Jump to content

Desktop icons missing after FBI warning malware infected computer


Recommended Posts

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please see below to give Unhide.exe by grinler a shot:

http://www.bleepingcomputer.com/forums/topic405109.html

=====

Also, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply please provide the contents of ComboFix.txt and let me know if your icons are still hidden. How is the computer running?

Link to post
Share on other sites

Computer is running fine but still no desktop icons after running combofix and unhide

.

.

---- Previous Run -------

.

c:\programdata\376471n7h240o515g153v6qxo4j0

c:\programdata\dsgsdgdsgdsgw.pad

c:\users\Lowery\AppData\Local\assembly\tmp

c:\users\Lowery\AppData\Local\temp\7zS2099\HPSLPSVC32.DLL

c:\users\Lowery\AppData\Roaming\Roaming

c:\users\Lowery\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#araschel.com\settings.sol

c:\users\Lowery\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

c:\windows\$NtUninstallKB16366$

.

-- Previous Run --

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

.

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

.

Infected copy of c:\windows\System32\slui.exe was found and disinfected

Restored copy from - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe

.

--------

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_HPSLPSVC

.

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

.

2012-11-19 13:06 . 2012-11-19 13:06 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-19 13:06 . 2012-11-19 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-19 09:21 . 2012-11-19 13:06 -------- d-----w- c:\users\Lowery\AppData\Local\temp

2012-11-16 01:26 . 2012-11-16 01:55 -------- d-----w- c:\program files\GridinSoft Trojan Killer

2012-11-12 01:53 . 2012-11-12 16:11 -------- d-----w- c:\users\Lowery\AppData\Roaming\Skype

2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----w- c:\program files\Common Files\Skype

2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----r- c:\program files\Skype

2012-11-12 01:42 . 2012-11-12 01:53 -------- d-----w- c:\programdata\Skype

2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\CrashRpt

2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\Arktos

2012-11-01 18:52 . 2012-11-01 18:52 -------- d-----w- c:\windows\msdownld.tmp

2012-10-26 06:02 . 2012-07-16 19:49 4320184 ----a-w- c:\windows\system32\GameMon.des

2012-10-26 06:02 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2012-10-26 06:02 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd

2012-10-26 06:02 . 2012-10-26 06:02 -------- d-----w- c:\program files\Common Files\INCA Shared

2012-10-26 05:33 . 2012-10-26 05:33 -------- d-----w- c:\program files\Gpotato

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 18:47 . 2012-04-26 15:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-16 18:47 . 2011-06-25 17:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2010-03-16 17:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-02 16:04 . 2012-09-02 16:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-02 16:04 . 2012-07-14 06:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-02 16:04 . 2010-10-05 17:36 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-27 03:43 . 2012-10-27 03:43 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-10-11 . BE8C64439F1E2AF088063218C16EB9FE . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe

[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe

[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe

[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe

[7] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe

[7] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe

[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe

[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe

[-] 2010-12-20 . 6BB5D70720DB62A363404836140C97E6 . 3958792 . . [6.1.7600.20738] . . c:\windows\System32\ntkrnlpa.exe

[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe

[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe

[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe

[7] 2010-06-19 . 2A37766F5121E98271ECD811A60D9420 . 3964800 . . [6.1.7600.20738] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe

[7] 2010-06-19 . 05288B088C0DFAC60D6BCF878FC32B60 . 3955080 . . [6.1.7600.16617] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe

[7] 2010-02-27 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe

[7] 2010-02-27 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe

[7] 2009-12-08 . 9961859237C15878493ADE2119991614 . 3954776 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe

[7] 2009-12-08 . 92345529A07F31547D73FF6E32E1AFE9 . 3955288 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe

[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080]

"Akamai NetSession Interface"="c:\users\Lowery\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [bU]

"NCsoft"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IMVU.lnk - c:\users\Lowery\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-2 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\DRIVERS\gtkdrv.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

Akamai REG_MULTI_SZ Akamai

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001Core.job

- c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31]

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001UA.job

- c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

mStart Page = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q=

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476&q=

FF - user.js: extensions.funmoods.id - 90E6BA882040A55A

FF - user.js: extensions.funmoods.instlDay - 15660

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:57

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - nv1

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - nv1

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\SecuROM\License information*]

"datasecu"=hex:6f,26,bc,ac,17,b0,01,b4,29,14,ae,2e,a8,90,4d,f9,4f,36,a7,45,ac,

9b,fb,0b,11,ee,77,54,8c,45,fc,00,95,67,bb,56,c2,ad,f0,02,98,f5,1b,3c,7b,5c,\

"rkeysecu"=hex:01,31,14,42,a9,53,a4,f3,b0,2c,8f,11,fa,a2,73,d1

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-19 08:09:52

ComboFix-quarantined-files.txt 2012-11-19 13:09

ComboFix2.txt 2011-12-12 06:31

.

Pre-Run: 13,632,139,264 bytes free

Post-Run: 13,692,841,984 bytes free

.

- - End Of File - - 692A5BFE4B838AEF513418CDB90F7A1D

Link to post
Share on other sites

Good morning ohkeykey,

I notice that you have run ComboFix before. While it seems to have done a good job for you, please be aware it is a very powerful tool and without the supervision of a helper, such as myself, you can cause damage to your system. Please keep this in mind.

=====

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following program:

  • GridinSoft Trojan Killer

Please restart your computer after this program removal.

=====

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    DDS::
    uStart Page = hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    Driver::
    GridinSoft Trojan Killer Driver
    File::
    c:\windows\system32\DRIVERS\gtkdrv.sys
    Firefox::
    FF - ProfilePath - c:\users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476&q=
    FF - user.js: extensions.funmoods.id - 90E6BA882040A55A
    FF - user.js: extensions.funmoods.instlDay - 15660
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2213:57
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - nv1
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef - nv1
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    Folder::
    c:\program files\GridinSoft Trojan Killer
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

=====

Then, please go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time.

c:\windows\System32\user32.dll

Then click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.

Note: If a message appears saying the file has already been analysed, please resend the file.

=====

Finally, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

=====

Please post the contents of the following when you reply:

  • ComboFix.txt.
  • Results from VirusTotal.
  • OTL.txt.
  • Extras.txt.

Link to post
Share on other sites

I ran combofix before and it went crazy once it rebooted into windows so i reran it to get the txt file but here is the new txt will post others when complete

FILE ::

"c:\windows\system32\DRIVERS\gtkdrv.sys"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\GridinSoft Trojan Killer

c:\program files\GridinSoft Trojan Killer\logs\scan-2012-11-15 [20-55-00].log

c:\program files\GridinSoft Trojan Killer\logs\scan-2012-11-16 [00-41-25].log

c:\program files\GridinSoft Trojan Killer\vs.c

.

.

((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))))

.

.

2012-11-19 22:43 . 2012-11-19 22:46 -------- d-----w- c:\users\Lowery\AppData\Local\temp

2012-11-19 22:43 . 2012-11-19 22:43 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-11-19 22:43 . 2012-11-19 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-12 01:53 . 2012-11-12 16:11 -------- d-----w- c:\users\Lowery\AppData\Roaming\Skype

2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----w- c:\program files\Common Files\Skype

2012-11-12 01:53 . 2012-11-12 01:53 -------- d-----r- c:\program files\Skype

2012-11-12 01:42 . 2012-11-12 01:53 -------- d-----w- c:\programdata\Skype

2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\CrashRpt

2012-11-01 20:15 . 2012-11-01 20:15 -------- d-----w- c:\users\Lowery\AppData\Local\Arktos

2012-11-01 18:52 . 2012-11-01 18:52 -------- d-----w- c:\windows\msdownld.tmp

2012-10-26 06:02 . 2012-07-16 19:49 4320184 ----a-w- c:\windows\system32\GameMon.des

2012-10-26 06:02 . 2004-12-31 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2012-10-26 06:02 . 2003-07-17 00:17 5174 ----a-w- c:\windows\system32\nppt9x.vxd

2012-10-26 06:02 . 2012-10-26 06:02 -------- d-----w- c:\program files\Common Files\INCA Shared

2012-10-26 05:33 . 2012-10-26 05:33 -------- d-----w- c:\program files\Gpotato

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-16 18:47 . 2012-04-26 15:20 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-16 18:47 . 2011-06-25 17:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-30 00:54 . 2010-03-16 17:22 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-02 16:04 . 2012-09-02 16:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-09-02 16:04 . 2012-07-14 06:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-02 16:04 . 2010-10-05 17:36 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-10-27 03:43 . 2012-10-27 03:43 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

.

[7] 2011-06-23 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe

[7] 2011-06-23 . 1F969255E068D451BAC2D4FB0BD8C9C3 . 3957120 . . [6.1.7600.16841] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16841_none_6c2dffca1559c47c\ntkrnlpa.exe

[7] 2011-06-23 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe

[7] 2011-06-23 . 11486D4317D57C6F5E4DC902EF75D811 . 3967872 . . [6.1.7600.20994] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20994_none_6c848dd72e9d3c00\ntkrnlpa.exe

[7] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe

[7] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe

[7] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe

[7] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe

[-] 2010-12-20 . 6BB5D70720DB62A363404836140C97E6 . 3958792 . . [6.1.7600.20738] . . c:\windows\System32\ntkrnlpa.exe

[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe

[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe

[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe

[7] 2010-06-19 . 2A37766F5121E98271ECD811A60D9420 . 3964800 . . [6.1.7600.20738] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20738_none_6cc96abb2e68ff68\ntkrnlpa.exe

[7] 2010-06-19 . 05288B088C0DFAC60D6BCF878FC32B60 . 3955080 . . [6.1.7600.16617] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16617_none_6c546d7e153c0e65\ntkrnlpa.exe

[7] 2010-02-27 . 20926A3F64BFFCD92BAA5ECE9D65CC4A . 3954568 . . [6.1.7600.16539] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16539_none_6c40cc54154a7bce\ntkrnlpa.exe

[7] 2010-02-27 . FC781D4359B553D62CBAD9F658E68784 . 3954568 . . [6.1.7600.20655] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20655_none_6cb0c81f2e7bee1e\ntkrnlpa.exe

[7] 2009-12-08 . 9961859237C15878493ADE2119991614 . 3954776 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe

[7] 2009-12-08 . 92345529A07F31547D73FF6E32E1AFE9 . 3955288 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe

[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

"Steam"="c:\program files\Steam\steam.exe" [2012-08-09 1353080]

"Akamai NetSession Interface"="c:\users\Lowery\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]

"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [bU]

"NCsoft"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-26 98304]

"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

IMVU.lnk - c:\users\Lowery\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe [N/A]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-4-2 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

Akamai REG_MULTI_SZ Akamai

HPService REG_MULTI_SZ HPSLPSVC

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001Core.job

- c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31]

.

2012-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001UA.job

- c:\users\Lowery\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 23:31]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: keyword.URL - hxxp://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q=

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\SecuROM\License information*]

"datasecu"=hex:6f,26,bc,ac,17,b0,01,b4,29,14,ae,2e,a8,90,4d,f9,4f,36,a7,45,ac,

9b,fb,0b,11,ee,77,54,8c,45,fc,00,95,67,bb,56,c2,ad,f0,02,98,f5,1b,3c,7b,5c,\

"rkeysecu"=hex:01,31,14,42,a9,53,a4,f3,b0,2c,8f,11,fa,a2,73,d1

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(4596)

c:\program files\Logitech\SetPoint\GameHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\atieclxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ASUS\EPU-4 Engine\FourEngine.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\conhost.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2012-11-19 17:51:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-11-19 22:51

ComboFix2.txt 2012-11-19 13:09

ComboFix3.txt 2011-12-12 06:31

.

Pre-Run: 13,540,249,600 bytes free

Post-Run: 13,233,045,504 bytes free

.

- - End Of File - - 6FAFACCB5B288D20E856029010EE1CBC

Link to post
Share on other sites

OTL logfile created on: 11/19/2012 6:08:23 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lowery\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.66% Memory free

6.50 Gb Paging File | 5.42 Gb Available in Paging File | 83.39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 12.40 Gb Free Space | 8.32% Space Free | Partition Type: NTFS

Computer Name: LOWERY-PC | User Name: Lowery | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/18 14:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lowery\Desktop\OTL.exe

PRC - [2012/04/05 21:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010/11/20 07:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2009/11/08 22:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2009/07/20 11:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2009/07/10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\logishrd\KHAL2\KHALMNPR.exe

PRC - [2009/06/24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

PRC - [2009/04/23 08:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 02:09:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll

MOD - [2011/10/13 02:09:24 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll

MOD - [2011/10/13 02:09:22 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll

MOD - [2011/10/13 02:09:15 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll

MOD - [2011/10/13 02:09:06 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll

MOD - [2011/10/13 02:09:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll

MOD - [2011/10/13 02:08:57 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll

MOD - [2011/10/13 02:08:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll

MOD - [2010/08/25 20:44:50 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

MOD - [2010/08/04 14:58:06 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/07/20 11:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll

MOD - [2009/06/24 22:24:08 | 005,782,528 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe

MOD - [2009/01/15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files\ASUS\EPU-4 Engine\pngio.dll

MOD - [2006/01/11 03:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2012/11/12 13:49:31 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)

SRV - [2012/10/30 20:47:50 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/10/26 22:43:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/10/19 16:33:26 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/07/19 17:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2012/07/16 14:49:00 | 004,320,184 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011/06/30 12:21:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2009/07/20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lowery\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lowery\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (at8tlny6)

DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/04/05 20:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)

DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)

DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/09/22 20:00:08 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)

DRV - [2010/04/19 19:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)

DRV - [2010/03/22 23:41:52 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/01/28 09:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/09/16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t)

DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 17:02:46 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)

DRV - [2009/06/17 11:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2009/05/14 06:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2007/12/18 04:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)

DRV - [2007/07/23 07:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)

DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/05/11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2007/03/20 09:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)

DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 F7 C1 DA 32 31 CB 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.wicso.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=Mgqtfy4D

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E848420E-EAC2-46A8-8674-DBCCF75C7A84}&mid=2206a4dda50b87e99ad4a4283328ad45-5ac3f4afcfe108cc00c385ed593742b11a97b054〈=en&ds=AVG&pr=fr&d=2012-11-19 07:40:16&v=9.0.0.21&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

IE - HKCU\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Funmoods"

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"

FF - prefs.js..extensions.enabledAddons: siauenfbuf@siauenfbuf.org:2.5

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://www.wicso.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=Mgqtfy4D&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lowery\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lowery\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lowery\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lowery\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/26 22:43:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/26 22:43:06 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Lowery\AppData\Roaming\Move Networks [2009/12/13 03:13:03 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Windows.old\Program Files\Mozilla Firefox\components

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Windows.old\Program Files\Mozilla Firefox\plugins

[2010/11/17 00:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions

[2010/11/17 00:12:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2010/02/01 00:54:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2010/10/17 19:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2012/11/19 07:42:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions

[2011/04/05 17:20:20 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}

[2009/07/13 18:11:12 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\extensions\siauenfbuf@siauenfbuf.org.xpi

[2012/11/16 13:57:54 | 000,002,333 | ---- | M] () -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\Funmoods.xml

[2011/03/02 17:43:04 | 000,002,197 | ---- | M] () -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\google-search.xml

[2012/10/26 22:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/10/26 22:43:08 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/11/19 07:40:14 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old

[2011/03/02 17:43:04 | 000,002,197 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml

[2012/10/21 00:46:39 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Lowery\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Lowery\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Lowery\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: New Tab = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\

CHR - Extension: Google Search = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: 90`s Games = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom\1.2_0\

CHR - Extension: Gmail = C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/19 17:45:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Lowery\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

O4 - HKCU..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden File not found

O4 - HKCU..\Run: [NCsoft] File not found

O4 - HKCU..\Run: [steam] C:\Program Files\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F9C4020-40D2-4041-92A6-805D8B60E7B5}: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F573110-44AC-4FC2-96B6-D8D93ADE9A6A}: DhcpNameServer = 172.16.145.103 172.16.145.103 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B251094F-5FAB-4C1D-8223-EB6CDF9B3472}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E99108F0-FE1C-4DB1-BE0B-DFB0DF8AE1C2}: DhcpNameServer = 7.254.254.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 17:45:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/11/19 17:43:36 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/11/19 17:43:36 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\temp

[2012/11/18 14:23:13 | 000,000,000 | ---D | C] -- C:\Users\Lowery\Desktop\RK_Quarantine

[2012/11/18 14:22:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lowery\Desktop\OTL.exe

[2012/11/12 02:40:50 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{8A6A2C67-5277-4E59-8DE8-4CD34896E2DD}

[2012/11/11 20:53:29 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Roaming\Skype

[2012/11/11 20:53:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/11/11 20:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/11/11 20:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/11/11 20:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2012/11/11 02:39:23 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{56607965-79DF-4A94-99D8-EF0B8EC39620}

[2012/11/09 00:19:54 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{549FEC34-8952-4940-9355-AB3DE2D5919F}

[2012/11/06 02:22:08 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{92A35089-EFEF-4B35-93EA-5813A6210830}

[2012/11/05 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{8C95F0D7-7F92-474E-A9D8-2FF6B5C199E3}

[2012/11/05 02:21:50 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{66891C8B-E204-42FF-BA78-26B3D2681447}

[2012/11/04 14:21:33 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{430DF312-F44E-47FE-99AD-88080DBC7DA3}

[2012/11/04 02:21:18 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{10A5A10C-8524-47D8-8B90-80998B75B577}

[2012/11/03 12:28:26 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{FCC73117-A229-49CD-937E-5C59F8168C82}

[2012/11/02 23:08:25 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{CB7D7C20-5D65-4DF8-8854-762970D84D40}

[2012/11/01 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\CrashRpt

[2012/11/01 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Lowery\Documents\Arktos

[2012/11/01 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\Arktos

[2012/11/01 13:53:08 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{663C8873-5D17-4B59-9D8B-77D932A32BA2}

[2012/11/01 13:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The War Z

[2012/11/01 13:51:45 | 000,000,000 | ---D | C] -- C:\Users\Lowery\Documents\The War Z

[2012/10/31 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{597342EE-F076-4365-A050-D8EFA06F4405}

[2012/10/30 16:42:59 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{48B2ADD9-6593-4A0B-9747-B6F7AA133097}

[2012/10/29 13:35:55 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{7ADB9FB8-AA3B-449D-AF87-96D8DC1FF67A}

[2012/10/29 01:35:53 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{DC1E02A3-E48F-4EF1-B393-C412F1836CC5}

[2012/10/28 13:35:37 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{CAC49E6F-7A9F-44DD-A86A-9184D06794F8}

[2012/10/28 00:05:41 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{F4A3F567-23F0-4384-AC6C-0359B9A0FD9E}

[2012/10/26 22:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/10/26 02:38:50 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{4A72CB05-C02F-4FDC-94CC-5D06B970288A}

[2012/10/26 01:02:59 | 004,320,184 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des

[2012/10/26 01:02:35 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\System32\npptNT2.sys

[2012/10/26 01:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[2012/10/26 00:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flyff

[2012/10/26 00:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Gpotato

[2012/10/25 14:38:35 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{3ADAE677-7116-4B91-8AC9-2D32E6899B78}

[2012/10/24 21:46:13 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{A6FAD8FE-BFB0-4990-B455-B1754C45D4E6}

[2012/10/24 02:06:34 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{281527B9-8312-4FAF-A2F7-A962626B54EF}

[2012/10/23 13:17:59 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{76F6AF53-0A38-4027-A7CB-330F630463EB}

[2012/10/23 00:28:28 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{D8BFB7DA-7D2B-412C-B585-D4D85C3EFF11}

[2012/10/22 12:28:13 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{636233B5-FED9-4906-8CA0-25ACBFDDBD8C}

[2012/10/22 02:13:11 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Illutia

[2012/10/22 00:27:55 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{28696F1C-0DDA-4D85-AD67-B75C01A69799}

[2012/10/21 12:27:39 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{9495B3AD-A624-4879-BD07-E69EF2E3CA73}

[2012/10/21 00:24:45 | 000,000,000 | ---D | C] -- C:\Users\Lowery\AppData\Local\{753BF0D9-FBF8-4102-A8D5-458230C07ED3}

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/19 17:47:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001UA.job

[2012/11/19 17:46:38 | 000,005,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 17:46:38 | 000,005,872 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/19 17:45:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/11/19 17:45:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/19 17:45:07 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys

[2012/11/19 03:47:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2095337689-4243461785-3996528731-1001Core.job

[2012/11/19 00:43:40 | 000,705,266 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2012/11/19 00:43:40 | 000,704,290 | ---- | M] () -- C:\Windows\System32\perfh00A.dat

[2012/11/19 00:43:40 | 000,702,028 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2012/11/19 00:43:40 | 000,699,944 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2012/11/19 00:43:40 | 000,686,794 | ---- | M] () -- C:\Windows\System32\perfh019.dat

[2012/11/19 00:43:40 | 000,654,672 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012/11/19 00:43:40 | 000,628,404 | ---- | M] () -- C:\Windows\System32\perfh01D.dat

[2012/11/19 00:43:40 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/19 00:43:40 | 000,473,008 | ---- | M] () -- C:\Windows\System32\perfh006.dat

[2012/11/19 00:43:40 | 000,459,422 | ---- | M] () -- C:\Windows\System32\perfh014.dat

[2012/11/19 00:43:40 | 000,444,224 | ---- | M] () -- C:\Windows\System32\perfh00B.dat

[2012/11/19 00:43:40 | 000,137,834 | ---- | M] () -- C:\Windows\System32\perfc00A.dat

[2012/11/19 00:43:40 | 000,133,712 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2012/11/19 00:43:40 | 000,133,288 | ---- | M] () -- C:\Windows\System32\perfc019.dat

[2012/11/19 00:43:40 | 000,130,912 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2012/11/19 00:43:40 | 000,130,312 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012/11/19 00:43:40 | 000,127,916 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2012/11/19 00:43:40 | 000,124,512 | ---- | M] () -- C:\Windows\System32\perfc01D.dat

[2012/11/19 00:43:40 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/19 00:43:40 | 000,082,920 | ---- | M] () -- C:\Windows\System32\perfc00B.dat

[2012/11/19 00:43:40 | 000,080,576 | ---- | M] () -- C:\Windows\System32\perfc006.dat

[2012/11/19 00:43:40 | 000,077,868 | ---- | M] () -- C:\Windows\System32\perfc014.dat

[2012/11/18 14:22:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lowery\Desktop\OTL.exe

[2012/11/16 13:57:31 | 000,290,500 | ---- | M] () -- C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx

[2012/11/15 18:25:32 | 000,001,244 | ---- | M] () -- C:\Users\Lowery\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/11/15 18:25:32 | 000,001,220 | ---- | M] () -- C:\Users\Lowery\Desktop\Spybot - Search & Destroy.lnk

[2012/11/15 12:53:59 | 000,610,157 | ---- | M] () -- C:\Users\Lowery\Documents\111512.jpg

[2012/11/15 12:53:50 | 000,610,157 | ---- | M] () -- C:\Users\Lowery\Desktop\111512.jpg

[2012/11/13 22:34:53 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/11 20:53:20 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/10/28 17:34:39 | 000,001,835 | ---- | M] () -- C:\Users\Lowery\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk

[2012/10/28 17:34:38 | 000,001,835 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk

[2012/10/27 19:49:29 | 000,002,031 | ---- | M] () -- C:\Users\Lowery\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/10/26 13:52:10 | 000,769,207 | ---- | M] () -- C:\Users\Lowery\Desktop\MDLetterDillon2012 001-3.jpg

[2012/10/26 11:57:02 | 000,002,645 | ---- | M] () -- C:\Users\Lowery\Desktop\Microsoft Office PowerPoint 2007.lnk

[2012/10/26 11:55:25 | 000,174,866 | ---- | M] () -- C:\Users\Lowery\Desktop\Appeal Form 20120510.pdf

[2012/10/25 11:14:28 | 000,057,867 | ---- | M] () -- C:\Users\Lowery\Desktop\censoredk.jpg

[2012/10/25 11:04:06 | 000,042,345 | ---- | M] () -- C:\Users\Lowery\Desktop\hookers.jpg

[2012/10/25 10:51:16 | 000,053,213 | ---- | M] () -- C:\Users\Lowery\Desktop\winston.png

[2012/10/22 02:13:12 | 000,001,852 | ---- | M] () -- C:\Users\Lowery\Desktop\Illutia.lnk

[2012/10/22 01:29:46 | 000,000,040 | ---- | M] () -- C:\Users\Lowery\jagex_cl_runescape_LIVE.dat

[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/16 13:57:51 | 000,290,500 | ---- | C] () -- C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx

[2012/11/15 12:53:58 | 000,610,157 | ---- | C] () -- C:\Users\Lowery\Documents\111512.jpg

[2012/11/15 12:53:50 | 000,610,157 | ---- | C] () -- C:\Users\Lowery\Desktop\111512.jpg

[2012/11/11 20:53:20 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/10/26 13:43:50 | 000,769,207 | ---- | C] () -- C:\Users\Lowery\Desktop\MDLetterDillon2012 001-3.jpg

[2012/10/26 11:57:02 | 000,002,645 | ---- | C] () -- C:\Users\Lowery\Desktop\Microsoft Office PowerPoint 2007.lnk

[2012/10/26 11:55:25 | 000,174,866 | ---- | C] () -- C:\Users\Lowery\Desktop\Appeal Form 20120510.pdf

[2012/10/26 01:02:34 | 000,005,174 | ---- | C] () -- C:\Windows\System32\nppt9x.vxd

[2012/10/25 11:14:28 | 000,057,867 | ---- | C] () -- C:\Users\Lowery\Desktop\censoredk.jpg

[2012/10/25 11:04:05 | 000,042,345 | ---- | C] () -- C:\Users\Lowery\Desktop\hookers.jpg

[2012/10/25 10:51:15 | 000,053,213 | ---- | C] () -- C:\Users\Lowery\Desktop\winston.png

[2012/10/22 02:13:12 | 000,001,852 | ---- | C] () -- C:\Users\Lowery\Desktop\Illutia.lnk

[2012/09/21 00:43:11 | 000,000,097 | ---- | C] () -- C:\Windows\System32\Userdata.ini

[2012/09/14 14:34:45 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat.temp

[2012/09/14 14:25:08 | 000,141,077 | ---- | C] () -- C:\Windows\hpwins27.dat

[2012/09/14 14:25:08 | 000,000,385 | ---- | C] () -- C:\Windows\hpwmdl27.dat

[2012/07/31 02:10:08 | 000,000,046 | ---- | C] () -- C:\Users\Lowery\jagex_cl_runescape_LIVE1.dat

[2012/05/08 19:05:35 | 000,068,571 | ---- | C] () -- C:\Users\Lowery\AppData\Roaming\Main

[2012/04/05 20:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat

[2012/04/05 20:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat

[2012/03/17 14:01:00 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll

[2012/03/17 14:01:00 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll

[2012/03/17 14:01:00 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll

[2012/03/17 13:57:08 | 000,037,378 | ---- | C] () -- C:\Windows\DIIUnin.dat

[2012/03/01 16:17:03 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2011/12/11 15:41:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/12/11 15:41:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/12/11 15:41:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/12/11 15:41:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/12/11 15:41:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/12/10 21:09:20 | 000,001,502 | -HS- | C] () -- C:\Users\Lowery\AppData\Local\376471n7h240o515g153v6qxo4j0

[2011/10/28 16:25:34 | 000,000,040 | ---- | C] () -- C:\Users\Lowery\jagex_cl_runescape_LIVE.dat

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2011/05/23 16:12:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011/05/23 16:11:13 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011/04/20 00:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat

[2011/01/28 18:35:38 | 000,084,323 | ---- | C] () -- C:\Users\Lowery\AppData\Roaming\icarus-dxdiag.xml

[2010/04/06 04:17:10 | 000,000,000 | ---- | C] () -- C:\Users\Lowery\jagex__preferences3.dat

[2009/12/22 11:40:17 | 000,138,056 | ---- | C] () -- C:\Users\Lowery\AppData\Roaming\PnkBstrK.sys

[2009/12/05 23:16:15 | 000,000,129 | ---- | C] () -- C:\Users\Lowery\jagex_runescape_preferences2.dat

[2009/12/05 23:15:10 | 000,000,046 | ---- | C] () -- C:\Users\Lowery\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/04/17 00:37:42 | 000,356,528 | ---- | M] () -- C:\AnalysisLog.sr0

[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2008/07/27 21:27:05 | 012,175,280 | ---- | M] () -- C:\BellSouthIW.re~

[2009/02/17 20:25:46 | 000,002,200 | ---- | M] () -- C:\BnetLog.txt

[2009/12/04 23:59:18 | 000,000,355 | ---- | M] () -- C:\Boot.BAK

[2009/12/05 03:27:48 | 000,000,355 | RHS- | M] () -- C:\Boot.ini.saved

[2010/11/20 07:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr

[2009/12/05 05:46:18 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2012/11/19 17:51:34 | 000,015,021 | ---- | M] () -- C:\ComboFix.txt

[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012/06/06 00:08:19 | 000,001,134 | ---- | M] () -- C:\deltaStartup.log

[2009/12/05 06:10:28 | 000,171,136 | RHS- | M] () -- C:\grldr

[2012/11/19 17:45:07 | 2616,496,128 | -HS- | M] () -- C:\hiberfil.sys

[2008/06/06 16:12:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/09/21 18:53:45 | 000,001,759 | ---- | M] () -- C:\IPH.PH

[2008/06/07 19:12:18 | 000,001,080 | ---- | M] () -- C:\isinstalled.txt

[2009/05/16 21:32:59 | 000,171,136 | RHS- | M] () -- C:\LHLDR

[2007/09/15 10:02:36 | 000,000,107 | ---- | M] () -- C:\main.c

[2008/06/06 16:12:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2012/11/19 17:45:08 | 3488,661,504 | -HS- | M] () -- C:\pagefile.sys

[2009/12/31 06:25:37 | 000,001,855 | ---- | M] () -- C:\RHDSetup.log

[2008/09/02 23:41:54 | 000,000,268 | ---- | M] () -- C:\sqmdata00.sqm

[2008/09/03 23:49:40 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm

[2008/09/05 03:20:58 | 000,000,268 | ---- | M] () -- C:\sqmdata02.sqm

[2008/09/08 23:03:30 | 000,000,280 | ---- | M] () -- C:\sqmdata03.sqm

[2008/09/24 15:01:16 | 000,000,268 | ---- | M] () -- C:\sqmdata04.sqm

[2008/10/10 03:31:50 | 000,000,268 | ---- | M] () -- C:\sqmdata05.sqm

[2008/10/30 02:15:49 | 000,000,268 | ---- | M] () -- C:\sqmdata06.sqm

[2008/11/05 23:26:45 | 000,000,268 | ---- | M] () -- C:\sqmdata07.sqm

[2008/11/06 02:13:13 | 000,000,268 | ---- | M] () -- C:\sqmdata08.sqm

[2008/11/07 23:42:53 | 000,000,268 | ---- | M] () -- C:\sqmdata09.sqm

[2008/11/25 13:52:49 | 000,000,268 | ---- | M] () -- C:\sqmdata10.sqm

[2008/11/30 05:25:50 | 000,000,268 | ---- | M] () -- C:\sqmdata11.sqm

[2008/12/05 04:06:38 | 000,000,268 | ---- | M] () -- C:\sqmdata12.sqm

[2008/12/06 01:46:03 | 000,000,268 | ---- | M] () -- C:\sqmdata13.sqm

[2008/12/10 03:01:43 | 000,000,268 | ---- | M] () -- C:\sqmdata14.sqm

[2008/12/10 04:20:34 | 000,000,268 | ---- | M] () -- C:\sqmdata15.sqm

[2008/12/14 18:32:33 | 000,000,268 | ---- | M] () -- C:\sqmdata16.sqm

[2008/12/16 09:34:43 | 000,000,268 | ---- | M] () -- C:\sqmdata17.sqm

[2008/08/31 00:45:04 | 000,000,268 | ---- | M] () -- C:\sqmdata18.sqm

[2008/09/02 02:46:00 | 000,000,268 | ---- | M] () -- C:\sqmdata19.sqm

[2008/09/02 23:41:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm

[2008/09/03 23:49:40 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm

[2008/09/05 03:20:58 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm

[2008/09/08 23:03:30 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm

[2008/09/24 15:01:16 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm

[2008/10/10 03:31:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm

[2008/10/30 02:15:49 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm

[2008/11/05 23:26:45 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm

[2008/11/06 02:13:13 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm

[2008/11/07 23:42:53 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm

[2008/11/25 13:52:49 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm

[2008/11/30 05:25:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm

[2008/12/05 04:06:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm

[2008/12/06 01:46:03 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm

[2008/12/10 03:01:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm

[2008/12/10 04:20:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm

[2008/12/14 18:32:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm

[2008/12/16 09:34:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm

[2008/08/31 00:45:04 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm

[2008/09/02 02:46:00 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-29 08:00:46

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Documents\Image.jpg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Documents\Image.jpg.jpeg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Documents\111512.jpg:3or4kl4x13tuuug3Byamue2s4b

@Alternate Data Stream - 160 bytes -> C:\Users\Lowery\Desktop\111512.jpg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 11/19/2012 6:08:23 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lowery\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.66% Memory free

6.50 Gb Paging File | 5.42 Gb Available in Paging File | 83.39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.04 Gb Total Space | 12.40 Gb Free Space | 8.32% Space Free | Partition Type: NTFS

Computer Name: LOWERY-PC | User Name: Lowery | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallDisableNotify" = 0

"FirewallOverride" = 0

"FirstRunDisabled" =

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |

"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |

"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |

"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |

"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |

"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |

"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |

"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |

"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |

"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |

"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{3CE20D5E-E59C-4A2C-9B75-F9942DB617CA}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe |

"TCP Query User{8FD89B38-EC00-42FB-B775-6B7FC2418F24}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe |

"UDP Query User{144C8033-FBC3-4F47-8D49-CE2EDAD74658}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe |

"UDP Query User{465D2315-02C4-4AC8-9640-682F7B4E4CEF}C:\users\lowery\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lowery\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1EB2596D-80B0-4D55-AC31-6FCFE757081E}" = HP Officejet 4500 G510a-f

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{250F0B5E-E926-C628-B639-FD1432A850EC}" = ATI AVIVO Codecs

"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java 6 Update 32

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min

"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm

"{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm

"{484EE870-ACAD-4520-88D5-9F465881238E}" = ATI Problem Report Wizard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III

"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III

"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III

"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common

"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{7BEA3C63-101D-4009-8B73-E9CE4A5F8A9C}" = League of Legends

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{88838D48-0421-4F2B-AF81-D08D206DEE4C}_is1" = Flyff

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center

"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007

"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{A126E617-63F0-4E57-BFA4-7190F5845C39}" = Guitar Hero World Tour

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT

"{A6834535-4E7D-C07A-2CAA-E2B73C82EC60}" = AMD Drag and Drop Transcoding

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2

"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha

"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help_Web

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility

"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision

"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EC2F135B-48ED-4682-A90B-54846218C1F3}" = 4500G510af_web

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"8461-7759-5462-8226" = Vuze

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Akamai" = Akamai NetSession Interface Service

"Aleks 3.17" = Aleks 3.17

"Aleks 3.18" = Aleks 3.18

"Borderlands 2_is1" = Borderlands 2

"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI

"Diablo II" = Diablo II

"Diablo III" = Diablo III

"EA Download Manager" = EA Download Manager

"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2

"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III

"Illutia" = Illutia

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft DirectX SDK (August 2009)" = Microsoft DirectX SDK (August 2009)

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PowerISO" = PowerISO

"SMALLBUSINESSR" = Microsoft Office Small Business 2007

"Steam App 41210" = Eufloria

"Steam App 620" = Portal 2

"Tunngle beta_is1" = Tunngle beta

"VLC media player" = VLC media player 1.1.0

"Warcraft III" = Warcraft III

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"World of Warcraft" = World of Warcraft

"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"CodeBlocks" = CodeBlocks

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"Move Media Player" = Move Media Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 11/19/2012 2:11:14 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Vuze\Azureus64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:11:14 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\program files\Vuze\AzureusUpdater.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:11:15 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"

of attribute "version" in element "assemblyIdentity" is invalid.

Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzdui40.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpznui40.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzpnp40.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzprl40.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzscr40.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:12:09 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Users\Lowery\AppData\Local\temp\HP\oj4500vg510a-f_basic_13_en\setup\hpzshl40.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 11/19/2012 2:12:11 AM | Computer Name = Lowery-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot

- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"

in element "assemblyIdentity" is invalid.

[ Media Center Events ]

Error - 12/31/2009 7:21:18 AM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0

Description = 6:21:15 AM - Error connecting to the internet. 6:21:16 AM - Unable

to contact server..

Error - 12/31/2009 7:21:39 AM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0

Description = 6:21:33 AM - Error connecting to the internet. 6:21:33 AM - Unable

to contact server..

Error - 3/22/2010 5:42:45 AM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0

Description = 5:42:45 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status

404: The requested URL does not exist on the server. )

Error - 3/29/2010 5:34:40 PM | Computer Name = Lowery-PC | Source = MCUpdate | ID = 0

Description = 5:34:36 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP

status 404: The requested URL does not exist on the server. )

[ OSession Events ]

Error - 7/9/2012 2:16:58 AM | Computer Name = Lowery-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 206007

seconds with 2040 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 11/19/2012 8:42:53 AM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016

Description =

Error - 11/19/2012 8:45:17 AM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/19/2012 8:59:04 AM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/19/2012 9:06:40 AM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/19/2012 11:06:29 AM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016

Description =

Error - 11/19/2012 6:20:29 PM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016

Description =

Error - 11/19/2012 6:28:58 PM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/19/2012 6:36:30 PM | Computer Name = Lowery-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 11/19/2012 6:45:11 PM | Computer Name = Lowery-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 5:43:24 PM on ?11/?19/?2012 was unexpected.

Error - 11/19/2012 6:46:17 PM | Computer Name = Lowery-PC | Source = DCOM | ID = 10016

Description =

< End of report >

Link to post
Share on other sites

Good afternoon ohkeykey,

What from Virus total would you like i post? Under additional information or just the main analysis?

Just the main analysis please.

I see you have the AVG Security Toolbar installed. It has been known to exhibit suspicious behaviour (please see here for more information).

You also have Conduit installed. Not only has this program been known to exhibit suspicious behaviour but it also is known to facilitate other infections. I strongly recommend uninstalling it.

Please go to Start>Control Panel>Programs>Programs and Features and uninstall the following programs (if present):

  • AVG Security Toolbar
  • Conduit

Please restart your computer after these program removals.

=====

Do you recognise this Add-on:

siauenfbuf@siauenfbuf.org

=====

Next, please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1375325476
    IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmood...E&cr=1375325476
    FF - prefs.js..browser.search.defaultenginename: "Funmoods"
    [2011/04/05 17:20:20 | 000,000,000 | ---D | M] (BFlix Toolbar) -- C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}
    [2012/11/16 13:57:54 | 000,002,333 | ---- | M] () -- C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\Funmoods.xml
    CHR - homepage: http://searchfunmood...E&cr=1375325476
    CHR - homepage: http://searchfunmood...E&cr=1375325476
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2012/11/16 13:57:51 | 000,290,500 | ---- | C] () -- C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx
    [2011/12/10 21:09:20 | 000,001,502 | -HS- | C] () -- C:\Users\Lowery\AppData\Local\376471n7h240o515g153v6qxo4j0
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Finally, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please provide the contents of the following logs:

  • OTL fix log.
  • AdwCleaner[R1].txt.

How is your computer running now?

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.

Prefs.js: "Funmoods" removed from browser.search.defaultenginename

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\components folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\searchbar folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\options folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\panels folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton\icons folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\weatherbutton folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\uwa folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio\images folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio\css folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\radio folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\images folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\scripts folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\images folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default\css folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\default folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels\css folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\panels folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib\debugbar folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin\lib folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\skin folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\weather folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\search folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\rss folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data\dynamicElements folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\data folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\widgets folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\newtab\images folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\newtab folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\modules folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content\lib folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome\content folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa}\chrome folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\Firefox\Profiles\z0r8fxep.default\extensions\{a6bf16ab-42a1-4bc5-965d-5e407e449aaa} folder moved successfully.

C:\Users\Lowery\AppData\Roaming\mozilla\firefox\profiles\z0r8fxep.default\searchplugins\Funmoods.xml moved successfully.

Use Chrome's Settings page to change the HomePage.

Use Chrome's Settings page to change the HomePage.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

C:\Users\Lowery\AppData\Local\funmoods-speeddial_sf.crx moved successfully.

C:\Users\Lowery\AppData\Local\376471n7h240o515g153v6qxo4j0 moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Lowery

->Temp folder emptied: 433958 bytes

->Temporary Internet Files folder emptied: 17509871 bytes

->Java cache emptied: 39259 bytes

->FireFox cache emptied: 667708759 bytes

->Google Chrome cache emptied: 67726647 bytes

->Apple Safari cache emptied: 5325824 bytes

->Flash cache emptied: 61507 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 401408 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 67669 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 112613 bytes

Total Files Cleaned = 724.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11212012_181917

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 18:27:12

# Updated 17/11/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Lowery - LOWERY-PC

# Boot Mode : Normal

# Running from : C:\Users\Lowery\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\DAEMON Tools Toolbar

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Folder Found : C:\Users\Lowery\AppData\LocalLow\bflixtoolbar

Folder Found : C:\Users\Lowery\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\bflixtoolbar

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\bflixtoolbar

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\StartSearch

Key Found : HKLM\Software\bflixtoolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Found : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Found : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}

Key Found : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Found : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Found : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Found : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\Software\TENCENT

Key Found : HKU\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Key Found : HKU\S-1-5-21-2095337689-4243461785-3996528731-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default

File : C:\Users\Lowery\AppData\Roaming\Mozilla\Firefox\Profiles\z0r8fxep.default\prefs.js

Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Found : user_pref("extensions.funmoods.cntry", "US");

Found : user_pref("extensions.funmoods.cv", "cv5");

Found : user_pref("extensions.funmoods.hdrMd5", "5A170747628D0D8951D52E4437603C69");

Found : user_pref("extensions.funmoods.hrdid", "90E6BA882040A55A");

Found : user_pref("extensions.funmoods.keywordurl", "");

Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2213:57:30");

Found : user_pref("extensions.funmoods.newTab", true);

Found : user_pref("extensions.funmoods.newtab", true);

Found : user_pref("extensions.funmoods.savedVrsnTs", "1");

Found : user_pref("extensions.funmoods.sg", "none");

Found : user_pref("extensions.funmoods.smplGrp", "none");

Found : user_pref("extensions.funmoods.smplgrp", "none");

Found : user_pref("extensions.funmoods.srch", "");

Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2213:57:30");

Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.2213:57:30");

Found : user_pref("extensions.funmoods.xpestat\\xpereportdata", "16-10-2012");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Lowery\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.13] : homepage = "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476",

Found [l.19] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476" ]

Found [l.1549] : homepage = "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476",

Found [l.2052] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzytD0EyC0B0AzzzztBtDyEtD0AyDyD0AtN0D0Tzu0CtAtBtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1375325476" ]

*************************

AdwCleaner[R1].txt - [8693 octets] - [20/11/2012 18:08:43]

AdwCleaner[R2].txt - [7934 octets] - [21/11/2012 18:27:12]

########## EOF - C:\AdwCleaner[R2].txt - [7994 octets] ##########

Link to post
Share on other sites

Good afternoon ohkeykey,

Do you recognise this:

siauenfbuf@siauenfbuf.org

=====

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

=====

Are your icons still hidden?

Link to post
Share on other sites

Good morning ohkeykey,

Please download to the Desktop RogueKiller (by tigzy).

  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

Link to post
Share on other sites

RogueKiller V8.3.1 [Nov 25 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Lowery [Admin rights]

Mode : Scan -- Date : 11/25/2012 20:07:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$5f49f3e84ff29473b84ad972a11e0e6e\@ --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-2095337689-4243461785-3996528731-1001\$5f49f3e84ff29473b84ad972a11e0e6e\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$5f49f3e84ff29473b84ad972a11e0e6e\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-2095337689-4243461785-3996528731-1001\$5f49f3e84ff29473b84ad972a11e0e6e\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$5f49f3e84ff29473b84ad972a11e0e6e\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-2095337689-4243461785-3996528731-1001\$5f49f3e84ff29473b84ad972a11e0e6e\L --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160827AS ATA Device +++++

--- User ---

[MBR] 98c6ca65183cf1683d9e6b6202b0620b

[bSP] b1e2252e08675608a325b5ea79e529e2 : Suspicious NOP-flood MBR Code!

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[6]_S_11252012_02d2007.txt >>

RKreport[1]_S_11182012_02d2355.txt ; RKreport[2]_D_11192012_02d0000.txt ; RKreport[3]_S_11192012_02d0000.txt ; RKreport[4]_S_11192012_02d0005.txt ; RKreport[5]_S_11192012_02d0007.txt ;

RKreport[6]_S_11252012_02d2007.txt

Link to post
Share on other sites

Hello ohkeykey,

Your log shows the presence of ZA, which is most likely the leftovers of the FBI infection you tried to remove.

  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.

=====

Also, please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

In your reply please provide the contents of the following:

  • New RogueKiller log.
  • Both MBAR logs.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.