Jump to content

Need help getting rid of maleware/viruses


Recommended Posts

Hello,

I am seem to caught on some viruses, what I belive they are. Norton dected them but did not remove them and when I use the internet t redirects me a lot. I need some help please.

I appreciate all the help I recieve.

Here is my Hijack This Log:

Should also use Maleware Bites too?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:26:40 PM, on 8/3/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\iTunesHelper.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKUS\S-1-5-18\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9221 bytes

Link to post
Share on other sites

Hello brando223 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Alright :) Thank you!

Here is my DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Brandon at 10:07:43 on 2012-08-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1873 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://oc-startpage.aol.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "D:\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "D:\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCore.dll

FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: D:\Mozilla Plugins\npitunes.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-14 1161376]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2008-9-22 14904]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 655944]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-28 138912]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-12-17 126400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-11 250056]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-11 113120]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-10 89920]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-04 01:42:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-04 00:52:58 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-03 22:16:55 -------- d-----w- C:\Users\Brandon\AppData\Local\NPE

2012-08-03 20:13:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-13 19:23:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-07-13 19:23:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-07-13 19:23:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-07-13 19:21:47 -------- d-----w- C:\Program Files\iPod

2012-07-13 19:21:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-13 19:21:42 -------- d-----w- C:\Program Files\iTunes

2012-07-13 19:14:33 -------- d-----w- C:\Program Files\Bonjour

2012-07-13 19:14:33 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-07-12 02:32:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-11 07:03:56 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 04:19:20 -------- d-----w- C:\Users\Brandon\AppData\Roaming\YourFileDownloader

2012-07-11 01:54:09 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 01:54:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 01:54:05 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 01:54:05 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 01:54:04 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 01:54:04 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 01:54:02 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-11 01:54:02 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-11 01:54:02 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-07-11 01:54:02 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-11 01:54:02 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-11 01:54:02 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-06 18:03:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-06 15:42:28 -------- d-----w- C:\Users\Brandon\AppData\Local\Macromedia

.

==================== Find3M ====================

.

2012-08-04 01:53:20 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 10:08:50.46 ===============

Attach.txt is:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/22/2008 8:39:42 PM

System Uptime: 8/4/2012 7:31:05 AM (3 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | N80Vb

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | Socket 478 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 1.268 GiB free.

D: is FIXED (NTFS) - 106 GiB total, 89.954 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

3Impact

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player

Amazon Kindle

Apple Application Support

Apple Software Update

ASUS InstantFun

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

CSS Tab Designer v2.0

CyberLink LabelPrint

CyberLink Power2Go

Download Updater (AOL LLC)

DVD Flick 1.3.0.7

Facebook Plug-In

FileZilla Client 3.5.3

FrostWire 4.21.5

FrostWire 5.3.7

GIMP 2.6.11

Google SketchUp 8

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218)

Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)

ITECIR

Java Auto Updater

Java 6 Update 31

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

LG USB Modem Drivers

LightScribe System Software 1.14.17.1

LimeWire 5.1.1

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Expression Blend 3 SDK

Microsoft Expression Blend 4

Microsoft Expression Blend 4 Add-in for Adobe FXG Import

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Blend SDK for Windows Phone 7

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight Tools for Visual Studio 2010

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft VC9 runtime libraries

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express for Windows Phone - ENU

Microsoft Windows Phone 7 Developer Resources

Microsoft Windows Phone Developer Tools - ENU

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio 4.0

Microsoft XNA Game Studio 4.0 (ARP entry)

Microsoft XNA Game Studio 4.0 (Redists)

Microsoft XNA Game Studio 4.0 (Shared Components)

Microsoft XNA Game Studio 4.0 (Visual Studio)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

Microsoft XNA Game Studio 4.0 Documentation

Microsoft XNA Game Studio 4.0 Windows Phone Extensions

Microsoft XNA Game Studio Platform Tools

Monopoly

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Norton AntiVirus

NVIDIA PhysX

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

RollerCoaster Tycoon 3 Platinum

RuneScape Launcher 1.2

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)

Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

SMSCaster E-Marketer GSM Standard v3.7

Steam

Tiled - Tiled Map Editor

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Viewpoint Media Player

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 1.0.1

Windows Media Player Firefox Plugin

Windows Phone 7 Add-in for Visual Studio 2010 - ENU

WindowsApplication1

WinRAR 4.01 (32-bit)

Wireless Console 2

World of Tanks v.0.6.5

Yahoo! Detect

.

==== End Of File ===========================

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

FrostWire 4.21.5

FrostWire 5.3.7

LimeWire 5.1.1

Viewpoint Media Player

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • a new fresh DDS log

Link to post
Share on other sites

Malewarebytes log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.10

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Brandon :: BRANDON-PC [administrator]

Protection: Enabled

8/4/2012 8:58:27 PM

mbam-log-2012-08-04 (20-58-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 199085

Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-04 21:36:52

-----------------------------

21:36:52.008 OS Version: Windows x64 6.0.6002 Service Pack 2

21:36:52.008 Number of processors: 2 586 0xF0D

21:36:52.008 ComputerName: BRANDON-PC UserName: Brandon

21:36:53.365 Initialize success

21:37:06.072 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

21:37:06.087 Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3

21:37:06.134 Disk 0 MBR read successfully

21:37:06.134 Disk 0 MBR scan

21:37:06.150 Disk 0 unknown MBR code

21:37:06.181 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10997 MB offset 63

21:37:06.212 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 22523130

21:37:06.228 Disk 0 Partition - 00 0F Extended LBA 108244 MB offset 266711280

21:37:06.290 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108244 MB offset 266711324

21:37:06.352 Disk 0 scanning C:\Windows\system32\drivers

21:37:25.260 Service scanning

21:38:31.385 Modules scanning

21:38:31.395 Disk 0 trace - called modules:

21:38:31.425 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys iaStor.sys hal.dll

21:38:31.775 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f0e790]

21:38:31.785 3 CLASSPNP.SYS[fffffa60011cfc33] -> nt!IofCallDriver -> [0xfffffa8004bac330]

21:38:31.795 5 acpi.sys[fffffa60008f5fde] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bb5050]

21:38:31.805 Scan finished successfully

21:38:57.651 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"

21:38:57.659 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Brandon at 21:39:42 on 2012-08-04

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2021 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Windows\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

D:\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Users\Brandon\Downloads\aswMBR.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://oc-startpage.aol.com/

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "D:\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "D:\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\components\IPSFFPl.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCore.dll

FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\MailUtil.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

FF - plugin: D:\Mozilla Plugins\npitunes.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-7-14 1161376]

R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20120713.001\IDSviA64.sys [2012-7-13 509088]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2008-9-22 14904]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-3 655944]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccsvchst.exe [2011-12-17 126400]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-28 138912]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-11 250056]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-11 113120]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-8-10 89920]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]

S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-08-04 01:42:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-04 00:52:58 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-03 22:16:55 -------- d-----w- C:\Users\Brandon\AppData\Local\NPE

2012-08-03 20:13:18 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-13 19:23:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-07-13 19:23:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-07-13 19:23:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-07-13 19:21:47 -------- d-----w- C:\Program Files\iPod

2012-07-13 19:21:42 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-13 19:21:42 -------- d-----w- C:\Program Files\iTunes

2012-07-13 19:14:33 -------- d-----w- C:\Program Files\Bonjour

2012-07-13 19:14:33 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-07-12 02:32:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-11 07:03:56 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 04:19:20 -------- d-----w- C:\Users\Brandon\AppData\Roaming\YourFileDownloader

2012-07-11 01:54:09 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-11 01:54:09 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 01:54:05 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 01:54:05 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 01:54:04 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 01:54:04 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-11 01:54:02 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-11 01:54:02 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-11 01:54:02 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-07-11 01:54:02 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-11 01:54:02 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-11 01:54:02 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-06 18:03:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-06 15:42:28 -------- d-----w- C:\Users\Brandon\AppData\Local\Macromedia

.

==================== Find3M ====================

.

2012-08-05 01:32:29 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 19:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 21:42:16.14 ===============

I am not sure if you need attach.txt but here it is:

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 9/22/2008 8:39:42 PM

System Uptime: 8/4/2012 9:31:17 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | N80Vb

Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | Socket 478 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 1.581 GiB free.

D: is FIXED (NTFS) - 106 GiB total, 89.954 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

3Impact

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

Adobe Shockwave Player

Amazon Kindle

Apple Application Support

Apple Software Update

ASUS InstantFun

ASUS LifeFrame3

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ATK Generic Function Service

ATK Hotkey

ATK Media

ATKOSD2

AVS Update Manager 1.0

AVS Video Converter 6

AVS4YOU Software Navigator 1.3

CSS Tab Designer v2.0

CyberLink LabelPrint

CyberLink Power2Go

Download Updater (AOL LLC)

DVD Flick 1.3.0.7

Facebook Plug-In

FileZilla Client 3.5.3

GIMP 2.6.11

Google SketchUp 8

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)

Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB982218)

Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)

ITECIR

Java Auto Updater

Java 6 Update 31

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

LG USB Modem Drivers

LightScribe System Software 1.14.17.1

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Expression Blend 3 SDK

Microsoft Expression Blend 4

Microsoft Expression Blend 4 Add-in for Adobe FXG Import

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Blend SDK for Windows Phone 7

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft Silverlight Tools for Visual Studio 2010

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Browser

Microsoft SQL Server Compact 3.5 SP1 Design Tools English

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server System CLR Types

Microsoft VC9 runtime libraries

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual Basic 2010 Express - ENU

Microsoft Visual C# 2010 Express - ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)

Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

Microsoft Visual Studio 2010 Express for Windows Phone - ENU

Microsoft Windows Phone 7 Developer Resources

Microsoft Windows Phone Developer Tools - ENU

Microsoft XNA Framework Redistributable 4.0

Microsoft XNA Game Studio 4.0

Microsoft XNA Game Studio 4.0 (ARP entry)

Microsoft XNA Game Studio 4.0 (Redists)

Microsoft XNA Game Studio 4.0 (Shared Components)

Microsoft XNA Game Studio 4.0 (Visual Studio)

Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

Microsoft XNA Game Studio 4.0 Documentation

Microsoft XNA Game Studio 4.0 Windows Phone Extensions

Microsoft XNA Game Studio Platform Tools

Monopoly

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Norton AntiVirus

NVIDIA PhysX

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

RealUpgrade 1.1

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

RollerCoaster Tycoon 3 Platinum

RuneScape Launcher 1.2

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)

Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)

Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)

SMSCaster E-Marketer GSM Standard v3.7

Steam

Tiled - Tiled Map Editor

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

VLC media player 1.0.1

Windows Media Player Firefox Plugin

Windows Phone 7 Add-in for Visual Studio 2010 - ENU

WindowsApplication1

WinRAR 4.01 (32-bit)

Wireless Console 2

World of Tanks v.0.6.5

Yahoo! Detect

.

==== End Of File ===========================

Link to post
Share on other sites

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

We will just continue with the cleaning, thank you though!

OTL log:

OTL logfile created on: 8/5/2012 11:19:23 AM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brandon\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.01% Memory free

8.17 Gb Paging File | 5.89 Gb Available in Paging File | 72.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 1.29 Gb Free Space | 1.11% Space Free | Partition Type: NTFS

Drive D: | 105.71 Gb Total Space | 89.95 Gb Free Space | 85.10% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 11:17:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Downloads\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/07 19:33:22 | 000,421,776 | ---- | M] (Apple Inc.) -- D:\iTunesHelper.exe

PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/31 20:37:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe

PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2008/07/15 14:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

PRC - [2008/07/15 14:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

PRC - [2008/06/24 22:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

PRC - [2008/06/23 23:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/11/28 18:26:00 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe

PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2009/04/10 23:28:24 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2008/07/18 22:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2008/06/09 12:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

MOD - [2007/08/14 16:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 16:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 16:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/29 14:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)

SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2012/08/03 16:40:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/19 01:27:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/08/06 00:14:22 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011/08/04 00:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe -- (NAV)

SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/03/29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/21 22:53:36 | 000,451,704 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS -- (SYMTDIv)

DRV:64bit: - [2011/08/21 22:53:35 | 000,221,304 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\SYMEFA64.SYS -- (SymEFA)

DRV:64bit: - [2011/08/04 00:19:26 | 000,593,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\ccHPx64.sys -- (ccHP)

DRV:64bit: - [2010/09/08 15:42:16 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm)

DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)

DRV:64bit: - [2010/05/05 22:18:44 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\Ironx64.SYS -- (SymIRON)

DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\NAVx64\1109000.00C\SRTSP64.SYS -- (SRTSP)

DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\SRTSPX64.SYS -- (SRTSPX)

DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\RsFx0150.sys -- (RsFx0150)

DRV:64bit: - [2010/02/03 21:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1109000.00C\SYMDS64.SYS -- (SymDS)

DRV:64bit: - [2009/11/12 00:14:28 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2008/07/21 08:23:11 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)

DRV:64bit: - [2008/07/04 07:58:16 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)

DRV:64bit: - [2008/07/03 00:57:12 | 001,813,120 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2008/06/03 02:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2008/05/02 01:59:47 | 000,166,912 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008/02/15 21:27:18 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/01/20 22:46:59 | 000,054,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2007/12/18 20:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)

DRV:64bit: - [2007/12/06 06:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)

DRV:64bit: - [2007/07/27 22:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2007/07/26 23:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV:64bit: - [2007/07/23 09:23:58 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2007/07/23 09:23:58 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2007/07/23 09:23:56 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2006/10/27 09:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys -- (MTsensor)

DRV - [2012/07/14 04:38:57 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20120713.004\ex64.sys -- (NAVEX15)

DRV - [2012/07/14 04:38:57 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20120713.004\eng64.sys -- (NAVENG)

DRV - [2012/07/13 08:31:52 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20120713.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/06/28 04:00:07 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/06/28 04:00:07 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/06/19 00:03:24 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7

IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=10-09-2011&tb_mrud=10-09-2011

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C6 5E 01 B4 75 F6 4D BD F6 A0 B9 BF 90 6C 0B [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C6 5E 01 B4 75 F6 4D BD F6 A0 B9 BF 90 6C 0B [binary data]

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://oc-startpage.aol.com/

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 30 C6 5E 01 B4 75 F6 4D BD F6 A0 B9 BF 90 6C 0B [binary data]

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query={searchTerms}&invocationType=tb50trie7

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=10-09-2011&tb_mrud=10-09-2011

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{7052B11F-3619-4704-9BFF-632351583321}: "URL" = http://mp3tubetoolbar.com/?tmp=toolbar_sb_results&prt=pinballtbfour01ie&Keywords={searchTerms}&clid=bd3c53e2a2b14789ad46df7c0297b970

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{CD09AE05-6910-4D94-B5D1-A81ECA20A71B}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Brandon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2011/08/06 00:09:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/31 20:37:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 01:27:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/04 20:56:47 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 01:27:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/04 20:56:47 | 000,000,000 | ---D | M]

[2010/07/27 20:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions

[2009/03/08 18:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2011/08/17 23:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\8j4nx1y8.default\extensions

[2011/04/05 17:48:41 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\8j4nx1y8.default\extensions\{d699e99b-d6cb-4a13-aff6-a49941fb34d8}

[2012/07/13 14:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions

[2010/07/28 21:23:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/07/13 14:49:32 | 000,000,000 | ---D | M] (Website Hit Counters Community Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{65056c24-1bd2-4a50-844a-20ee6ab19187}

[2012/07/12 00:03:50 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

[2011/08/04 16:06:54 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}

[2012/07/11 12:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/19 01:27:09 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\np32asw.dll

[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32asw.dll

[2012/04/03 21:58:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/14 18:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/14 18:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/08/18 00:35:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe ()

O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34AEEEB9-D965-46C9-8533-D3AF1705D6D3}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC602071-B493-4C3A-98A8-BAB07C14E525}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Brandon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/04 10:05:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Brandon\Desktop\dds(1).scr

[2012/08/03 21:42:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/03 21:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/03 20:52:58 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys

[2012/08/03 18:16:55 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\NPE

[2012/08/03 16:13:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/13 15:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/07/13 15:23:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE

[2012/07/13 15:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/07/13 15:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/07/13 15:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[2012/07/13 15:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2012/07/13 15:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2012/07/13 15:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012/07/13 15:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012/07/11 12:41:34 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape

[2012/07/11 12:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/07/11 12:37:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/07/11 12:23:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012/07/11 00:19:20 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\YourFileDownloader

[2012/07/10 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\dos

[2012/07/06 11:42:28 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Macromedia

[2012/07/06 11:33:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ]

[1 C:\Users\Brandon\AppData\Local\*.tmp files -> C:\Users\Brandon\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 11:13:57 | 000,144,960 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/08/05 11:13:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/05 11:13:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/05 11:13:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/05 01:01:52 | 000,000,024 | ---- | M] () -- C:\Users\Brandon\random.dat

[2012/08/05 00:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/04 23:22:36 | 000,000,024 | ---- | M] () -- C:\Users\Brandon\jagexappletviewer.preferences

[2012/08/04 21:45:10 | 000,000,032 | ---- | M] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE.dat

[2012/08/04 21:38:57 | 000,000,512 | ---- | M] () -- C:\Users\Brandon\Desktop\MBR.dat

[2012/08/04 21:32:49 | 000,144,960 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/08/04 21:32:29 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2012/08/04 21:31:50 | 4294,037,504 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/04 21:30:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/08/04 10:05:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Brandon\Desktop\dds(1).scr

[2012/08/03 21:42:18 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/03 21:26:19 | 000,002,523 | ---- | M] () -- C:\Users\Brandon\Desktop\HiJackThis.lnk

[2012/08/03 20:52:58 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys

[2012/08/02 22:28:06 | 000,060,416 | ---- | M] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/08/02 02:28:37 | 228,952,606 | ---- | M] () -- C:\Users\Brandon\Desktop\MVI_1175.AVI

[2012/08/02 01:38:04 | 000,175,443 | ---- | M] () -- C:\Users\Brandon\Desktop\me.jpg

[2012/08/01 07:48:15 | 000,039,498 | ---- | M] () -- C:\Users\Brandon\Desktop\image223.jpg

[2012/07/31 14:45:52 | 000,206,196 | ---- | M] () -- C:\Users\Brandon\Desktop\99-3.jpg

[2012/07/31 14:39:22 | 000,140,118 | ---- | M] () -- C:\Users\Brandon\Desktop\99-2.jpg

[2012/07/31 14:38:48 | 000,179,777 | ---- | M] () -- C:\Users\Brandon\Desktop\99.jpg

[2012/07/31 12:44:30 | 000,897,600 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/31 12:44:30 | 000,741,734 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/31 12:44:30 | 000,158,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/28 14:27:50 | 000,000,051 | ---- | M] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE_BETA.dat

[2012/07/17 12:41:49 | 000,354,816 | ---- | M] () -- C:\Users\Brandon\Desktop\Round3.pub

[2012/07/17 12:37:02 | 000,262,815 | ---- | M] () -- C:\Users\Brandon\Desktop\Picture1.jpg

[2012/07/17 03:20:51 | 000,000,935 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk

[2012/07/16 11:10:22 | 000,300,484 | ---- | M] () -- C:\Users\Brandon\Desktop\Round3.zip

[2012/07/13 15:23:08 | 000,001,313 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/07/12 17:12:13 | 000,029,349 | ---- | M] () -- C:\Users\Brandon\Desktop\image311.jpg

[2012/07/12 00:59:28 | 000,056,300 | ---- | M] () -- C:\Users\Brandon\Desktop\tn.jpg

[2012/07/11 12:41:34 | 000,001,893 | ---- | M] () -- C:\Users\Brandon\Desktop\RuneScape.lnk

[2012/07/11 12:37:20 | 000,000,879 | ---- | M] () -- C:\Users\Brandon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/07/11 12:37:20 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/07/11 03:28:15 | 000,436,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/10 23:16:20 | 000,000,845 | ---- | M] () -- C:\Users\Brandon\.recently-used.xbel

[2012/07/06 22:34:38 | 000,000,680 | ---- | M] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Brandon\Desktop\*.tmp files -> C:\Users\Brandon\Desktop\*.tmp -> ]

[1 C:\Users\Brandon\AppData\Local\*.tmp files -> C:\Users\Brandon\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/04 21:38:57 | 000,000,512 | ---- | C] () -- C:\Users\Brandon\Desktop\MBR.dat

[2012/08/04 21:32:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@

[2012/08/04 21:32:47 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@

[2012/08/04 10:11:07 | 000,000,673 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L\00000004.@

[2012/08/03 21:42:17 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/03 16:06:35 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000064.@

[2012/08/03 16:06:01 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@

[2012/08/02 01:38:04 | 000,175,443 | ---- | C] () -- C:\Users\Brandon\Desktop\me.jpg

[2012/07/31 14:45:51 | 000,206,196 | ---- | C] () -- C:\Users\Brandon\Desktop\99-3.jpg

[2012/07/31 14:39:21 | 000,140,118 | ---- | C] () -- C:\Users\Brandon\Desktop\99-2.jpg

[2012/07/31 14:38:48 | 000,179,777 | ---- | C] () -- C:\Users\Brandon\Desktop\99.jpg

[2012/07/27 18:10:32 | 000,039,498 | ---- | C] () -- C:\Users\Brandon\Desktop\image223.jpg

[2012/07/16 11:27:03 | 000,262,815 | ---- | C] () -- C:\Users\Brandon\Desktop\Picture1.jpg

[2012/07/16 11:10:22 | 000,300,484 | ---- | C] () -- C:\Users\Brandon\Desktop\Round3.zip

[2012/07/13 15:23:08 | 000,001,313 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012/07/12 17:12:12 | 000,029,349 | ---- | C] () -- C:\Users\Brandon\Desktop\image311.jpg

[2012/07/12 14:27:24 | 228,952,606 | ---- | C] () -- C:\Users\Brandon\Desktop\MVI_1175.AVI

[2012/07/12 00:59:28 | 000,056,300 | ---- | C] () -- C:\Users\Brandon\Desktop\tn.jpg

[2012/07/11 22:32:23 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/11 12:42:12 | 000,000,024 | ---- | C] () -- C:\Users\Brandon\jagexappletviewer.preferences

[2012/07/11 12:41:34 | 000,001,923 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk

[2012/07/11 12:41:34 | 000,001,893 | ---- | C] () -- C:\Users\Brandon\Desktop\RuneScape.lnk

[2012/07/11 12:37:20 | 000,000,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/07/10 23:16:20 | 000,000,845 | ---- | C] () -- C:\Users\Brandon\.recently-used.xbel

[2012/07/10 23:05:36 | 000,354,816 | ---- | C] () -- C:\Users\Brandon\Desktop\Round3.pub

[2012/06/27 15:20:17 | 000,000,047 | ---- | C] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE1.dat

[2012/06/27 14:51:55 | 000,000,051 | ---- | C] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE_BETA.dat

[2012/06/27 14:51:55 | 000,000,024 | ---- | C] () -- C:\Users\Brandon\random.dat

[2012/03/03 23:28:11 | 000,000,038 | ---- | C] () -- C:\Users\Brandon\.gtk-bookmarks

[2012/01/12 19:57:13 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ZLIB.DLL

[2012/01/11 13:30:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@

[2012/01/11 13:30:12 | 000,002,048 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@

[2012/01/09 00:16:16 | 000,011,520 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\488o5v2e4050

[2012/01/09 00:16:16 | 000,011,520 | -HS- | C] () -- C:\ProgramData\488o5v2e4050

[2011/10/25 22:12:16 | 000,000,032 | ---- | C] () -- C:\Users\Brandon\jagex_cl_runescape_LIVE.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2011/09/11 00:27:17 | 000,000,552 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d8caps.dat

[2011/08/22 12:53:44 | 000,000,732 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d9caps64.dat

[2011/08/17 23:37:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/08/17 23:37:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/08/17 23:37:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/08/17 23:37:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/08/17 23:37:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/08/17 22:57:01 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\defogger_reenable

[2011/08/10 12:04:33 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011/08/10 12:03:58 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011/08/10 12:03:09 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011/07/19 15:26:12 | 000,000,284 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\DelAll.bat

[2011/04/18 21:57:22 | 000,895,502 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/04/05 21:25:59 | 000,011,348 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna

[2011/04/05 21:25:59 | 000,011,348 | -HS- | C] () -- C:\ProgramData\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna

[2011/04/05 20:30:43 | 000,000,020 | ---- | C] () -- C:\ProgramData\48f9f634

[2011/04/05 17:49:15 | 000,001,185 | ---- | C] () -- C:\ProgramData\1745062479

[2011/04/05 17:49:01 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1210687843

[2010/06/28 23:00:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/05/09 12:22:54 | 000,000,040 | ---- | C] () -- C:\Users\Brandon\jagex__preferences3.dat

[2009/09/07 01:06:05 | 000,000,129 | ---- | C] () -- C:\Users\Brandon\jagex_runescape_preferences2.dat

[2009/01/19 16:46:37 | 000,144,960 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/01/19 08:59:00 | 000,144,960 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/01/19 00:02:45 | 000,000,680 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat

[2009/01/03 22:40:37 | 000,060,416 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/03 08:42:01 | 000,000,046 | ---- | C] () -- C:\Users\Brandon\jagex_runescape_preferences.dat

========== LOP Check ==========

[2009/01/19 16:47:15 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\agi

[2012/02/27 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Atari

[2010/06/13 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Facebook

[2012/07/18 12:30:27 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FileZilla

[2012/08/03 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FrostWire

[2012/07/10 23:16:20 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\gtk-2.0

[2009/03/16 20:10:20 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Humanbalance

[2011/06/08 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\KompoZer

[2012/02/27 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Leadertech

[2012/01/12 19:59:14 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Likno Software

[2012/07/29 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\LimeWire

[2010/07/01 01:39:04 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Music Recognition

[2011/09/10 18:33:09 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\OpenCandy

[2009/09/01 01:21:00 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\River Past G5

[2011/05/25 11:00:35 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Screaming Bee

[2011/04/05 16:48:33 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Tific

[2011/08/08 16:06:47 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\wargaming.net

[2012/07/11 00:19:20 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\YourFileDownloader

[2012/08/04 21:30:33 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Brandon\Desktop\MVI_1175.AVI:TOC.WMV

< End of report >

Extras.txt:

OTL Extras logfile created on: 8/5/2012 11:19:23 AM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Brandon\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 43.01% Memory free

8.17 Gb Paging File | 5.89 Gb Available in Paging File | 72.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 1.29 Gb Free Space | 1.11% Space Free | Partition Type: NTFS

Drive D: | 105.71 Gb Total Space | 89.95 Gb Free Space | 85.10% Space Free | Partition Type: NTFS

Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = 28 EE 12 4D 7D 57 CC 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0F7861E5-3B24-33CA-AECF-B5477194CEEB}" = Windows Phone Emulator x64 - ENU

"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear eXtreme

"{2180B33F-3225-423E-BBC1-7798CFD3CD1F}" = Microsoft SQL Server 2008 R2 Native Client

"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files

"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java 7 (64-bit)

"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer

"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files

"{3B9C0F4A-490F-41AC-8C4A-F4A609E894B3}" = Likno Web Tabs Builder 2.0.206

"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java SE Development Kit 7 (64-bit)

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6D10FB2C-82A9-40F2-91D0-7BE64CF0DAF2}" = Microsoft SQL Server 2008 R2 Setup (English)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant

"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared

"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services

"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0

"jEdit_is1" = jEdit 4.3.2

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)

"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools

"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.5

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0

"{2C3AB990-1F33-3D6B-9F34-8D5189FA04D3}" = Windows Phone 7 Add-in for Visual Studio 2010 - ENU

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3F4EB5FE-B5BE-4069-A5A8-6D9262E1B379}" = Microsoft XNA Game Studio 4.0 Documentation

"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries

"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010

"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun

"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01

"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2

"{5DDF31D2-63BB-4268-895B-FB05A82A1C00}" = Microsoft XNA Game Studio 4.0 Windows Phone Extensions

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)

"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey

"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C496FBF-DB4A-468D-A3A1-15E127382218}" = Microsoft XNA Game Studio 4.0 (Visual Studio)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A29C5DD5-B21E-474F-AA96-6A7FC0B2B248}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{B86149D3-18A2-41FD-A153-60AF944E47FE}" = Microsoft Windows Phone 7 Developer Resources

"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CFB91CB0-17D9-44EB-BFB2-5307AB7E7DDC}" = Microsoft Visual Studio 2010 Express for Windows Phone - ENU

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media

"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com

"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers

"3Impact_is1" = 3Impact

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"Blend_4.0.20901.0" = Microsoft Expression Blend 4

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CSS Tab Designer_is1" = CSS Tab Designer v2.0

"DVD Flick_is1" = DVD Flick 1.3.0.7

"ENTERPRISER" = Microsoft Office Enterprise 2007

"FileZilla Client" = FileZilla Client 3.5.3

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU

"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU

"Microsoft Visual Studio 2010 Express for Windows Phone - ENU" = Microsoft Windows Phone Developer Tools - ENU

"Monopoly" = Monopoly

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NAV" = Norton AntiVirus

"RealPlayer 12.0" = RealPlayer

"SMSCaster E-Marketer GSM Standard_is1" = SMSCaster E-Marketer GSM Standard v3.7

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"Steam App 550" = Left 4 Dead 2

"Steam App 564" = Left 4 Dead 2 Add-on Support

"Tiled" = Tiled - Tiled Map Editor

"VLC media player" = VLC media player 1.0.1

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR 4.01 (32-bit)

"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3268160211-647110919-3188366877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle" = Amazon Kindle

"b917815c58cec9aa" = WindowsApplication1

"Facebook Plug-In" = Facebook Plug-In

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/5/2012 1:08:27 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2012 1:08:27 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 11778

Error - 8/5/2012 1:08:27 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 11778

Error - 8/5/2012 1:08:28 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2012 1:08:28 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 12807

Error - 8/5/2012 1:08:28 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 12807

Error - 8/5/2012 1:08:29 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/5/2012 1:08:29 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 13806

Error - 8/5/2012 1:08:29 AM | Computer Name = Brandon-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 13806

Error - 8/5/2012 11:18:02 AM | Computer Name = Brandon-PC | Source = Windows Search Service | ID = 3013

Description =

[ Media Center Events ]

Error - 10/11/2009 11:42:13 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/16/2010 3:04:50 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 9/16/2010 3:26:53 AM | Computer Name = Brandon-PC | Source = HTTP | ID = 15016

Description =

Error - 9/16/2010 3:28:54 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 9/16/2010 3:28:54 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 9/16/2010 3:29:17 AM | Computer Name = Brandon-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description =

Error - 9/16/2010 6:59:40 AM | Computer Name = Brandon-PC | Source = volsnap | ID = 393251

Description = The shadow copies of volume C: were aborted because the shadow copy

storage failed to grow.

Error - 9/21/2010 8:33:31 PM | Computer Name = Brandon-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:37:21 AM on 9/16/2010 was unexpected.

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-3268160211-647110919-3188366877-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=PD
    [2012/08/04 21:32:56 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@
    [2012/08/04 21:32:47 | 000,092,672 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@
    [2012/08/04 10:11:07 | 000,000,673 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L\00000004.@
    [2012/08/03 16:06:35 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000064.@
    [2012/08/03 16:06:01 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@
    [2012/01/11 13:30:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@
    [2012/01/11 13:30:12 | 000,002,048 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@
    [2012/01/09 00:16:16 | 000,011,520 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\488o5v2e4050
    [2012/01/09 00:16:16 | 000,011,520 | -HS- | C] () -- C:\ProgramData\488o5v2e4050
    [2011/04/05 21:25:59 | 000,011,348 | -HS- | C] () -- C:\Users\Brandon\AppData\Local\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna
    [2011/04/05 21:25:59 | 000,011,348 | -HS- | C] () -- C:\ProgramData\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna
    [2011/04/05 20:30:43 | 000,000,020 | ---- | C] () -- C:\ProgramData\48f9f634
    [2011/04/05 17:49:15 | 000,001,185 | ---- | C] () -- C:\ProgramData\1745062479
    [2011/04/05 17:49:01 | 000,000,144 | -HS- | C] () -- C:\ProgramData\1210687843
    [2012/08/03 18:03:32 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\FrostWire
    [2012/07/29 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\LimeWire

    :files
    C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}
    C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Here is the log you asked for:

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-3268160211-647110919-3188366877-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF739809-1C6C-47C0-85B9-569DBB141420}\ not found.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\00000008.@ moved successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000032.@ moved successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L\00000004.@ moved successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000064.@ moved successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U\80000000.@ moved successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@ moved successfully.

C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\@ moved successfully.

C:\Users\Brandon\AppData\Local\488o5v2e4050 moved successfully.

C:\ProgramData\488o5v2e4050 moved successfully.

C:\Users\Brandon\AppData\Local\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna moved successfully.

C:\ProgramData\gu5xia0g22np28wlt72rb0t5l8t4a8tira5n6fwk2fyvna moved successfully.

C:\ProgramData\48f9f634 moved successfully.

C:\ProgramData\1745062479 moved successfully.

C:\ProgramData\1210687843 moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\xml\data folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\xml folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\themes folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\overlays folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5128 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com\5047 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm6.static.flickr.com folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4147 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4089 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4084 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4055 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4047 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com\4028 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm5.static.flickr.com folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1218 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com\1207 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache\farm2.static.flickr.com folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\image_cache folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\net folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus\active folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\azureus folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.

C:\Users\Brandon\AppData\Roaming\FrostWire folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\xml\data folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\xml folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\promotion folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\updates\0 folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\updates folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\OfflineCache folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\extensions folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile\Cache folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\mozilla-profile folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\certificate folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\html folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\res folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\plugins folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\modules folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\greprefs folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\defaults folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\components folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner\chrome folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser\xulrunner folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\browser folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire\.AppSpecialShare folder moved successfully.

C:\Users\Brandon\AppData\Roaming\LimeWire folder moved successfully.

========== FILES ==========

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U folder moved successfully.

C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{695283d7-3299-f0eb-65f2-3e18cdd08f4d} scheduled to be moved on reboot.

C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\U folder moved successfully.

C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d}\L folder moved successfully.

C:\Users\Brandon\AppData\Local\{695283d7-3299-f0eb-65f2-3e18cdd08f4d} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

c:\Users\Brandon\Downloads\cmd.bat deleted successfully.

c:\Users\Brandon\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Brandon

->Temp folder emptied: 73306039 bytes

->Temporary Internet Files folder emptied: 69812891 bytes

->Java cache emptied: 94258925 bytes

->FireFox cache emptied: 194735526 bytes

->Flash cache emptied: 538484 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 378861557 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782663 bytes

RecycleBin emptied: 107156 bytes

Total Files Cleaned = 808.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_215159

Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *services.exe*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 12:38 on 06/08/2012 by Brandon

Administrator - Elevation successful

========== filefind ==========

Searching for "*services.exe*"

C:\Windows\ERDNT\cache64\services.exe --a---- 384512 bytes [04:09 18/08/2011] [04:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [23:32 18/08/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\SoftwareDistribution\Download\d15e0adcf011f7a00bde2023e8b74a00\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [23:31 18/08/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\System32\services.exe --a---- 384512 bytes [16:02 10/08/2011] [04:10 11/04/2009] BC81150939BD52DBC7A08C245F1FB229

C:\Windows\System32\en-US\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695

C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [16:02 10/08/2011] [03:28 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\SysWOW64\en-US\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C

C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23\services.exe.mui --a---- 17408 bytes [15:13 02/11/2006] [15:13 02/11/2006] F514B57C09E143F1E14415A9E9ADD695

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [16:02 10/08/2011] [04:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c3e5209ee1678e23_services.exe.mui_86ea5e71 --a---- 17408 bytes [15:15 02/11/2006] [15:14 02/11/2006] F514B57C09E143F1E14415A9E9ADD695

C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c_services.exe_abfc33da --a---- 384512 bytes [16:38 10/08/2011] [16:23 10/08/2011] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\Backup\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced_services.exe.mui_86ea5e71 --a---- 17920 bytes [15:15 02/11/2006] [15:14 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C

C:\Windows\winsxs\Backup\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56_services.exe_abfc33da --a---- 279552 bytes [16:37 10/08/2011] [16:22 10/08/2011] D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui --a---- 17920 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1626EACF0E7E59F85C59DDDD27C4169C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [16:02 10/08/2011] [03:28 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | C:\Windows\System32\services.exe

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Here is that log:

ComboFix 12-08-05.02 - Brandon 08/07/2012 11:17:48.4.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2627 [GMT -4:00]

Running from: c:\users\Brandon\Desktop\ComboFix.exe

Command switches used :: c:\users\Brandon\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --> c:\windows\System32\services.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))

.

.

2012-08-07 15:30 . 2012-08-07 15:30 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-08-07 15:30 . 2012-08-07 15:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-06 01:51 . 2012-08-06 01:51 -------- d-----w- C:\_OTL

2012-08-04 01:42 . 2012-08-04 01:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-04 00:52 . 2012-08-04 00:52 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-03 22:16 . 2012-08-04 01:19 -------- d-----w- c:\users\Brandon\AppData\Local\NPE

2012-08-03 20:13 . 2012-08-03 20:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-13 19:23 . 2012-07-13 19:23 -------- dc----w- c:\windows\system32\DRVSTORE

2012-07-13 19:23 . 2009-05-18 17:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-07-13 19:23 . 2008-04-17 16:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-07-13 19:23 . 2008-04-17 16:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-07-13 19:21 . 2012-07-13 19:21 -------- d-----w- c:\program files\iPod

2012-07-13 19:21 . 2012-07-13 19:22 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-07-13 19:21 . 2012-07-13 19:22 -------- d-----w- c:\program files\iTunes

2012-07-13 19:19 . 2012-07-13 19:19 -------- d-----w- c:\program files (x86)\Apple Software Update

2012-07-13 19:15 . 2012-07-13 19:15 -------- d-----w- c:\program files\Common Files\Apple

2012-07-13 19:14 . 2012-07-13 19:14 -------- d-----w- c:\program files\Bonjour

2012-07-13 19:14 . 2012-07-13 19:14 -------- d-----w- c:\program files (x86)\Bonjour

2012-07-12 02:32 . 2012-08-03 20:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-11 07:03 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 04:19 . 2012-07-11 04:19 -------- d-----w- c:\users\Brandon\AppData\Roaming\YourFileDownloader

2012-07-11 01:54 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 01:54 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 01:54 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 01:54 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 01:54 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 01:54 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 01:54 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 01:54 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 01:54 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 01:54 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-11 01:54 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-11 01:54 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-11 01:53 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-07 15:35 . 2009-01-03 12:24 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-08-03 20:40 . 2012-07-06 18:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2011-08-08 19:48 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:19 . 2012-06-27 18:49 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-27 18:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-27 18:50 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-27 18:50 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-27 18:49 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-27 18:49 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-27 18:49 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-27 18:50 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-27 18:49 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-27 18:49 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 19:19 . 2012-06-27 18:49 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:19 . 2012-06-27 18:49 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 19:15 . 2012-06-27 18:49 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 19:12 . 2012-06-27 18:49 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-08-06_12.45.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:23 . 2012-08-07 15:36 69912 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:45 . 2012-08-07 15:36 93550 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-01-03 12:26 . 2012-08-07 15:36 20164 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3268160211-647110919-3188366877-1000_UserData.bin

- 2009-01-03 12:23 . 2012-08-06 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-01-03 12:23 . 2012-08-06 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-08-06 02:05 . 2012-08-06 12:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-08-06 02:05 . 2012-08-06 12:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-01-03 12:23 . 2012-08-06 12:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-01-03 12:23 . 2012-08-06 12:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-08-07 15:32 . 2012-08-07 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-06 12:42 . 2012-08-06 12:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-07 15:32 . 2012-08-07 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-06 12:42 . 2012-08-06 12:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-01-03 01:47 . 2012-08-07 15:04 361316 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin

- 2011-08-11 20:18 . 2012-08-06 12:41 411664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-11 20:18 . 2012-08-07 15:30 411664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-11 20:18 . 2012-08-07 15:07 1178458 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3268160211-647110919-3188366877-1000-8192.dat

- 2011-08-11 20:18 . 2012-08-06 12:41 1178458 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3268160211-647110919-3188366877-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]

"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2008-07-15 7651328]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-04-01 273544]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="D:\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

IME File REG_SZ IMSC12.IME

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 20:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6342688]

"Skytel"="Skytel.exe" [2007-11-20 1826816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://oc-startpage.aol.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\g6jhj5ri.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-opencandy-chromesbox-en-us&tb_uuid=20110910223317895&tb_oid=11-09-2011&tb_mrud=11-09-2011

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

.

**************************************************************************

.

Completion time: 2012-08-07 11:45:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-07 15:45

ComboFix2.txt 2012-08-06 12:55

ComboFix3.txt 2011-08-18 04:38

ComboFix4.txt 2011-08-18 04:11

.

Pre-Run: 769,961,984 bytes free

Post-Run: 1,867,309,056 bytes free

.

- - End Of File - - C4F69DF4B41BC1CC953E70E019792DC8

Link to post
Share on other sites

Very good! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.