Jump to content

FBI infection malware


jhart

Recommended Posts

Hello, i have been infected with the FBI virus and cannot start in safe mode, safe mode with networking or in regular mode. I saw a link that was posted here and I took the first step and ran (with a flash drive) the scan. I have the log for (FRST.txt) and Search.txt). Here they are:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2013

Ran by SYSTEM at 16-01-2013 16:52:55

Running from G:\

Windows Vista Home Premium (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.)

HKLM\...\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" [222504 2007-12-24] (CyberLink Corp.)

HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [hpqSRMon] [x]

HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-04-16] (IDT, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [136600 2009-01-09] (Sun Microsystems, Inc.)

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [x]

HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)

HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)

HKLM\...\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [395144 2011-05-17] (Ask)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM\...\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [2015136 2011-05-27] (Affinegy, Inc.)

HKLM\...\Run: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" [82568 2013-01-14] (Microsoft Corporation)

HKLM\...\Run: [iSTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2717816 2012-11-01] (PC Tools)

HKU\daddyboy\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\daddyboy\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\daddyboy\...\Run: [] C:\Users\daddyboy\ocurtajuchwufblqcu.exe [64512 2012-11-06] ()

HKU\daddyboy\...\Run: [lkhbylqrohwzycg] C:\Windows\lkhbylqr.exe [116224 2012-11-07] ()

HKU\daddyboy\...\Run: [Adobe ARM] "C:\Users\daddyboy\AppData\Roaming\ifgxpers.exe" [113904 2012-12-16] (?????????? ??????????)

HKLM\...\RunOnce: [*Restore] C:\Windows\System32\rstrui.exe /runonce [318464 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Lsa: [Notification Packages] scecli DPPWDFLT

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\daddyboy\Start Menu\Programs\Startup\runctf.lnk

ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [73728 2008-02-11] (Andrea Electronics Corporation)

2 AffinegyService; "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe" [562592 2011-05-27] (Affinegy, Inc.)

2 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [580728 2012-10-23] (Threat Expert Ltd.)

3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

2 N360; "C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)

2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe /s [177080 2012-01-16] (Symantec Corporation)

2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)

2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [292248 2008-05-14] ()

2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [116112 2008-05-14] ()

2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()

2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)

2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)

2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [766400 2012-10-08] (Enigma Software Group USA, LLC.)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe [221239 2008-04-16] (IDT, Inc.)

2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)

2 Winmgmt; C:\Users\daddyboy\wgsdgsdgdsgsd.exe [147456 2013-01-14] (Microsoft Corporation)

2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll" /prefetch:1 [x]

==================== Drivers (Whitelisted) ====================

0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)

0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [820856 2012-03-02] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-04] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-04] (Symantec Corporation)

3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()

3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)

1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120315.002\IDSvix86.sys [368248 2011-11-30] (Symantec Corporation)

0 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [35944 2010-10-11] ()

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120315.002\NAVENG.SYS [86136 2012-01-19] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120315.002\NAVEX15.SYS [1576312 2012-01-19] (Symantec Corporation)

3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [62688 2012-10-23] (PC Tools)

0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools)

0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)

1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools)

3 pctplsm; \??\C:\Windows\System32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools)

1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools)

3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16512 2006-11-03] (Primax Electronics Ltd.)

3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [13184 2006-11-03] (Primax Electronics Ltd.)

3 SMSIVZAM5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [32408 2009-05-25] (Smith Micro Inc.)

3 SRTSP; C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360\0502000.00D\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360\0502000.00D\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-10] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)

1 eabfiltr; [x]

3 EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [x]

3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [x]

3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [x]

3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-01-16 16:52 - 2013-01-16 16:52 - 00000000 ____D C:\FRST

2013-01-15 18:47 - 2012-10-23 14:40 - 02280568 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 01690744 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 00769144 ____A C:\Windows\BDTSupport.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 00150648 ____A (PC Tools) C:\Windows\SGDetectionTool.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 00062688 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys

2013-01-15 18:47 - 2012-10-23 13:30 - 00003488 ____A C:\Windows\UDB.zip

2013-01-15 18:47 - 2012-10-23 13:30 - 00000882 ____A C:\Windows\RegSDImport.xml

2013-01-15 18:47 - 2012-10-23 13:30 - 00000879 ____A C:\Windows\RegISSImport.xml

2013-01-15 18:47 - 2012-10-23 13:30 - 00000131 ____A C:\Windows\IDB.zip

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00000000 ____D C:\Program Files\PC Tools

2013-01-15 18:46 - 2012-11-01 12:35 - 00071752 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys

2013-01-15 18:46 - 2012-11-01 12:35 - 00068272 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsm.sys

2013-01-15 18:46 - 2012-11-01 12:35 - 00019464 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys

2013-01-15 18:46 - 2012-10-31 11:21 - 00260760 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys

2013-01-15 18:46 - 2012-10-31 11:21 - 00178584 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys

2013-01-15 18:29 - 2013-01-15 18:48 - 00000000 ____D C:\Program Files\Common Files\PC Tools

2013-01-15 18:29 - 2012-11-01 12:35 - 00202280 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys

2013-01-15 18:29 - 2012-10-22 13:38 - 00368616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys

2013-01-15 18:29 - 2012-10-22 13:38 - 00163288 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys

2013-01-15 18:29 - 2012-02-28 08:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys

2013-01-15 18:29 - 2012-02-28 08:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys

2013-01-15 18:27 - 2013-01-15 18:46 - 00000000 ____D C:\Users\All Users\PC Tools

2013-01-15 18:27 - 2013-01-15 18:46 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\Application Data\TestApp

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\AppData\Roaming\TestApp

2013-01-15 17:37 - 2013-01-15 17:37 - 00002083 ____A C:\Users\daddyboy\Desktop\SpyHunter.lnk

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\sh4ldr

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-01-15 17:36 - 2013-01-15 17:37 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2013-01-15 17:36 - 2013-01-15 17:36 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\ifgxpers.exe

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\ifgxpers.exe

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\MSDOS.SYS

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\IO.SYS

2013-01-14 07:20 - 2013-01-14 07:20 - 00015477 ____A C:\Users\daddyboy\Desktop\hs_err_pid4016.log

2013-01-14 07:13 - 2013-01-16 13:11 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2013-01-14 07:13 - 2013-01-16 13:11 - 95023320 ___AT C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad

2013-01-14 07:13 - 2013-01-14 07:13 - 00147456 ____A (Microsoft Corporation) C:\Users\daddyboy\wgsdgsdgdsgsd.exe

2013-01-14 07:13 - 2013-01-14 07:13 - 00002964 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2013-01-14 07:13 - 2013-01-14 07:13 - 00002964 ____A C:\Users\All Users\Application Data\dsgsdgdsgdsgw.js

2013-01-14 06:51 - 2013-01-14 06:51 - 00015530 ____A C:\Users\daddyboy\Desktop\hs_err_pid1016.log

2013-01-12 14:43 - 2013-01-12 14:43 - 00015686 ____A C:\Users\daddyboy\Desktop\hs_err_pid2252.log

2013-01-12 13:43 - 2013-01-12 13:43 - 00015667 ____A C:\Users\daddyboy\Desktop\hs_err_pid1408.log

2013-01-11 09:00 - 2013-01-11 09:00 - 00015556 ____A C:\Users\daddyboy\Desktop\hs_err_pid444.log

2012-12-24 16:30 - 2012-12-24 16:30 - 00015554 ____A C:\Users\daddyboy\Desktop\hs_err_pid1628.log

2012-12-21 18:46 - 2012-12-22 10:49 - 00000124 ____A C:\report.txt

==================== One Month Modified Files and Folders ========

2013-01-16 13:11 - 2013-01-14 07:13 - 95023320 ___AT C:\Users\All Users\dsgsdgdsgdsgw.pad

2013-01-16 13:11 - 2013-01-14 07:13 - 95023320 ___AT C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad

2013-01-16 13:10 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-16 13:10 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-16 13:10 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-16 13:04 - 2008-12-15 00:27 - 01652783 ____A C:\Windows\WindowsUpdate.log

2013-01-16 12:57 - 2009-11-14 11:26 - 00001356 ____A C:\Users\daddyboy\Local Settings\d3d9caps.dat

2013-01-16 12:57 - 2009-11-14 11:26 - 00001356 ____A C:\Users\daddyboy\Local Settings\Application Data\d3d9caps.dat

2013-01-16 12:57 - 2009-11-14 11:26 - 00001356 ____A C:\Users\daddyboy\AppData\Local\d3d9caps.dat

2013-01-16 08:32 - 2008-01-20 18:47 - 02596922 ____A C:\Windows\PFRO.log

2013-01-15 18:48 - 2013-01-15 18:29 - 00000000 ____D C:\Program Files\Common Files\PC Tools

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00000000 ____D C:\Program Files\PC Tools

2013-01-15 18:46 - 2013-01-15 18:27 - 00000000 ____D C:\Users\All Users\PC Tools

2013-01-15 18:46 - 2013-01-15 18:27 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\Application Data\TestApp

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\AppData\Roaming\TestApp

2013-01-15 17:37 - 2013-01-15 17:37 - 00002083 ____A C:\Users\daddyboy\Desktop\SpyHunter.lnk

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\sh4ldr

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-01-15 17:37 - 2013-01-15 17:36 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2013-01-15 17:36 - 2013-01-15 17:36 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\ifgxpers.exe

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\ifgxpers.exe

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\MSDOS.SYS

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\IO.SYS

2013-01-14 07:20 - 2013-01-14 07:20 - 00015477 ____A C:\Users\daddyboy\Desktop\hs_err_pid4016.log

2013-01-14 07:13 - 2013-01-14 07:13 - 00147456 ____A (Microsoft Corporation) C:\Users\daddyboy\wgsdgsdgdsgsd.exe

2013-01-14 07:13 - 2013-01-14 07:13 - 00002964 ____A C:\Users\All Users\dsgsdgdsgdsgw.js

2013-01-14 07:13 - 2013-01-14 07:13 - 00002964 ____A C:\Users\All Users\Application Data\dsgsdgdsgdsgw.js

2013-01-14 07:13 - 2008-12-29 17:12 - 00000000 ____D C:\users\daddyboy

2013-01-14 06:51 - 2013-01-14 06:51 - 00015530 ____A C:\Users\daddyboy\Desktop\hs_err_pid1016.log

2013-01-12 14:43 - 2013-01-12 14:43 - 00015686 ____A C:\Users\daddyboy\Desktop\hs_err_pid2252.log

2013-01-12 13:43 - 2013-01-12 13:43 - 00015667 ____A C:\Users\daddyboy\Desktop\hs_err_pid1408.log

2013-01-11 09:00 - 2013-01-11 09:00 - 00015556 ____A C:\Users\daddyboy\Desktop\hs_err_pid444.log

2012-12-25 18:17 - 2006-11-02 04:52 - 00074225 ____A C:\Windows\setupact.log

2012-12-24 16:40 - 2011-11-05 17:06 - 204065712 ____A C:\Windows\MEMORY.DMP

2012-12-24 16:40 - 2011-11-05 17:06 - 00000000 ____D C:\Windows\Minidump

2012-12-24 16:30 - 2012-12-24 16:30 - 00015554 ____A C:\Users\daddyboy\Desktop\hs_err_pid1628.log

2012-12-22 10:52 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-22 10:49 - 2012-12-21 18:46 - 00000124 ____A C:\report.txt

2012-12-21 20:43 - 2008-12-30 19:27 - 00000000 ____D C:\Users\daddyboy\My Documents\Youcam

2012-12-21 20:43 - 2008-12-30 19:27 - 00000000 ____D C:\Users\daddyboy\Documents\Youcam

2012-12-21 20:43 - 2008-04-10 02:26 - 00000000 ____D C:\Windows\SMINST

2012-12-21 20:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-03-14 23:01:45

Restore point made on: 2012-03-16 15:37:48

Restore point made on: 2012-04-07 23:01:09

Restore point made on: 2012-04-11 15:31:13

Restore point made on: 2012-05-11 16:40:43

Restore point made on: 2012-05-31 14:35:55

Restore point made on: 2012-06-05 16:45:11

Restore point made on: 2012-06-14 16:20:16

Restore point made on: 2012-06-18 15:41:40

Restore point made on: 2012-06-18 15:42:54

Restore point made on: 2012-06-24 08:40:34

Restore point made on: 2012-07-08 18:24:46

Restore point made on: 2012-07-20 08:26:37

Restore point made on: 2012-09-09 09:55:45

Restore point made on: 2012-09-24 07:00:34

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 2813.22 MB

Available physical RAM: 2310.2 MB

Total Pagefile: 2558.51 MB

Available Pagefile: 2373.46 MB

Total Virtual: 2047.88 MB

Available Virtual: 1975.51 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:222.84 GB) (Free:127.56 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (HP_RECOVERY) (Fixed) (Total:10.04 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: () (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 233 GB 2232 KB

Disk 1 No Media 0 B 0 B

Disk 2 Online 7634 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 223 GB 32 KB

Partition 2 Primary 10 GB 223 GB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 223 GB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D HP_RECOVERY NTFS Partition 10 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7633 MB 16 KB

=========================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-01-15 18:34

=

Farbar Recovery Scan Tool (x86) Version: 15-01-2013

Ran by SYSTEM at 2013-01-16 16:54:22

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009-09-25 15:40] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe

[2009-09-25 15:40] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

can you help me from here? I am not as computer literate as I should be.

thanks!

Link to post
Share on other sites

  • Staff

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


Startup: C:\Users\daddyboy\Start Menu\Programs\Startup\runctf.lnk
ShortcutTarget: runctf.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation)
C:\Users\All Users\dsgsdgdsgdsgw.pad
C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad
C:\Users\daddyboy\wgsdgsdgdsgsd.exe
C:\Users\All Users\dsgsdgdsgdsgw.js
C:\Users\All Users\Application Data\dsgsdgdsgdsgw.js
C:\Windows\Tasks\SA.DAT

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

Link to post
Share on other sites

Hello, here is the fixlog.txt:

Ran by SYSTEM at 2013-01-16 19:02:31 Run:1

Running from G:\

==============================================

C:\Users\daddyboy\Start Menu\Programs\Startup\runctf.lnk moved successfully.

C:\Windows\System32\rundll32.exe moved successfully.

C:\Users\All Users\dsgsdgdsgdsgw.pad moved successfully.

C:\Users\All Users\Application Data\dsgsdgdsgdsgw.pad not found.

C:\Users\daddyboy\wgsdgsdgdsgsd.exe moved successfully.

C:\Users\All Users\dsgsdgdsgdsgw.js moved successfully.

C:\Users\All Users\Application Data\dsgsdgdsgdsgw.js not found.

C:\Windows\Tasks\SA.DAT moved successfully.

==== End of Fixlog ====

i rebooted to normal mode and it came up normally then went to a white screen. a message about the catalyst control center stopped working, ten the FBI warning appeared again.it is mot the same version as i had earlier...thi one is only for $200 the previous one was $300.

Link to post
Share on other sites

here is the search.txt

Ran by SYSTEM at 2013-01-16 19:28:21

Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009-09-25 15:40] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2008-01-20 18:24] - [2008-01-20 18:24] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\services.exe

[2009-09-25 15:40] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

=== End Of Search ===

also the FRSTRan by SYSTEM at 16-01-2013 19:26:10

Running from G:\

Windows Vista Home Premium (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-17] (Synaptics, Inc.)

HKLM\...\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" [222504 2007-12-24] (CyberLink Corp.)

HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [hpqSRMon] [x]

HKLM\...\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-04-16] (IDT, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [136600 2009-01-09] (Sun Microsystems, Inc.)

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [x]

HKLM\...\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)

HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)

HKLM\...\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [] [x]

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [395144 2011-05-17] (Ask)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM\...\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [2015136 2011-05-27] (Affinegy, Inc.)

HKLM\...\Run: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" [82568 2013-01-14] (Microsoft Corporation)

HKLM\...\Run: [iSTray] "C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI [2717816 2012-11-01] (PC Tools)

HKU\daddyboy\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\daddyboy\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\daddyboy\...\Run: [] C:\Users\daddyboy\ocurtajuchwufblqcu.exe [64512 2012-11-06] ()

HKU\daddyboy\...\Run: [lkhbylqrohwzycg] C:\Windows\lkhbylqr.exe [116224 2012-11-07] ()

HKU\daddyboy\...\Run: [Adobe ARM] "C:\Users\daddyboy\AppData\Roaming\ifgxpers.exe" [113904 2012-12-16] (?????????? ??????????)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Lsa: [Notification Packages] scecli DPPWDFLT

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ===================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [73728 2008-02-11] (Andrea Electronics Corporation)

2 AffinegyService; "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe" [562592 2011-05-27] (Affinegy, Inc.)

2 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [580728 2012-10-23] (Threat Expert Ltd.)

3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

2 N360; "C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)

2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe /s [177080 2012-01-16] (Symantec Corporation)

2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)

2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [292248 2008-05-14] ()

2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [116112 2008-05-14] ()

2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()

2 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)

2 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)

2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [766400 2012-10-08] (Enigma Software Group USA, LLC.)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe [221239 2008-04-16] (IDT, Inc.)

2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)

2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

2 Norton Internet Security; "C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll" /prefetch:1 [x]

2 Winmgmt; C:\Users\daddyboy\wgsdgsdgdsgsd.exe [x]

==================== Drivers (Whitelisted) ====================

0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [170000 2008-04-14] (AMD Technologies Inc.)

0 Amddfltr; C:\Windows\System32\DRIVERS\Amddfltr.sys [15416 2008-01-07] (Advanced Micro Devices)

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx86.sys [820856 2012-03-02] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-04] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-04] (Symantec Corporation)

3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()

3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)

1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120315.002\IDSvix86.sys [368248 2011-11-30] (Symantec Corporation)

0 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [35944 2010-10-11] ()

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120315.002\NAVENG.SYS [86136 2012-01-19] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120315.002\NAVEX15.SYS [1576312 2012-01-19] (Symantec Corporation)

3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [62688 2012-10-23] (PC Tools)

0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools)

0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)

1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools)

3 pctplsm; \??\C:\Windows\System32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools)

1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools)

3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16512 2006-11-03] (Primax Electronics Ltd.)

3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [13184 2006-11-03] (Primax Electronics Ltd.)

3 SMSIVZAM5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [32408 2009-05-25] (Smith Micro Inc.)

3 SRTSP; C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360\0502000.00D\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360\0502000.00D\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-10] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS [331384 2011-04-20] (Symantec Corporation)

1 eabfiltr; [x]

3 EraserUtilDrv10741; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [x]

3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [x]

3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [x]

3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-01-16 16:52 - 2013-01-16 16:52 - 00000000 ____D C:\FRST

2013-01-16 16:06 - 2013-01-16 16:06 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-15 18:47 - 2012-10-23 14:40 - 02280568 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 01690744 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 00769144 ____A C:\Windows\BDTSupport.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 00150648 ____A (PC Tools) C:\Windows\SGDetectionTool.dll

2013-01-15 18:47 - 2012-10-23 14:40 - 00062688 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys

2013-01-15 18:47 - 2012-10-23 13:30 - 00003488 ____A C:\Windows\UDB.zip

2013-01-15 18:47 - 2012-10-23 13:30 - 00000882 ____A C:\Windows\RegSDImport.xml

2013-01-15 18:47 - 2012-10-23 13:30 - 00000879 ____A C:\Windows\RegISSImport.xml

2013-01-15 18:47 - 2012-10-23 13:30 - 00000131 ____A C:\Windows\IDB.zip

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00000000 ____D C:\Program Files\PC Tools

2013-01-15 18:46 - 2012-11-01 12:35 - 00071752 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys

2013-01-15 18:46 - 2012-11-01 12:35 - 00068272 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsm.sys

2013-01-15 18:46 - 2012-11-01 12:35 - 00019464 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys

2013-01-15 18:46 - 2012-10-31 11:21 - 00260760 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys

2013-01-15 18:46 - 2012-10-31 11:21 - 00178584 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys

2013-01-15 18:29 - 2013-01-15 18:48 - 00000000 ____D C:\Program Files\Common Files\PC Tools

2013-01-15 18:29 - 2012-11-01 12:35 - 00202280 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys

2013-01-15 18:29 - 2012-10-22 13:38 - 00368616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys

2013-01-15 18:29 - 2012-10-22 13:38 - 00163288 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys

2013-01-15 18:29 - 2012-02-28 08:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys

2013-01-15 18:29 - 2012-02-28 08:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys

2013-01-15 18:27 - 2013-01-15 18:46 - 00000000 ____D C:\Users\All Users\PC Tools

2013-01-15 18:27 - 2013-01-15 18:46 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\Application Data\TestApp

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\AppData\Roaming\TestApp

2013-01-15 17:37 - 2013-01-15 17:37 - 00002083 ____A C:\Users\daddyboy\Desktop\SpyHunter.lnk

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\sh4ldr

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-01-15 17:36 - 2013-01-15 17:37 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2013-01-15 17:36 - 2013-01-15 17:36 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\ifgxpers.exe

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\ifgxpers.exe

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\MSDOS.SYS

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\IO.SYS

2013-01-14 07:20 - 2013-01-14 07:20 - 00015477 ____A C:\Users\daddyboy\Desktop\hs_err_pid4016.log

2013-01-14 06:51 - 2013-01-14 06:51 - 00015530 ____A C:\Users\daddyboy\Desktop\hs_err_pid1016.log

2013-01-12 14:43 - 2013-01-12 14:43 - 00015686 ____A C:\Users\daddyboy\Desktop\hs_err_pid2252.log

2013-01-12 13:43 - 2013-01-12 13:43 - 00015667 ____A C:\Users\daddyboy\Desktop\hs_err_pid1408.log

2013-01-11 09:00 - 2013-01-11 09:00 - 00015556 ____A C:\Users\daddyboy\Desktop\hs_err_pid444.log

2012-12-24 16:30 - 2012-12-24 16:30 - 00015554 ____A C:\Users\daddyboy\Desktop\hs_err_pid1628.log

2012-12-21 18:46 - 2012-12-22 10:49 - 00000124 ____A C:\report.txt

==================== One Month Modified Files and Folders ========

2013-01-16 19:02 - 2008-12-29 17:12 - 00000000 ____D C:\users\daddyboy

2013-01-16 16:52 - 2013-01-16 16:52 - 00000000 ____D C:\FRST

2013-01-16 16:06 - 2013-01-16 16:06 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-01-16 16:06 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-01-16 16:06 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-01-16 13:04 - 2008-12-15 00:27 - 01652783 ____A C:\Windows\WindowsUpdate.log

2013-01-16 12:57 - 2009-11-14 11:26 - 00001356 ____A C:\Users\daddyboy\Local Settings\d3d9caps.dat

2013-01-16 12:57 - 2009-11-14 11:26 - 00001356 ____A C:\Users\daddyboy\Local Settings\Application Data\d3d9caps.dat

2013-01-16 12:57 - 2009-11-14 11:26 - 00001356 ____A C:\Users\daddyboy\AppData\Local\d3d9caps.dat

2013-01-16 08:32 - 2008-01-20 18:47 - 02596922 ____A C:\Windows\PFRO.log

2013-01-15 18:48 - 2013-01-15 18:29 - 00000000 ____D C:\Program Files\Common Files\PC Tools

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00001979 ____A C:\Users\All Users\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

2013-01-15 18:46 - 2013-01-15 18:46 - 00000000 ____D C:\Program Files\PC Tools

2013-01-15 18:46 - 2013-01-15 18:27 - 00000000 ____D C:\Users\All Users\PC Tools

2013-01-15 18:46 - 2013-01-15 18:27 - 00000000 ____D C:\Users\All Users\Application Data\PC Tools

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\Application Data\TestApp

2013-01-15 18:27 - 2013-01-15 18:27 - 00000000 ____D C:\Users\daddyboy\AppData\Roaming\TestApp

2013-01-15 17:37 - 2013-01-15 17:37 - 00002083 ____A C:\Users\daddyboy\Desktop\SpyHunter.lnk

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\sh4ldr

2013-01-15 17:37 - 2013-01-15 17:37 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-01-15 17:37 - 2013-01-15 17:36 - 00000000 ____D C:\Windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2013-01-15 17:36 - 2013-01-15 17:36 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\ifgxpers.exe

2013-01-14 11:46 - 2013-01-14 11:46 - 00082568 ____A (Microsoft Corporation) C:\Users\All Users\Application Data\ifgxpers.exe

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\MSDOS.SYS

2013-01-14 08:05 - 2013-01-14 08:05 - 00000000 _RASH C:\IO.SYS

2013-01-14 07:20 - 2013-01-14 07:20 - 00015477 ____A C:\Users\daddyboy\Desktop\hs_err_pid4016.log

2013-01-14 06:51 - 2013-01-14 06:51 - 00015530 ____A C:\Users\daddyboy\Desktop\hs_err_pid1016.log

2013-01-12 14:43 - 2013-01-12 14:43 - 00015686 ____A C:\Users\daddyboy\Desktop\hs_err_pid2252.log

2013-01-12 13:43 - 2013-01-12 13:43 - 00015667 ____A C:\Users\daddyboy\Desktop\hs_err_pid1408.log

2013-01-11 09:00 - 2013-01-11 09:00 - 00015556 ____A C:\Users\daddyboy\Desktop\hs_err_pid444.log

2012-12-25 18:17 - 2006-11-02 04:52 - 00074225 ____A C:\Windows\setupact.log

2012-12-24 16:40 - 2011-11-05 17:06 - 204065712 ____A C:\Windows\MEMORY.DMP

2012-12-24 16:40 - 2011-11-05 17:06 - 00000000 ____D C:\Windows\Minidump

2012-12-24 16:30 - 2012-12-24 16:30 - 00015554 ____A C:\Users\daddyboy\Desktop\hs_err_pid1628.log

2012-12-22 10:52 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI

2012-12-22 10:49 - 2012-12-21 18:46 - 00000124 ____A C:\report.txt

2012-12-21 20:43 - 2008-12-30 19:27 - 00000000 ____D C:\Users\daddyboy\My Documents\Youcam

2012-12-21 20:43 - 2008-12-30 19:27 - 00000000 ____D C:\Users\daddyboy\Documents\Youcam

2012-12-21 20:43 - 2008-04-10 02:26 - 00000000 ____D C:\Windows\SMINST

2012-12-21 20:43 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-03-14 23:01:45

Restore point made on: 2012-03-16 15:37:48

Restore point made on: 2012-04-07 23:01:09

Restore point made on: 2012-04-11 15:31:13

Restore point made on: 2012-05-11 16:40:43

Restore point made on: 2012-05-31 14:35:55

Restore point made on: 2012-06-05 16:45:11

Restore point made on: 2012-06-14 16:20:16

Restore point made on: 2012-06-18 15:41:40

Restore point made on: 2012-06-18 15:42:54

Restore point made on: 2012-06-24 08:40:34

Restore point made on: 2012-07-08 18:24:46

Restore point made on: 2012-07-20 08:26:37

Restore point made on: 2012-09-09 09:55:45

Restore point made on: 2012-09-24 07:00:34

==================== Memory info ===========================

Percentage of memory in use: 17%

Total physical RAM: 2813.22 MB

Available physical RAM: 2313.21 MB

Total Pagefile: 2558.51 MB

Available Pagefile: 2375.82 MB

Total Virtual: 2047.88 MB

Available Virtual: 1982.13 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:222.84 GB) (Free:124.54 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (HP_RECOVERY) (Fixed) (Total:10.04 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive g: () (Removable) (Total:7.45 GB) (Free:7.39 GB) FAT32

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 233 GB 2232 KB

Disk 1 No Media 0 B 0 B

Disk 2 Online 7634 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 223 GB 32 KB

Partition 2 Primary 10 GB 223 GB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 223 GB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D HP_RECOVERY NTFS Partition 10 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7633 MB 16 KB

=========================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2013-01-16 16:14

Link to post
Share on other sites

  • Staff

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


HKU\daddyboy\...\Run: [Adobe ARM] "C:\Users\daddyboy\AppData\Roaming\ifgxpers.exe" [113904 2012-12-16] (?????????? ??????????)
HKU\daddyboy\...\Run: [] C:\Users\daddyboy\ocurtajuchwufblqcu.exe [64512 2012-11-06] ()
HKU\daddyboy\...\Run: [lkhbylqrohwzycg] C:\Windows\lkhbylqr.exe [116224 2012-11-07] ()
2 Winmgmt; C:\Users\daddyboy\wgsdgsdgdsgsd.exe [x]
C:\Users\All Users\ifgxpers.exe
C:\Users\All Users\Application Data\ifgxpers.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

Link to post
Share on other sites

Ok, here we go...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2013

Ran by SYSTEM at 2013-01-16 21:03:18 Run:2

Running from G:\

==============================================

HKEY_USERS\daddyboy\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM Value deleted successfully.

HKEY_USERS\daddyboy\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

HKEY_USERS\daddyboy\Software\Microsoft\Windows\CurrentVersion\Run\\lkhbylqrohwzycg Value deleted successfully.

Winmgmt service deleted successfully.

C:\Users\All Users\ifgxpers.exe moved successfully.

C:\Users\All Users\Application Data\ifgxpers.exe not found.

==== End of Fixlog ====

started normally, message for "catalyst control centre :host application has stoppped working". it scans then a final msg says it has stopped working correctly, Windows will close the program and notify me if a solution is available. i used to get this msg prior to having the FBI virus, I would still be able to get on the web dispite this. Thanks,

Link to post
Share on other sites

this was my last message..

Ok, here we go...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2013

Ran by SYSTEM at 2013-01-16 21:03:18 Run:2

Running from G:\

==============================================

HKEY_USERS\daddyboy\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM Value deleted successfully.

HKEY_USERS\daddyboy\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.

HKEY_USERS\daddyboy\Software\Microsoft\Windows\CurrentVersion\Run\\lkhbylqrohwzycg Value deleted successfully.

Winmgmt service deleted successfully.

C:\Users\All Users\ifgxpers.exe moved successfully.

C:\Users\All Users\Application Data\ifgxpers.exe not found.

==== End of Fixlog ====

started normally, message for "catalyst control centre :host application has stoppped working". it scans then a final msg says it has stopped working correctly, Windows will close the program and notify me if a solution is available. i used to get this msg prior to having the FBI virus, I would still be able to get on the web dispite this. as it stands I am on the homepage with my icons, should I try to gain access to the web?

Link to post
Share on other sites

  • Staff

Hello

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Hello gringo, hee is the contents of the text file after running AdwCleanr:

# AdwCleaner v2.105 - Logfile created 01/17/2013 at 12:15:49

# Updated 08/01/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : daddyboy - DADDYBOY-PC

# Boot Mode : Normal

# Running from : C:\Users\daddyboy\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\searchplugins\Askcom.xml

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\FunWebProducts

Folder Deleted : C:\Program Files\MyWebSearch

Folder Deleted : C:\Program Files\Produtools_Manuals_2.1

Folder Deleted : C:\Program Files\Viewpoint

Folder Deleted : C:\ProgramData\Viewpoint

Folder Deleted : C:\Users\daddyboy\AppData\Local\Conduit

Folder Deleted : C:\Users\daddyboy\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\daddyboy\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\daddyboy\AppData\LocalLow\FunWebProducts

Folder Deleted : C:\Users\daddyboy\AppData\LocalLow\MyWebSearch

Folder Deleted : C:\Users\daddyboy\AppData\LocalLow\Produtools_Manuals_2.1

Folder Deleted : C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\extensions\toolbar@ask.com

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products

Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts

Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch

Key Deleted : HKCU\Software\AppDataLow\Software\Produtools_Manuals_2.1

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\MyWebSearch

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3209604

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\FocusInteractive

Key Deleted : HKLM\Software\Fun Web Products

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0F723053-C096-459F-BA85-B6360A1A5068}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D8134C-7E50-409A-B333-4F829DE3FE28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{43AF84A8-BAEA-4A72-9698-7C4CB7082D92}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Manuals_2.1 Toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\MyWebSearch

Key Deleted : HKLM\Software\Produtools_Manuals_2.1

Key Deleted : HKLM\Software\Viewpoint

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16447

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.10 (en-US)

File : C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\prefs.js

Deleted : user_pref("browser.bdtoolbar.orig_keyword_url", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&[...]

Deleted : user_pref("browser.bdtoolbar.orig_searchEngine", "Ask.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Ask.com");

Deleted : user_pref("browser.search.order.1", "Ask.com");

Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");

Deleted : user_pref("extensions.asktb.build", "16749");

Deleted : user_pref("extensions.asktb.cbid", "SV");

Deleted : user_pref("extensions.asktb.crumb", "2011.04.08+12.07.49-toolbar004iad-US-U2NyYW50b24sUEEsVW5pdGVkIF[...]

Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]

Deleted : user_pref("extensions.asktb.dtid", "YYYYYYS6US");

Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "chrome://browser-region/locale/region.propert[...]

Deleted : user_pref("extensions.asktb.guid", "E99C9B98-EDF7-40FC-9053-BB542B6961C2");

Deleted : user_pref("extensions.asktb.if", "su");

Deleted : user_pref("extensions.asktb.l", "dis");

Deleted : user_pref("extensions.asktb.locale", "en_US");

Deleted : user_pref("extensions.asktb.location", "Scranton,PA,United States");

Deleted : user_pref("extensions.asktb.o", "13959");

Deleted : user_pref("extensions.asktb.qsrc", "2871");

Deleted : user_pref("extensions.asktb.sa", "YES");

Deleted : user_pref("extensions.asktb.saguid", "F3EF40A4-1BE7-42A2-9421-0B8EE844E718");

Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);

Deleted : user_pref("extensions.asktb.silent-upgrade", true);

Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);

Deleted : user_pref("extensions.asktb.themeid", "");

Deleted : user_pref("extensions.asktb.to", "");

Deleted : user_pref("extensions.asktb.version", "5.12.2.16749");

Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=X-SD&o=13959&locale=[...]

*************************

AdwCleaner[s1].txt - [14708 octets] - [17/01/2013 12:15:49]

########## EOF - C:\AdwCleaner[s1].txt - [14769 octets] ##########

Couldn't download the roguekiller....

thanks

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

  • Staff

Hello

Ok lets try this, I want you to run the combofix script in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Now run the script just like we did before

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

  • Staff

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

here is the OTL.txt report:

OTL logfile created on: 1/18/2013 2:49:09 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\daddyboy\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 68.18% Memory free

5.70 Gb Paging File | 4.93 Gb Available in Paging File | 86.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.84 Gb Total Space | 126.11 Gb Free Space | 56.59% Space Free | Partition Type: NTFS

Drive D: | 10.04 Gb Total Space | 1.75 Gb Free Space | 17.41% Space Free | Partition Type: NTFS

Drive F: | 7.45 Gb Total Space | 7.38 Gb Free Space | 99.11% Space Free | Partition Type: FAT32

Computer Name: DADDYBOY-PC | User Name: daddyboy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\daddyboy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)

PRC - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccsvchst.exe (Symantec Corporation)

PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe (Symantec Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe (IDT, Inc.)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)

PRC - C:\Windows\SMINST\BLService.exe ()

PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe (Andrea Electronics Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()

MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()

MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()

MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()

MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()

MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()

MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

========== Services (SafeList) ==========

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll /prefetch:1 File not found

SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)

SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)

SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)

SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe (Symantec Corporation)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)

SRV - (N360) -- C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe (Symantec Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe (Symantec Corporation)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\stacsv.exe (IDT, Inc.)

SRV - (vfsFPService) -- C:\Windows\System32\vfsFPService.exe (Validity Sensors, Inc.)

SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe ()

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (PTDUWWAN) -- system32\DRIVERS\PTDUWWAN.sys File not found

DRV - (PTDUVsp) -- system32\DRIVERS\PTDUVsp.sys File not found

DRV - (PTDUMdm) -- system32\DRIVERS\PTDUMdm.sys File not found

DRV - (PTDUBus) -- system32\DRIVERS\PTDUBus.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (iteatapi) -- File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (EraserUtilDrv10741) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys File not found

DRV - (catchme) -- C:\Users\daddyboy\AppData\Local\Temp\catchme.sys File not found

DRV - (pctplsm) -- C:\Windows\System32\drivers\pctplsm.sys (PC Tools)

DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)

DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)

DRV - (PCTBD) -- C:\Windows\System32\drivers\PCTBD.sys (PC Tools)

DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)

DRV - (EsgScanner) -- C:\Windows\System32\drivers\EsgScanner.sys ()

DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120302.001\BHDrvx86.sys (Symantec Corporation)

DRV - (pctDS) -- C:\Windows\System32\drivers\pctDS.sys (PC Tools)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120315.002\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\VirusDefs\20120315.002\NAVENG.SYS (Symantec Corporation)

DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120315.002\IDSvix86.sys (Symantec Corporation)

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (SYMTDIv) -- C:\Windows\System32\drivers\N360\0502000.00D\symtdiv.sys (Symantec Corporation)

DRV - (SRTSP) -- C:\Windows\System32\drivers\N360\0502000.00D\srtsp.sys (Symantec Corporation)

DRV - (SRTSPX) -- C:\Windows\System32\drivers\N360\0502000.00D\srtspx.sys (Symantec Corporation)

DRV - (SymEFA) -- C:\Windows\System32\drivers\N360\0502000.00D\symefa.sys (Symantec Corporation)

DRV - (SymDS) -- C:\Windows\System32\drivers\N360\0502000.00D\symds.sys (Symantec Corporation)

DRV - (SymIRON) -- C:\Windows\System32\drivers\N360\0502000.00D\ironx86.sys (Symantec Corporation)

DRV - (SMSIVZAM5) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys (Smith Micro Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)

DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)

DRV - (vfs101x) -- C:\Windows\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)

DRV - (Amddfltr) -- C:\Windows\System32\drivers\Amddfltr.sys (Advanced Micro Devices)

DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)

DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)

DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBlf.SYS (Primax Electronics Ltd.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0E6A666A-D1F0-42A3-B9C0-24F2F6863063}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\..\SearchScopes\{0E6A666A-D1F0-42A3-B9C0-24F2F6863063}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\..\SearchScopes\{0E6A666A-D1F0-42A3-B9C0-24F2F6863063}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-18\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=txtlnkusaolp00000051&xicid=acm50mtmhpgreetingrule1/

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes,DefaultScope = {0E6A666A-D1F0-42A3-B9C0-24F2F6863063}

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes\{0E6A666A-D1F0-42A3-B9C0-24F2F6863063}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes\{5F7A5895-F445-4B63-8445-E9B634FE1187}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3209604

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search Defender"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790

FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:4.0.0.1884

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/09/12 01:08:12 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/05 17:30:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2011/04/16 15:14:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPlgn\ [2012/04/08 03:07:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\coFFPlgn_2011_7_6_3 [2012/04/08 03:07:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013/01/15 21:47:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/03 19:19:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/03 19:19:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/01/05 17:30:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2011/04/16 15:14:26 | 000,000,000 | ---D | M]

[2010/10/15 21:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daddyboy\AppData\Roaming\Mozilla\Extensions

[2013/01/17 20:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\extensions

[2010/10/16 10:25:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/07/03 20:05:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2013/01/17 21:31:09 | 000,000,743 | ---- | M] () -- C:\Users\daddyboy\AppData\Roaming\Mozilla\Firefox\Profiles\hlqce426.default\searchplugins\search-defender.xml

[2010/10/15 21:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/04/16 15:14:26 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES\DIGITALPERSONA\BIN\FIREFOXEXT

[2013/01/15 21:47:30 | 000,000,000 | ---D | M] (Browser Guard Toolbar) -- C:\PROGRAM FILES\PC TOOLS\PC TOOLS SECURITY\BDT\FIREFOX

[2012/04/08 03:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\COFFPLGN_2011_7_6_3

[2012/04/08 03:07:27 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\IPSFFPLGN

[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O3 - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" File not found

O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpqSRMon] File not found

O4 - HKLM..\Run: [instaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found

O4 - HKLM..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB1CCCE7-F653-420B-A7AC-EF7814E54453}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\daddyboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\daddyboy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/05/22 21:20:45 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - F:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 14:47:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\daddyboy\Desktop\OTL.exe

[2013/01/18 14:45:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/01/18 14:11:27 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/01/17 21:11:21 | 000,000,000 | -HSD | C] -- C:\found.000

[2013/01/17 18:45:26 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/01/17 13:37:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/01/17 13:37:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/01/17 13:37:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/01/17 13:36:57 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/01/17 13:36:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/01/17 13:35:43 | 005,024,203 | R--- | C] (Swearware) -- C:\Users\daddyboy\Desktop\ComboFix.exe

[2013/01/16 21:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2013/01/16 19:52:46 | 000,000,000 | ---D | C] -- C:\FRST

[2013/01/15 21:47:29 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll

[2013/01/15 21:47:29 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll

[2013/01/15 21:47:29 | 000,150,648 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll

[2013/01/15 21:47:29 | 000,062,688 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys

[2013/01/15 21:46:44 | 000,260,760 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys

[2013/01/15 21:46:44 | 000,178,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys

[2013/01/15 21:46:41 | 000,019,464 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys

[2013/01/15 21:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security

[2013/01/15 21:46:36 | 000,071,752 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys

[2013/01/15 21:46:36 | 000,068,272 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsm.sys

[2013/01/15 21:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools

[2013/01/15 21:29:26 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys

[2013/01/15 21:29:26 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys

[2013/01/15 21:29:23 | 000,368,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys

[2013/01/15 21:29:23 | 000,163,288 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys

[2013/01/15 21:29:20 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys

[2013/01/15 21:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2013/01/15 21:27:07 | 000,000,000 | ---D | C] -- C:\Users\daddyboy\AppData\Roaming\TestApp

[2013/01/15 21:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2013/01/15 20:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2013/01/15 20:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2012/11/03 15:45:50 | 000,176,640 | ---- | C] (ICQ, LLC.) -- C:\Users\daddyboy\zhcqftuhmiztrpjxmauxbxay.exe

[2012/11/03 15:45:48 | 000,143,360 | ---- | C] (ICQ, LLC.) -- C:\Users\daddyboy\nsgjpqgxqwkaddwhheklu.exe

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 14:52:52 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/01/18 14:52:52 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/01/18 14:45:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/18 14:45:43 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/18 14:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/18 14:45:17 | 2950,520,832 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/18 14:34:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\daddyboy\Desktop\OTL.exe

[2013/01/18 12:05:56 | 000,001,356 | ---- | M] () -- C:\Users\daddyboy\AppData\Local\d3d9caps.dat

[2013/01/17 13:33:56 | 005,024,203 | R--- | M] (Swearware) -- C:\Users\daddyboy\Desktop\ComboFix.exe

[2013/01/17 12:12:20 | 000,554,087 | ---- | M] () -- C:\Users\daddyboy\Desktop\adwcleaner.exe

[2013/01/15 21:46:41 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

[2013/01/14 15:49:07 | 000,114,951 | ---- | M] () -- C:\ProgramData\1.jpg

[2013/01/14 11:05:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2013/01/14 11:05:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2012/12/24 19:40:21 | 204,065,712 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 14:45:17 | 2950,520,832 | -HS- | C] () -- C:\hiberfil.sys

[2013/01/17 13:37:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/01/17 13:37:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/01/17 13:37:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/01/17 13:37:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/01/17 13:37:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/01/17 12:15:19 | 000,554,087 | ---- | C] () -- C:\Users\daddyboy\Desktop\adwcleaner.exe

[2013/01/15 21:47:29 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll

[2013/01/15 21:47:29 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip

[2013/01/15 21:47:29 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml

[2013/01/15 21:47:29 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml

[2013/01/15 21:47:29 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip

[2013/01/15 21:46:41 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk

[2013/01/14 14:46:31 | 000,114,951 | ---- | C] () -- C:\ProgramData\1.jpg

[2013/01/14 11:05:03 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2013/01/14 11:05:03 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2012/12/16 16:43:09 | 000,751,078 | ---- | C] () -- C:\Users\daddyboy\AppData\Roaming\1.bmp

[2012/12/16 16:43:05 | 000,018,252 | ---- | C] () -- C:\Users\daddyboy\AppData\Roaming\sound.mp3

[2012/12/16 16:42:58 | 000,114,943 | ---- | C] () -- C:\Users\daddyboy\AppData\Roaming\1.jpg

[2012/11/07 11:22:56 | 000,116,224 | ---- | C] () -- C:\Windows\lkhbylqr.exe

[2012/11/07 11:22:50 | 000,097,632 | ---- | C] () -- C:\ProgramData\vtrcfdauqpujett

[2012/06/22 12:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys

[2012/04/07 21:53:25 | 009,805,396 | ---- | C] () -- C:\Users\daddyboy\AppData\Roaming\SMRBackup250.dat

[2012/04/07 21:44:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\fUqdwocSGdLywE

[2012/04/07 21:38:04 | 000,000,256 | ---- | C] () -- C:\ProgramData\htjRrlUi1uZXtI

[2012/04/07 21:27:44 | 000,000,112 | ---- | C] () -- C:\ProgramData\6pWEc2.dat

[2010/10/09 18:01:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/11/14 14:26:59 | 000,001,356 | ---- | C] () -- C:\Users\daddyboy\AppData\Local\d3d9caps.dat

[2009/01/08 20:53:49 | 000,000,110 | ---- | C] () -- C:\Users\daddyboy\AppData\Roaming\wklnhst.dat

[2009/01/01 18:47:41 | 000,009,728 | ---- | C] () -- C:\Users\daddyboy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

Link to post
Share on other sites

  • Staff

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" File not found
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll File not found
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    IE - HKLM\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKU\.DEFAULT\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKU\S-1-5-18\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-3567917174-4125205696-1388201875-1000\..\SearchScopes\{CD7F680C-9718-4A86-A9BC-FBCFEE7EF20A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    [2012/11/03 15:45:50 | 000,176,640 | ---- | C] (ICQ, LLC.) -- C:\Users\daddyboy\zhcqftuhmiztrpjxmauxbxay.exe
    [2012/11/03 15:45:48 | 000,143,360 | ---- | C] (ICQ, LLC.) -- C:\Users\daddyboy\nsgjpqgxqwkaddwhheklu.exe
    [2012/04/07 21:44:00 | 000,000,256 | ---- | C] () -- C:\ProgramData\fUqdwocSGdLywE
    [2012/04/07 21:38:04 | 000,000,256 | ---- | C] () -- C:\ProgramData\htjRrlUi1uZXtI
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo

Link to post
Share on other sites

a notebook didn't pop up but i see 2 new notepads I'll post them:

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

[LocalizedFileNames]

Norton Internet Security.lnk=@C:\PROGRA~1\NORTON~3\Branding\muis.dll,-102

Norton 360.lnk=@C:\PROGRA~1\NORTON~1\NORTON~1\Branding\muis.dll,-109

HP Help and Support.lnk=@C:\Windows\Help\OEM\scripts\HELPDT~1.DLL,-101

[.ShellClassInfo]

LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769

IconResource=%SystemRoot%\system32\imageres.dll,-183

I ran the custom script twice because I ran it wrong the first time.

Link to post
Share on other sites

The FBI virus has not appeared back yet, when I start up in normal mode I get to the desktop screen and I get the "Catalyst Control Centre : Host Application has stopped working" When I try to get online (Internet explorer) it says " Internet explorer cannot display webpage " I run the diagnose the connection problem, but it says Windows did not find any problems with the networks connection."

I don't know if the virus disabled my ability to get online in normal mode, yet I can get online in safe mode with networking today.

Link to post
Share on other sites

  • Staff

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.

Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware

    [*] then click Finish.

    [*]If an update is found, it will download and install the latest version.

    [*]Once the program has loaded, select Perform quick scan, then click Scan.

    [*]When the scan is complete, click OK, then Show Results to view the results.

    [*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.

    [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

After running the MBAM scan it produced 8 threats which I removed all checked items. As it was removing, it asked to reboot which I did. Didn't see a log for the first scan only after I rebooted it came back with this log:

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.19.01

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

daddyboy :: DADDYBOY-PC [limited]

Protection: Enabled

1/18/2013 10:42:05 PM

mbam-log-2013-01-18 (22-42-05).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 220804

Time elapsed: 8 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here is the Hijack log file:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:12:41 PM, on 1/18/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\DigitalPersona\Bin\DpAgent.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\daddyboy\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\coIEPlg.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [instaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe

O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\5.2.0.13\ccSvcHst.exe

O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (file missing)

O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe

O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\STacSV.exe

O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--

End of file - 11315 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.