Hitachi_HDS5C3020ALA632 ML6OA580 Size: 1907728MB BusType: 3

17:15:30.944 Disk 1 MBR read successfully

17:15:30.947 Disk 1 MBR scan

17:15:30.951 Disk 1 Windows 7 default MBR code

17:15:30.954 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

17:15:30.967 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 999900 MB offset 206848

17:15:30.992 Disk 1 scanning C:\Windows\system32\drivers

17:15:44.876 Service scanning

17:16:22.139 Modules scanning

17:16:22.147 Disk 1 trace - called modules:

17:16:22.171 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

17:16:22.177 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8005e3a790]

17:16:22.182 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa80058a3b20]

17:16:22.187 5 ACPI.sys[fffff88000ec77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa8005cdb060]

17:16:24.528 AVAST engine scan C:\Windows

17:16:32.012 AVAST engine scan C:\Windows\system32

17:22:08.993 AVAST engine scan C:\Windows\system32\drivers

17:22:25.982 AVAST engine scan C:\Users\Jen

17:27:40.855 Disk 1 MBR has been saved successfully to "C:\Users\Jen\Desktop\MBR.dat"

17:27:40.862 The log file has been saved successfully to "C:\Users\Jen\Desktop\aswMBR.txt"

17:40:43.697 AVAST engine scan C:\ProgramData

17:44:09.650 Scan finished successfully

17:44:25.942 Disk 1 MBR has been saved successfully to "C:\Users\Jen\Desktop\MBR.dat"

17:44:26.061 The log file has been saved successfully to "C:\Users\Jen\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

OTL logfile created on: 7/11/2012 5:45:41 PM - Run 2

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jen\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 61.17% Memory free

12.00 Gb Paging File | 9.29 Gb Available in Paging File | 77.45% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 976.46 Gb Total Space | 803.39 Gb Free Space | 82.28% Space Free | Partition Type: NTFS

Drive D: | 244.14 Gb Total Space | 39.70 Gb Free Space | 16.26% Space Free | Partition Type: NTFS

Drive E: | 221.61 Gb Total Space | 73.54 Gb Free Space | 33.19% Space Free | Partition Type: NTFS

Drive F: | 953.13 Mb Total Space | 904.78 Mb Free Space | 94.93% Space Free | Partition Type: FAT

Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/10 09:55:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

PRC - [2012/06/25 07:19:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/06/25 07:17:54 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/06/14 08:06:23 | 002,039,536 | ---- | M] (GameStop Corp.) -- C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe

PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Jen\AppData\Local\Akamai\netsession_win.exe

PRC - [2012/05/24 11:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jen\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

PRC - [2011/11/23 13:25:31 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2011/10/21 02:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

PRC - [2011/08/22 05:39:44 | 002,995,568 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe

PRC - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe

PRC - [2011/08/22 05:39:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe

PRC - [2011/08/22 05:39:28 | 001,686,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe

PRC - [2011/06/17 10:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/06/01 09:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe

PRC - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe

PRC - [2011/06/01 09:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe

PRC - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe

PRC - [2010/04/22 17:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

PRC - [2009/12/21 18:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/25 07:19:41 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/06/25 07:17:53 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/06/25 07:17:48 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/06/25 07:17:48 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/06/25 07:17:48 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/06/25 07:17:48 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/06/13 03:48:45 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll

MOD - [2012/06/13 03:43:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MOD - [2012/06/13 03:42:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012/06/13 03:42:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/13 03:10:16 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/05/12 03:38:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 03:37:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012/05/12 03:37:30 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll

MOD - [2012/05/12 03:37:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/12 03:37:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/12 03:37:11 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/12 03:37:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/06/01 09:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll

MOD - [2011/06/01 09:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll

MOD - [2011/06/01 09:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll

MOD - [2011/06/01 09:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll

MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll

MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll

MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll

MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll

MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll

MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll

MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll

MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/04/22 17:33:24 | 002,887,904 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll

MOD - [2010/04/22 17:33:20 | 000,025,824 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll

MOD - [2010/04/22 17:33:00 | 000,323,808 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

MOD - [2010/03/22 15:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/10/26 14:42:16 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2010/10/26 14:42:16 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/07/11 12:07:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/25 07:19:42 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/06/25 07:17:54 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/11 17:59:44 | 000,335,888 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)

SRV - [2011/09/01 12:31:17 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/08/22 05:39:42 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2011/06/17 10:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/06/01 09:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)

SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)

SRV - [2010/04/22 17:33:04 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/01 11:30:25 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/12/19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)

DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)

DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)

DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2011/07/13 13:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)

DRV:64bit: - [2011/07/13 13:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)

DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)

DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)

DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/10/11 12:19:36 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/10/11 12:19:28 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/10/11 12:19:26 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010/04/26 19:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)

DRV:64bit: - [2010/04/26 19:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2010/04/26 19:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 86 EF 71 81 A0 CC 01 [binary data]

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\SearchScopes,DefaultScope = {4495CEEE-2569-4CA8-8AC8-583DA24642C5}

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=CFTP2V5&o=10159&src=crm&q={searchTerms}&locale=en_US

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\SearchScopes\{4495CEEE-2569-4CA8-8AC8-583DA24642C5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1

FF - prefs.js..extensions.enabledItems: {fc6339b8-9581-4fc7-b824-dffcb091fcb7}:1.99.101123

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.6.1

FF - prefs.js..keyword.URL: "http://google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/03/01 11:31:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/03/01 11:31:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 07:19:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/17 11:47:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/19 18:08:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 07:19:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/17 11:47:48 | 000,000,000 | ---D | M]

[2011/08/04 15:39:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen\AppData\Roaming\Mozilla\Extensions

[2012/07/09 08:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\59v2sos7.default\extensions

[2012/07/09 08:56:28 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\59v2sos7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2012/04/07 15:53:29 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\59v2sos7.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2012/06/13 09:26:38 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\59v2sos7.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

[2012/06/13 09:26:40 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jen\AppData\Roaming\Mozilla\Firefox\Profiles\59v2sos7.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[2012/05/17 14:06:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/09 08:56:28 | 000,262,420 | ---- | M] () (No name found) -- C:\USERS\JEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\59V2SOS7.DEFAULT\EXTENSIONS\{FC6339B8-9581-4FC7-B824-DFFCB091FCB7}.XPI

[2011/11/04 19:47:32 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\JEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\59V2SOS7.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI

[2012/04/02 15:22:37 | 000,071,254 | ---- | M] () (No name found) -- C:\USERS\JEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\59V2SOS7.DEFAULT\EXTENSIONS\FIRENES@FACUNDO.ZALDO.XPI

[2012/06/25 07:19:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/10 12:55:58 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/25 07:19:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/25 07:19:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Kaspersky URL Advisor = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\

CHR - Extension: Virtual Keyboard = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\

CHR - Extension: Anti-Banner = C:\Users\Jen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2012/07/10 15:21:20 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()

O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [sBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)

O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)

O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001..\Run: [Akamai NetSession Interface] C:\Users\Jen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-131210501-3192421088-3893619746-1003..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [innoSetupRegFile.0000000001] C:\Windows\is-65L7T.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-21-131210501-3192421088-3893619746-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriveMounter.lnk = C:\Users\Jen\AppData\Roaming\Microsoft\Installer\{A9031597-A657-4DD3-A57C-55E7330F139F}\NewShortcut2_A9031597A6574DD3A57C55E7330F139F.exe (Acresso Software Inc.)

O4 - Startup: C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-131210501-3192421088-3893619746-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94602980-3330-4318-8C9D-CED20F54B034}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/02 22:45:47 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 17:40:34 | 000,000,000 | ---D | C] -- C:\FRST

[2012/07/11 17:06:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jen\Desktop\aswMBR.exe

[2012/07/11 12:30:23 | 004,576,462 | R--- | C] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/07/11 12:22:24 | 001,434,551 | ---- | C] (Farbar) -- C:\Users\Jen\Desktop\FRST64.exe

[2012/07/10 17:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/07/10 15:34:00 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/07/10 15:21:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative

[2012/07/10 15:21:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/07/10 09:55:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/07/10 08:04:41 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jen\Desktop\dds.com

[2012/07/10 07:38:03 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/10 07:24:04 | 000,000,000 | --SD | C] -- C:\ComboFix

[2012/07/10 06:44:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/10 06:44:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/10 06:44:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/10 06:41:22 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/10 06:41:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/07/09 16:19:50 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/07/09 16:09:25 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Malwarebytes

[2012/07/09 16:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/09 16:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/07/09 16:09:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/09 16:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/07/09 13:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon

[2012/07/09 13:33:33 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\TechWizard

[2012/07/07 07:39:03 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/05 12:18:13 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Skyrim

[2012/07/05 06:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock

[2012/07/05 06:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks

[2012/06/29 14:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia

[2012/06/29 14:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision

[2012/06/29 14:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision

[2012/06/29 14:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar

[2012/06/29 13:55:57 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Stardock

[2012/06/29 13:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameStop App

[2012/06/29 13:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameStop

[2012/06/29 13:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\GameStop

[2012/06/29 13:54:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}

[2012/06/29 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\PackageAware

[2012/06/29 13:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock

[2012/06/29 12:18:05 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Chromium

[2012/06/29 08:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2

[2012/06/29 08:50:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2

[2012/06/29 08:50:00 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\Guild Wars 2

[2012/06/28 14:50:10 | 000,000,000 | ---D | C] -- C:\Users\Jen\Desktop\TRTP_GIS_DATA_5_14_2012

[2012/06/28 14:49:03 | 000,000,000 | ---D | C] -- C:\Users\Jen\Desktop\TRTP_GIS_DATA_3B_SUPP_5_2_12_CH.gdb

[2012/06/22 08:03:40 | 000,000,000 | ---D | C] -- C:\Users\Jen\Desktop\Baby

[2012/06/19 13:24:19 | 000,000,000 | ---D | C] -- C:\Users\Jen\Desktop\PacLeg-South of Kramer

[2012/06/18 15:13:01 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\Macromedia

[2012/06/18 15:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2012/06/18 14:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2012/06/18 14:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/06/18 14:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan

[2012/06/18 14:39:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[2012/06/13 09:27:48 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\adaware

[2012/06/13 09:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus

[2012/06/13 09:27:33 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys

[2012/06/13 09:27:14 | 000,119,416 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFwIm.sys

[2012/06/13 09:27:12 | 000,256,632 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SbFw.sys

[2012/06/13 09:27:12 | 000,057,976 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbredrv.sys

[2012/06/13 09:27:12 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2012/06/13 09:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/06/13 09:27:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012/06/13 09:26:44 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\adawarebp

[2012/06/13 09:26:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection

[2012/06/13 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner

[2012/06/13 09:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb

[2012/06/13 09:26:02 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus

[4 C:\Users\Jen\Desktop\*.tmp files -> C:\Users\Jen\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/11 17:44:25 | 000,000,512 | ---- | M] () -- C:\Users\Jen\Desktop\MBR.dat

[2012/07/11 17:16:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/11 17:07:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/11 17:07:00 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jen\Desktop\aswMBR.exe

[2012/07/11 17:05:46 | 000,711,240 | ---- | M] () -- C:\Windows\is-65L7T.exe

[2012/07/11 17:05:46 | 000,010,550 | ---- | M] () -- C:\Windows\is-65L7T.msg

[2012/07/11 17:05:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/11 17:05:46 | 000,000,459 | ---- | M] () -- C:\Windows\is-65L7T.lst

[2012/07/11 16:50:14 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/11 16:50:14 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/11 16:42:23 | 000,001,200 | ---- | M] () -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

[2012/07/11 16:42:08 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/07/11 16:41:55 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/11 16:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/11 16:41:29 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/11 14:27:56 | 000,162,840 | ---- | M] () -- C:\Users\Jen\Desktop\combofix_error.jpg

[2012/07/11 12:30:58 | 004,576,462 | R--- | M] (Swearware) -- C:\Users\Jen\Desktop\ComboFix.exe

[2012/07/11 12:22:27 | 001,434,551 | ---- | M] (Farbar) -- C:\Users\Jen\Desktop\FRST64.exe

[2012/07/11 03:23:56 | 004,869,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/10 15:21:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012/07/10 09:56:40 | 000,743,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/10 09:56:40 | 000,636,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/10 09:56:40 | 000,110,556 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/10 09:55:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Desktop\OTL.exe

[2012/07/10 08:04:43 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jen\Desktop\dds.com

[2012/07/09 20:53:45 | 000,001,190 | ---- | M] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012/07/09 20:53:45 | 000,000,438 | ---- | M] () -- C:\Windows\SysWow64\WSCConfig.xml

[2012/07/09 13:37:17 | 000,000,260 | ---- | M] () -- C:\Windows\SysWow64\cmdVBS.vbs

[2012/07/09 13:37:17 | 000,000,256 | ---- | M] () -- C:\Windows\SysWow64\MSIevent.bat

[2012/07/09 13:37:04 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk

[2012/07/09 13:36:48 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Install Verizon Media Manager.lnk

[2012/07/09 13:36:48 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\FiOS Information.lnk

[2012/07/09 08:30:20 | 000,037,186 | ---- | M] () -- C:\Users\Jen\Desktop\JCK07072012_TME.pdf

[2012/07/07 10:30:00 | 001,761,139 | ---- | M] () -- C:\Users\Jen\Desktop\JMP070612.pdf

[2012/07/05 06:59:03 | 000,000,222 | ---- | M] () -- C:\Users\Jen\Desktop\Creation Kit.url

[2012/07/05 06:59:03 | 000,000,221 | ---- | M] () -- C:\Users\Jen\Desktop\The Elder Scrolls V Skyrim.url

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/02 09:18:28 | 003,257,188 | ---- | M] () -- C:\Users\Jen\Desktop\App_F-1_ CulturalResourcesStudy.pdf

[2012/06/29 16:10:00 | 008,334,669 | ---- | M] () -- C:\Users\Jen\Desktop\SOK_GeologyPFYCs_1.pdf

[2012/06/29 14:22:43 | 000,000,190 | ---- | M] () -- C:\Windows\ODBCINST.INI

[2012/06/29 13:55:15 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\GameStop App.lnk

[2012/06/29 08:50:42 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk

[2012/06/29 08:21:49 | 013,912,253 | ---- | M] () -- C:\Users\Jen\Desktop\Seg3B_ConstructionMaps_11x17_Ver5D_20120629.pdf

[2012/06/27 08:48:46 | 000,264,230 | ---- | M] () -- C:\Users\Jen\Desktop\FRED.tiff

[2012/06/18 15:10:39 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012/06/18 15:10:39 | 000,002,094 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/06/14 11:33:02 | 000,397,401 | ---- | M] () -- C:\Users\Jen\Desktop\Morongo_North.pdf

[2012/06/14 09:31:32 | 001,900,618 | ---- | M] () -- C:\Users\Jen\Desktop\MapPresentation_Gate3_Sites and Route Map Book_v2_05032012-1.pdf

[4 C:\Users\Jen\Desktop\*.tmp files -> C:\Users\Jen\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/11 17:27:40 | 000,000,512 | ---- | C] () -- C:\Users\Jen\Desktop\MBR.dat

[2012/07/11 17:05:46 | 000,711,240 | ---- | C] () -- C:\Windows\is-65L7T.exe

[2012/07/11 17:05:46 | 000,010,550 | ---- | C] () -- C:\Windows\is-65L7T.msg

[2012/07/11 17:05:46 | 000,000,459 | ---- | C] () -- C:\Windows\is-65L7T.lst

[2012/07/11 14:27:54 | 000,162,840 | ---- | C] () -- C:\Users\Jen\Desktop\combofix_error.jpg

[2012/07/10 06:44:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/10 06:44:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/10 06:44:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/10 06:44:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/10 06:44:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/09 20:53:45 | 000,001,190 | ---- | C] () -- C:\Windows\SysWow64\ServiceConfig.xml

[2012/07/09 20:53:45 | 000,000,438 | ---- | C] () -- C:\Windows\SysWow64\WSCConfig.xml

[2012/07/09 16:09:19 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/09 13:37:17 | 000,000,260 | ---- | C] () -- C:\Windows\SysWow64\cmdVBS.vbs

[2012/07/09 13:37:17 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\MSIevent.bat

[2012/07/09 13:37:04 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk

[2012/07/09 13:36:48 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\FiOS Information.lnk

[2012/07/09 13:36:47 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Install Verizon Media Manager.lnk

[2012/07/09 08:29:17 | 000,037,186 | ---- | C] () -- C:\Users\Jen\Desktop\JCK07072012_TME.pdf

[2012/07/07 10:30:00 | 001,761,139 | ---- | C] () -- C:\Users\Jen\Desktop\JMP070612.pdf

[2012/07/05 06:59:03 | 000,000,222 | ---- | C] () -- C:\Users\Jen\Desktop\Creation Kit.url

[2012/07/05 06:59:03 | 000,000,221 | ---- | C] () -- C:\Users\Jen\Desktop\The Elder Scrolls V Skyrim.url

[2012/07/02 09:18:28 | 003,257,188 | ---- | C] () -- C:\Users\Jen\Desktop\App_F-1_ CulturalResourcesStudy.pdf

[2012/06/29 16:10:00 | 008,334,669 | ---- | C] () -- C:\Users\Jen\Desktop\SOK_GeologyPFYCs_1.pdf

[2012/06/29 16:05:36 | 013,912,253 | ---- | C] () -- C:\Users\Jen\Desktop\Seg3B_ConstructionMaps_11x17_Ver5D_20120629.pdf

[2012/06/29 14:22:43 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2012/06/29 13:55:59 | 000,001,200 | ---- | C] () -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk

[2012/06/29 13:55:15 | 000,001,053 | ---- | C] () -- C:\Users\Public\Desktop\GameStop App.lnk

[2012/06/29 08:50:42 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk

[2012/06/27 08:48:45 | 000,264,230 | ---- | C] () -- C:\Users\Jen\Desktop\FRED.tiff

[2012/06/18 14:39:21 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012/06/18 14:39:21 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/06/18 14:39:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/14 11:33:00 | 000,397,401 | ---- | C] () -- C:\Users\Jen\Desktop\Morongo_North.pdf

[2012/06/14 09:31:32 | 001,900,618 | ---- | C] () -- C:\Users\Jen\Desktop\MapPresentation_Gate3_Sites and Route Map Book_v2_05032012-1.pdf

[2012/06/13 09:27:39 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk

[2012/03/01 11:33:03 | 000,017,408 | ---- | C] () -- C:\Users\Jen\AppData\Local\WebpageIcons.db

[2012/01/27 15:59:40 | 000,000,600 | ---- | C] () -- C:\Users\Jen\AppData\Local\PUTTY.RND

[2011/08/15 08:00:13 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ4809N.DAT

========== LOP Check ==========

[2011/12/05 08:40:19 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\.minecraft

[2012/06/14 12:05:47 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Ad-Aware Antivirus

[2011/11/24 04:37:40 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Azureus

[2012/05/07 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\calibre

[2011/08/15 08:06:09 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Canon

[2012/07/11 16:42:41 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Dropbox

[2012/05/14 08:24:18 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\FileZilla

[2011/08/19 14:34:33 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\GlobalSCAPE

[2011/08/14 08:38:29 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Memeo

[2011/08/14 08:38:22 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Seagate

[2012/06/29 13:55:57 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Stardock

[2012/07/09 13:36:48 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TechWizard

[2011/08/04 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Thunderbird

[2012/02/09 10:09:47 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\Xerox

[2012/07/09 06:57:43 | 000,017,120 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >

[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES.EXE >

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\FRST\Quarantine\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe

[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe

[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\Jen\AppData\Local\Temp\winlogon.exe

[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives

---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model:

Partitions: 2

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HDS5C3020ALA632 ATA Device

Partitions: 2

Status: OK

Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media

Interface type: USB

Media Type: Removable Media

Model: Kingston DataTraveler 2.0 USB Device

Partitions: 1

Status: OK

Status Info: 0

Partitions

---------------

DeviceID: Disk #0, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 244.00GB

Starting Offset: 32256

Hidden sectors: 0

DeviceID: Disk #0, Partition #1

PartitionType: Extended w/Extended Int 13

Bootable: False

BootPartition: False

PrimaryPartition: False

Size: 222.00GB

Starting Offset: 262147898880

Hidden sectors: 0

DeviceID: Disk #1, Partition #0

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 0.00GB

Starting Offset: 1048576

Hidden sectors: 0

DeviceID: Disk #1, Partition #1

PartitionType: Installable File System

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 976.00GB

Starting Offset: 105906176

Hidden sectors: 0

DeviceID: Disk #2, Partition #0

PartitionType: MS-DOS V4 Huge

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 1.00GB

Starting Offset: 130048

Hidden sectors: 0

< End of report >

Share this post


Link to post
Share on other sites

Hi

Please run the following:

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...?babsrc=HP_Prot
    IE - HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 86 EF 71 81 A0 CC 01 [binary data]
    [2012/06/29 13:54:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}

    :Files
    D:\Program Files\Application Updater\ApplicationUpdater.exe
    D:\Program Files\Dealio Toolbar\SearchSettings.dll
    D:\Program Files\Dealio Toolbar\SearchSettings.exe
    D:\Program Files\Dealio Toolbar\SearchSettingsRes409.dll
    D:\Program Files\Dealio Toolbar\WidgiHelper.exe
    D:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
    D:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL log

NEXT

Please run another ESET online scan to see if ESET still picks up sirefef

Share this post


Link to post
Share on other sites

I think we are making progress!!

All processes killed

========== OTL ==========

HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mMSI.dll folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mIDEFunc.dll folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\AF6560EA folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\9EC8B393 folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\5B30C588 folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\469993E5 folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF\3BE0C867 folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\FDFDDEFF folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\F211DBDB folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750\1A14CC9A folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\EDF89750 folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE folder moved successfully.

C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6} folder moved successfully.

========== FILES ==========

D:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.

D:\Program Files\Dealio Toolbar\SearchSettings.dll moved successfully.

D:\Program Files\Dealio Toolbar\SearchSettings.exe moved successfully.

D:\Program Files\Dealio Toolbar\SearchSettingsRes409.dll moved successfully.

D:\Program Files\Dealio Toolbar\WidgiHelper.exe moved successfully.

D:\Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll moved successfully.

D:\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Jen\Desktop\cmd.bat deleted successfully.

C:\Users\Jen\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jen

->Temp folder emptied: 61985440 bytes

->Temporary Internet Files folder emptied: 3395332 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 58324395 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 16915 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 711240 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 165813 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 5082959 bytes

Total Files Cleaned = 124.00 mb

OTL by OldTimer - Version 3.2.53.1 log created on 07122012_061656

Files\Folders moved on Reboot...

C:\Users\Jen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Jen\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5fbe359e58c3.0000 Win64/Patched.B.Gen trojan

C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\00000008.@ Win64/Agent.BA trojan

C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000000.@ Win64/Sirefef.AE trojan

C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000032.@ a variant of Win32/Sirefef.FD trojan

C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000064.@ Win64/Sirefef.AN trojan

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Dealio Toolbar\SearchSettings.dll Win32/Toolbar.Widgi application

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Dealio Toolbar\SearchSettings.exe Win32/Toolbar.Widgi application

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Dealio Toolbar\SearchSettingsRes409.dll Win32/Toolbar.Widgi application

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Dealio Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi application

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Dealio Toolbar\FF\components\dealioToolbarFF.dll probably a variant of Win32/Toolbar.Widgi application

C:\_OTL\MovedFiles\07122012_061656\D_Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll probably a variant of Win32/Toolbar.Widgi application

Share this post


Link to post
Share on other sites

Ok,

update MBAM and run it

let's see if it comes back clean

how is the computer running now?

let's make sure this get's deleted

C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5fbe359e58c3.0000

Press the WinKey + R to open a run box, then copy/paste the following single-line command into the Run box and click OK:

cmd /c del /f/a/q "C:\Windows\winsxs\Temp\PendingDeletes\$$DeleteMe.services.exe.01cd5fbe359e58c3.0000"

Share this post


Link to post
Share on other sites

:D :D :D

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.11.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Jen :: JEN-PC [administrator]

Protection: Enabled

7/12/2012 1:56:29 PM

mbam-log-2012-07-12 (13-56-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228853

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

that's great, but I'm cautiously optimistic

how is it running?

It's running as smoothly as it usually does, things are opening and closing in their normal time and manner instead of being horribly delayed, and of course no random redirects or internet malfunctions either (the obvious stuff is all gone).

Share this post


Link to post
Share on other sites

Well, I think this is the best it's going to get in it's present state.

There are no obvious signs of malware remaining, but the fact that CF wouldn't run and the state of the OS installation is still a concern, I really am not comfortable sending you on your way.

I really feel you should save what you need then wipe your drive and start again.

I know that is a hassle but in this case, I wouldn't trust this machine without it.

If you can't do that immediately, then just be cautious what you do with this machine.

So let's clean up our tools and I'll give my usual recommendations

(I'll give the ComboFix uninstall routine even though it didn't run, it still unpacked it's files, it may tell you it can't find it though)

You can delete the DDS, aswMBR and FRST logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

NEXT

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]Download TFC to your desktop

    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean

    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

    [*]WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    • Green to go
    • Yellow for caution
    • Red to stop

    WOT has an addon available for both Firefox and IE

    [*]Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

    [*]ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

    [*]In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:

    PC Safety and Security--What Do I Need?.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Share this post


Link to post
Share on other sites

I have performed the procedures requested, and all appears well. I will be backing up my work files and other important documents and then re-installing Windows, hopefully with a nice perfect install this time :) Thank you very much for your assistance, I have NEVER in my life had a serious of viruses like this! (Heck, I've never actually had one in 20-ish years!).

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.